2016年秋天，美国众议院能源和商业委员会（U.S. House Committee on Energy and Commerce）已经就OBD-II安全的相关问题，联系了国家公路交通安全管理局(NHTSA)，要求NHTSA“集结行业力量，共同出台行动意见，解决现代汽车生态系统中OBD-II端口存在的安全隐患。”

SAE加入

“在NHTSA的敦促下，SAE International - 国际自动机工程师学会（以下简称SAE）已经成立了一个工作小组，用NHTSA的话来说，其任务就是‘探索强化OBD-II端口的方法’。”SAE车辆标准技术项目经理TimWeisenberger表示，SAE将广泛吸取整个汽车行业的意见，组织成立专项工作组，全面分析问题，所在并最终形成一套推荐做法。

Weisenberger解释道，“在设计之初，OBD-II只是美国环保署（EPA）和加州空气资源管理局（CARB）等机构监控车辆排放的一个端口。”现在，我们要做的就是在汽车数据访问的便利性与安全性之间做出平衡。目前，无论是出于“合法”还是“非法”目的，各方都希望能够访问OBD-II端口。具体来说，“合法”利用该端口的场景包括检查/维护、车厂/服务、保险及其他插入式远程信息处理与预测应用，及车辆性能优化等；“非法”访问则来自恶意满满的黑客。

行业开始行动

2016年12月1日和2017年1月30日，大约40家公司已经齐聚一堂，探讨面前存在的共同问题、潜在需求及相关措施，保护OBD-II端口的安全。

Weisenberger解释道，“参加研讨会的成员包括我们的几个不同协会的专家负责人，比如大众汽车公司（VW）的Bob Gruszczynski与DGTech公司的Mark Zachos等真正领域领袖。”

另外，SAE员工也在场协助组织工作的快速推进。参会专家正在考虑以一种 “合作研究项目”的方式推进，也就是说由2个或2个以上的组织集合资源共同开展联合项目，针对竞争前技术领域进行研究并共享研究结果，从而加快相关标准的开发。

“对于整个行业来说，这就像是一个触发器，未来各个方面还将集结更多资源，一起促使整个行业变得更加开放，”Weisenberger说，“而不仅仅是影响到个别的企业”。

SAE新成立的OBD工作组，成员背景非常丰富多样，既包括来自BMW、福特（Ford）、通用（GM）、本田（Honda）、现代（Hyundai）、五十铃（Isuzu）、丰田（Toyota）、大众汽车（VW）等8家汽车厂商；沃尔沃（Volvo）、康明斯（Cummins）等几家重型卡车制造商和供应商的人员，也包括来自加州空气资源委员会、国家公路交通安全管理局及美国国家标准与技术研究所等多家政府与监管机构的人员。

TEVDS20委员会成立

通过一系列努力，SAE TEVDS20数据链路层连接器车辆安全委员会（Data Link Connector Vehicle Security Committee-TEVDS20）成立。Weisenberger告诉《国际汽车工程》杂志，需要指出的是，“数据链路层连接器”是OBD-II端口的官方技术术语，而OBD-II端口的说法更像是行话的表达。此后，委员会成员将开始采用官方术语进行表述。

在《国际汽车工程》杂志本期报道出版之后，该工作组成员将再次会面，共同确定相关工作的范围，并成立一个新的工作小组开展相关工作，进行技术方面的探讨（J3138）。Weisenberger解释道，未来，该委员会还将继续定期会面，探讨OBD-II问题的发展情况，并开展相关工作。

Weisenberger表示，“J3138只是我们的具体工作任务之一。”未来，大家要做的工作还有很多，但目前的确定目标是按照众议院的要求，对OBD-II端口的安全性能进行强化。

SAE Standards News aims to update readers on the extensive activity in the SAE Global Ground Vehicle Standards development arena, by more than 800 ground vehicle committees comprised of volunteers from global industry stakeholders and SAE GVS staff who support the committee work.

In Fall 2016, the U.S. House Committee on Energy and Commerce reached out to the National Highway Traffic Safety Administration (NHTSA) in regards to addressing OBD-II security. The letter requested NHSTA to “convene an industry-wide effort to develop a plan of action for addressing the risk posed by the existence of the OBD-II port in the modern vehicle ecosystem.”

Enter SAE.

“SAE International, at NHTSA’s urging, has started a working group that is ‘looking to explore ways to harden the OBD-II port’—that was their [NHTSA’s] language,” said Tim Weisenberger, SAE’s Project Manager, Technical Programs, Ground Vehicle Standards. SAE set to work by reaching out to a wide range of the industry. A working group was assembled to examine the issue with the goal of developing a set of recommendations.

“The OBD-II port has moved beyond its originally designed intent as a port to check emissions by regulators like the EPA and CARB,” Weisenberger explained. There are vehicle data access vs. vehicle security issues at hand. Many entities are requesting both legitimate and non-legitimate access to the port. The “legit” side include inspection and maintenance, workshop/service, insurance/other plug-in telematics and prognostics apps and performance tuners. On the malicious side are the hackers.

Triggering the industry

The group of approximately 40 gathered for the first workshops on December 1 and January 30 to identify common issues, needs and an approach to secure the OBD.

“The group included a couple of our experts that run various committees—Bob Gruszczynski from VW and Mark Zachos from DGTech were really the lead experts,” Weisenberger explained.

SAE staff were also present to facilitate and help to examine how the organization could move forward rapidly. They considered either standards development or expedited standards development that uses what SAE calls a Cooperative Research Project approach. This is a pathway for joint-venture research projects where two or more organizations pool their resources to study a pre-competitive technical area and share in the results.

“It was interesting that this was kind of a trigger for the industry to get together to create something that’s a little more open for the entire industry,’’ he said, “not just specific to company.”

The new OBD working group SAE has assembled is broad. It is comprised of eight automotive OEMs (BMW, Ford, GM, Honda, Hyundai, Isuzu, Toyota, VW), a few heavy truck OEMs and suppliers (Volvo, Cummins), various associations (MEMA, ETI), as well as representation from government and regulators (California Air Resources Board, NHTSA and the National Institute of Standards and Technology).

Get to know the TEVDS20

Through this effort, a new SAE committee was born: the Data Link Connector Vehicle Security Committee (TEVDS20). It is important to note that “data link connector” is the technical term for the OBD-II port (which is really more of an industry slang term, Weisenberger told AE). With the committee’s naming as a trigger, members will begin to use the technical term moving forward.

As this issue of Automotive Engineering went to press, the group was set to meet again to define the scope of work and engage a new Task Force under the committee to develop the technical work item (J3138). From there, the committee will continue to meet periodically to examine the issue and begin new work items as needed, Weisenberger explained.

“This new work item is a very specific use case,” he said. “It is a deep dive.” The potential is there for other work down the road, but for now the group has its very specific goal to meet the House Committee’s need of hardening the OBD-II port in sight.

Author: Jennifer Shuttleworth
Source: SAE Automotive Engineering Magazine