[Federal Register Volume 87, Number 61 (Wednesday, March 30, 2022)]
[Notices]
[Pages 18470-18471]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2022-06683]


-----------------------------------------------------------------------

DEPARTMENT OF TRANSPORTATION

National Highway Traffic Safety Administration

[Docket No. NHTSA-2022-0029]


Denial of Motor Vehicle Defect Petition, DP21-005

AGENCY: National Highway Traffic Safety Administration (NHTSA), 
Department of Transportation.

ACTION: Denial of petition for a defect investigation.

-----------------------------------------------------------------------

SUMMARY: This notice sets forth the reasons for the denial of a 
petition submitted on September 27, 2021, by Mr. James Lamb to NHTSA's 
Office of Defects Investigation (ODI). The petition requests that the 
Agency initiate an investigation into alleged ``defects in the 2006 
J1939 databus,'' citing a 2016 research paper published through the 
University of Michigan. On December 23, 2021, NHTSA opened Defect 
Petition DP21-005 to evaluate the petitioner's request. After reviewing 
the information provided by the petitioner regarding the alleged defect 
and conducting searches of complaints from vehicle owners, operators, 
and fleet supervisors, NHTSA has concluded that there is insufficient 
evidence to warrant further action at this time. Accordingly, the 
Agency has denied the petition.

FOR FURTHER INFORMATION CONTACT: Mr. Ryan Rahimpour, Medium and Heavy-
Duty Vehicle Defects Division, Office of Defects Investigation, NHTSA, 
1200 New Jersey Ave. SE, Washington, DC 20590 (telephone 202-366-8756).

SUPPLEMENTARY INFORMATION:

1.0 Introduction

    Pursuant to 49 CFR 552.1, interested persons may petition NHTSA 
requesting that the Agency initiate an investigation to determine 
whether a motor vehicle or item of replacement equipment fails to 
comply with applicable motor vehicle safety standards or contains a 
defect that relates to motor vehicle safety. 49 U.S.C. 30162; 49 CFR 
part 552. Upon receipt of a properly filed petition, the Agency 
conducts a technical review of the petition, material submitted with 
the petition, and any additional information. 49 U.S.C. 30162(c); 49 
CFR

[[Page 18471]]

552.6. After the technical review and considering appropriate factors, 
which may include, among other factors, Agency priorities, and the 
likelihood of success in litigation that might arise from a 
determination of a noncompliance or a defect related to motor vehicle 
safety, the Agency will grant or deny the petition. 49 U.S.C. 30162(d); 
49 CFR 552.8.

2.0 Petition

    Mr. James Lamb (the petitioner), Executive Director of the Small 
Business in Transportation Coalition (SBTC), submitted a petition to 
NHTSA on September 27, 2021. The petition requested NHTSA to initiate a 
defect investigation into the potential hacking susceptibility of the 
Society of Automotive Engineers (SAE) J1939 Data Bus standard.
    In support of the petition, the petitioner cited a 2016 study from 
University of Michigan (Michigan) researchers, entitled Truck Hacking: 
An Experimental Analysis of the SAE J1939 Standard, which alleges a SAE 
J1939 Data Bus vulnerability in a Model Year (MY) 2001 school bus and a 
MY 2006 Class-8 semi-tractor.\1\ The study alleges that, due to the 
vulnerability, vehicle critical safety functions such as the 
accelerator control or braking systems are susceptible to unauthorized 
access and control, increasing motor vehicle safety risks. The petition 
includes no other specification with respect to affected makes or 
models of vehicles with the alleged safety defect.
---------------------------------------------------------------------------

    \1\ Burakova, Y., Hass, B., Millar, L., Weimerskirch, A., 
(2016). Truck Hacking: An Experimental Analysis of the SAE J1939 
Standard. woot16-paper-burakova.pdf (usenix.org).
---------------------------------------------------------------------------

3.0 Analysis

    On December 23, 2021, ODI opened Defect Petition Investigation 
DP21-005 to evaluate the petitioner's request. In evaluating the 
petition, ODI reviewed the cited University of Michigan study to 
understand and determine the scope and feasibility of the alleged 
defect and reviewed the NHTSA database for similar complaints.
    The petitioner did not specify the make and model of the vehicles 
with the alleged safety defect. The only categories of relevant subject 
vehicles specified were found in the Michigan study: MY 2001 school 
buses and MY 2006 Class-8 semi-tractors.
    After reviewing the available information and using ODI's risk-
based processes, ODI has not identified evidence that would support 
opening a defect investigation into the subject vehicles. The vehicle 
vulnerabilities reported in the Michigan study required physical access 
to the J1939 connector in order to affect vehicle critical safety 
functions such as the accelerator control or braking systems. Whether 
there is a potential for remote compromise is a factor that NHTSA has 
considered in evaluating the likelihood or frequency of a potential 
safety defect. The Michigan study did not demonstrate a remote 
compromise of these vehicles. In addition, based on the age of the 
subject model year school buses and semi-tractors, they do not have 
over-the-air software update capabilities or an internet connection to 
make remote compromise possible.
    ODI conducted a search for similar complaints received by the 
Agency and found no complaints of any type related to this alleged 
vulnerability, aside from the Petition. This evaluation included 
searches of complaints from vehicle owners, operators, and fleet 
supervisors. ODI has not found any similar events, complaints, or 
allegations suggesting a real-life vulnerability based on the available 
information. Therefore, given a thorough analysis of the potential for 
finding a safety-related defect in the subject vehicles, and in view of 
NHTSA's enforcement priorities, a defects investigation is unlikely to 
result in a finding that a defect related to motor vehicle safety 
exists.

4.0 Conclusion

    NHTSA is authorized to issue an order requiring notification and 
remedy of a defect if the Agency's investigation shows a defect in the 
design, construction, or performance of a motor vehicle that presents 
an unreasonable risk to safety. 49 U.S.C. 30102(a)(9), 30118. Given 
that the existing information does not provide evidence of a real-life 
vulnerability in the alleged subject vehicles, caused by a vehicle-
based defect, it is unlikely that an order concerning the notification 
and remedy of a safety-related defect would be issued due to any 
investigation opened upon grant of this petition. Therefore, and upon 
full consideration of the information presented in the petition and the 
potential risks to safety, the petition is denied. The denial of this 
petition does not foreclose the Agency from taking further action if 
warranted or making a future finding that a safety-related defect 
exists based upon additional information the Agency may receive.
    Authority: 49 U.S.C. 30162(d); delegations of authority at CFR 1.95 
and 501.8.

Anne L. Collins,
Associate Administrator for Enforcement.
[FR Doc. 2022-06683 Filed 3-29-22; 8:45 am]
BILLING CODE 4910-59-P


