AUTOMOBILE OVER-THE-AIR TRANSMISSIONS A GLOBAL PERSPECTIVE Both the UN and NHTSA hone in on the safety of OTA-capable vehicles, stressing the enhancement of cyber security measures to prevent glitches and deter hackers. On the other hand, Chinese regulators prioritize accountability and oversight, creating a paper trail that incentivizes companies to conduct their OTA rollouts ethically...
AUTOMOBILE OVER-THE-AIR TRANSMISSIONS A GLOBAL PERSPECTIVE
Both the UN and NHTSA hone in on the safety of OTA-capable vehicles, stressing the enhancement of cyber security measures to prevent glitches and deter hackers. On the other hand, Chinese regulators prioritize accountability and oversight, creating a paper trail that incentivizes companies to conduct their OTA rollouts ethically and safely
Technological innovation is lifting up almost every aspect of modern life, and it will soon revolutionize the very cars we drive. Working on the same principle as iOS updates for an iPhone, over-the-air (OTA) technology allows car manufacturers to wirelessly transmit information to a vehicle. Many of whom have already incorporated software over-the-air (SOTA) technology in their vehicles to remotely update user interfaces like infotainment and navigation systems, while pioneers like Tesla and Nio have rolled out vehicles equipped with advanced FOTA (firmware over-the-air) features that can directly impact driving by delivering changes to sensors and brakes.
This article will provide a brief overview of the benefits and drawbacks of OTA technology before discussing how global authorities seek to regulate the emerging technology as a whole.
There are numerous benefits of OTA for both automobile manufacturers and consumers. Eliminating visits to dealerships by delivering remote updates would considerably reduce labor costs for manufacturers while saving time for consumers, a win-win for all parties. In addition, companies can regularly improve various features and resolve issues en masse, implementing anything from quality-of-life changes, like updating maps, to safety enhancements like increasing the responsiveness of brakes. Tesla has even improved engine performance via FOTA transmissions, augmenting battery efficiency without requiring owners to visit a dealership.
However, OTA also brings new issues and risks. The first significant problem is that of cybersecurity; Vehicles with OTA capabilities are connected to an entire network of other OTA-capable vehicles through the cloud, meaning that a successful hack can give a perpetrator access to or control over tens of thousands of vehicles.
OTA also opens the door to personal data and privacy concerns. With OTA technology, connected cars would store substantially more personal data inside their systems, such as coordinates, travel history and owner details. In addition, weather information, traffic conditions and other metadata connected cars share with their network could help identify specific car owners, posing additional threats to personal privacy, not least, hackers.
OTA safety concerns also cannot be ignored. Any glitch or error in an update could prove disastrous as its effects are amplified and compounded over an entire network of OTA-capable cars.
To address these potential pitfalls, officials around the world have introduced various rules, regulations and standards to guide OTA development and implementation. In 2020, the United Nations introduced a management system for automobile cyber security while creating a legal framework for OTA updates. Chief among these advancements is the "UN Regulation on Software Updates and Software Updates Management Systems," whose goal is to ensure that manufacturers diligently and effectively tackle any identified weaknesses in security.
These recommendations have seen some success; Japan was among the first to implement them, with implementation in the Republic of Korea slated for later this year. In addition, the European Union has plans to introduce similar regulations between 2022 and 2024.
Despite there being no specific regulations that address automobile cyber security in the US, the National Highway Traffic Safety Administration (NHTSA) recently released an updated version of its "Cyber security Best Practices for the Safety of Modern Vehicles." It shares noticeable similarities with the UN recommendations but goes further in that it explicitly defines OTA and provides two relevant directives: requiring manufacturers to maintain the integrity of OTA updates by updating servers along with transmission mechanisms and to design their security measures with the risks of compromised servers, insider threats, men-in-the-middle attacks, and protocol vulnerabilities in mind. Thus, the update offers a more technical approach with specific guidelines and could have worldwide ramifications as other countries release their own recommendations modeled off the US example.
As regards Chinese regulators, in 2020, the State Administration for Market *Regulation (SAMR) introduced sweeping new regulations targeting OTA based on the Regulation on the Administration of Recall of Defective Auto Products. Like the US and UN, it included several provisions for automobile data security, which were included in a draft provision introduced in May 2021 and awaiting implementation. It advanced five "advocative" principles of data collection, which mandated that the default setting of any vehicle should be the non-collection of data, in-car processing so that the information gathered comes from within the vehicle instead of outside, data anonymization, a maximum retention period for data, and an applicable scope of precision for data gathering.
The main articles, which have already been passed, established a new reporting mechanism whereby Chinese manufacturers who send updates using OTA must notify the SAMR by filing a record. These measures encourage greater transparency and communication between the trifecta of government, manufacturer and consumer, allowing the rollout of OTA to be as safe as possible.
In general, the main difference between Chinese regulations, UN recommendations and NHTSA update is the former's focus on accountability and the latter two's focus on technical regulation. Both the UN and NHTSA hone in on the safety of OTA-capable vehicles, stressing the enhancement of cyber security measures to prevent glitches and deter hackers. On the other hand, Chinese regulators prioritize accountability and oversight, creating a paper trail that incentivizes companies to conduct their OTA rollouts ethically and safely. But perhaps the most glaring difference is the differing degrees of enforcement backing each of the regulations, with Chinese regulations legally binding, while the UN's recommendations are non-binding per se, and NHTSA updates are, alas, only updates and not backed by law.
Nevertheless, all three parties have introduced the necessary building blocks for an effective regulatory approach to OTA technology. As mentioned, the NHTSA updates could spark similar progress around the world and the UN directives could find their way into the legislatures and regulatory agencies of member nations and be turned into law. Even better, each country can take these initiatives and adapt them to their needs and decide on the appropriate enforcement measures.
In the near future, as 5G technology enables larger and more frequent updates, we will be faced with many tough questions about OTA. Therefore, it is important to start discussions now, lest governments be caught in a frantic game of regulatory catch-up.
Disclaimer – The views expressed in this article are the personal views of the authors and are purely informative in nature.