
A fast-tracked rule from the Department of Commerce that would address security risks involving connected vehicles is almost at the finish line. However, the rule no longer covers commercial motor vehicles.
The Bureau of Industry and Security’s final rule is scheduled to be published in the Federal Register on Thursday, Jan. 16. The rule, which is set to take effect 60 days after it is published, prohibits transactions involving technology by China and Russia.
Considering the typically slow pace of government, the connected vehicle rulemaking moved at lightning speed. The agency first issued an advance notice of proposed rulemaking regarding connected vehicles in March 2024. That was quickly followed by a formal proposal in September. Now, only two-and-a-half months after the comment period ended, we have a final rule.
“Cars today aren’t just steel on wheels – they’re computers,” Secretary of Commerce Gina Raimondo said in a news release. “They have cameras, microphones, GPS tracking and other technologies that are connected to the internet. Through this rule, the Commerce Department is taking a necessary step to safeguard U.S. national security and protect Americans’ privacy by keeping foreign adversaries from manipulating these technologies to access sensitive or personal information. This is a targeted approach to ensure we keep People’s Republic of China and Russian-manufactured technologies off American roads and protect our nation’s connected vehicle supply chains.”
Separate rule for commercial vehicles?
The proposal included passenger and commercial vehicles, but the agency determined that “the substantial compliance concerns associated with the complex commercial vehicle sector” require a separate rulemaking.
The Bureau of Industry and Security said that the security risks associated with commercial vehicles “are grave” and that the agency’s decision to exclude them from this rulemaking “in no way implies that these risks are lesser than in the passenger vehicle market.” Instead, the agency believes it must propose a separate regulation tailored to the commercial sector. According to the notice, that regulation will arrive “in the coming months.”
The Owner-Operator Independent Drivers Association, which was supportive of the proposal, criticized the decision to wait before addressing security risks involving heavy-duty trucks and other commercial vehicles.
“A ‘grave’ national security threat from China and Russia should not be put on the back burner,” OOIDA President Todd Spencer said in a statement. “OOIDA is disappointed with the department’s decision to remove heavy trucks from the scope of its rulemaking on connected vehicles. A separate rule for trucks could delay addressing unacceptable and obvious national security risks posed by foreign controlled technologies active on some U.S. commercial trucks today. We question the choice to remove heavy trucks when the department, itself, emphasizes the ‘grave’ national security risks associated with Chinese or Russian technology components in these vehicles. We will work with the Bureau of Industry and Security to ensure the future rule thoroughly responds to the public safety challenges of driverless 80,000-pound trucks.”
Concerns about autonomous trucks, ELDs
In its comments filed this past October, OOIDA told the agency that there needs to be more oversight of autonomous vehicles.
“OOIDA has raised safety and cybersecurity concerns regarding the development of autonomous vehicles as the technology has been deployed in recent years,” the Association wrote. “We believe this Department of Commerce proposal can help implement necessary federal oversight for autonomous vehicle safety and protect private personal and vehicle information.”
In addition, OOIDA asked whether electronic logging devices would be covered under the rule.
Research from Colorado State University showed that ELDs are vulnerable to cyberattacks. Researchers were able to hack a truck’s ELD to gain access to the truck’s accelerator and to infect it with malicious malware.
“The Bureau of Industry and Security should specify whether the rulemaking will apply to ELDs given the intent of the notice of proposed rulemaking to address undue or unacceptable risks to national security and U.S. persons,” OOIDA wrote. LL
Credit: Source link