Accessibility Information

Users of assistive technologies such as screen readers should use the following link to activate Accessibility Mode before continuing: Learn more and Activate accessibility mode.

Cyber security and Safety of Motor Vehicles Equipped with Electronic Control Systems

Solicitation Number: DTRT57-11-SS-00007
Agency: Department of Transportation
Office: Office of the Secretary (OST) Administration Secretariate
Location: Volpe National Transportation Systems Center
  • Print
Sources Sought
Added: Aug 02, 2011 1:49 pm
1.0 Purpose. The U.S. Department of Transportation (USDOT)/Research and Innovative Technology Administration (RITA)/Volpe National Transportation Systems Center (Volpe Center), by means of this Request for Information (RFI), seeks to obtain informed views on the perceived needs, prevailing practices, and lessons learned concerning the cybersecurity and safety of safety-critical electronic control systems used in various modes of transportation and other industry sectors. This RFI is for the purpose of gathering information that may be useful in identifying research needs and formulating a research roadmap to establish essential motor vehicle safeguards against cybersecurity threats and assure the reliability and safety of automotive electronic control systems. Information obtained is for planning purposes only. The Government will not pay for any information received from potential sources as a result of this RFI. This is not a synopsis for a Request for Proposal. The USDOT does not intend to award a contract on the basis of responses to this document.

2.0 Background. Information and electronic technologies are being increasingly used to enhance transportation safety and efficiency - resulting in increasingly complex, cyber-physical systems, and new failure modes and mechanisms that are not well understood with respect to safety hazards and security vulnerabilities. The USDOT is collecting relevant information to characterize needs and establish a strategic research roadmap to meet the rising challenges of ensuring the safety of automotive safety-critical systems due to increasing complexity of motor vehicle systems using advanced electronic controls to improve drivability, safety, efficiency, and operational reliability; escalating use of information technology in motor vehicles to enhance basic and secondary vehicle functions and to enable infotainment applications; and wireless connectivity to in-vehicle systems, between vehicles and external information networks, and among vehicles. Essential information and insights are sought as input to strategic decisions about next research steps and justifying initiatives relative to research possibilities as well as revised approaches to regulation, enforcement, incident/forensics, vehicle testing, communications/outreach/professional capacity building, or recommended electronic hardware/software systems architecture and engineering design safeguard principles and/or practices, including human factors and training considerations.

3.0 Information Sought. The USDOT seeks all informed views on applicable standards, current and future practices/approaches, and lessons learned across various industry segments in which electronic systems are used in applications where reliability and security impinge on critical functions and/or where the safety of life is involved. The USDOT also seeks information in response to the following specific topics and questions in the areas of cybersecurity and safety:

3.1 Cybersecurity Information Sought. The USDOT seeks relevant information from specific industry segments that include automotive, aviation, military, industrial controls, information technology, communications, energy/Smart Grid, and medical devices/healthcare information systems. While the goal is to determine best practices of technical approaches, the USDOT also seeks information on how industries initially highlighted cybersecurity vulnerabilities and began to address them:

3.1.1 Cybersecurity topics of interest include:
3.1.1.a Types and magnitudes of risks in modern motor vehicles
3.1.1.b Threats and vulnerabilities to safety-critical systems within vehicle networks and vehicle connectivity to the outside world
3.1.1.c How risks might amplify with increasing connectivity including dedicated short range communications, cellular, or other communications methods.
3.1.1.d Risk management including risk/vulnerability assessment and approaches/strategies to risk mitigation that can be applicable
3.1.1.e Security testing, including penetration testing
3.1.1.f Approaches to cybersecurity outreach and training throughout the automotive value chain, in particular automotive software developers.
3.1.1.g Incident/Forensic approaches
3.1.1.h Secure automotive controller-area networks and diagnostics
3.1.2 Was there an initial event or occurrence that brought cybersecurity issues to the forefront in the industry? If so, what was it?
3.1.3 What resources were brought to bear?
3.1.4 What industry committees or working groups were formed?
3.1.5 What standards were used, modified, or created?
3.1.6 What approaches to cybersecurity were developed, how, and how are they evolving as the industry moves forward in its strategic planning?
3.1.7 What was/is the role of the Federal government in the industries' cybersecurity practices and how did it evolve?
3.1.7.a What specifically are the policy approaches?
3.1.7.b What regulatory involvement was/is there?
3.1.8 How were issues such as privacy, sensitive competitive information, etc. addressed (in particular in industry-wide security working groups)?

3.2 Safety Information Sought. The USDOT seeks relevant information from specific industry segments that include automotive, aerospace, automated/positive train control, military command and control systems, and medical devices and monitoring systems.

3.2.1 Safety topics of interest include:
3.2.1.a Fault/failure causal analysis methods
3.2.1.b Fault/failure management including design methods, fault/failure detection mechanism and assessment, cybersecurity intrusion detection/prevention and assessment.
3.2.1.c Fail-safe design and override mechanisms and strategies as well as requirements already in use or planned
3.2.1.d Driver-vehicle interface and interaction including notification strategies and transition from automatic to manual control
3.2.1.e Generation and storage of diagnostics codes and event histories (e.g., event data recorders)
3.2.1.f In-service surveillance and lifecycle maintenance needs
3.2.1.g System testing including verification, validation, and certification.
3.2.1.h Systems engineering/software architecture requirements and design processes
3.2.1.i Viable standards, processes, approaches, and practices
3.2.2 What standards and approaches does the industry follow in setting safety requirements (safety assessment process and hazard analysis) for vehicle design and operation?
3.2.3 Who are the stakeholders that oversee the compliance to these standards?
3.2.4 What are the incentives for the industry to follow these standards? What are the consequences of not following the standards?
3.2.5 What are the processes used for software safety assurance and certification including software requirements, design, coding, and integration processes?
3.2.6 What standards does the industry adopt for software testing including low-level, software integration, and hardware/software integration testing?
3.2.7 What are the main challenges in the development of safety-critical software?
3.2.8 How is software upgraded or modified once the system is in service? What processes and methods are used to check the safety and integrity of the upgrade/modified software?
3.2.9 How does the industry ensure the operational safety of vehicles in meeting safety and design requirements when integrating the various subsystems manufactured by different suppliers?
3.2.10 What are the techniques used to detect and assess the severity of a fault or failure in the vehicle subsystems including permanent and random short-term failures?
3.2.11 What are the different fail-safe mechanisms used when detecting failures in any safety-critical subsystem? What are the operator override features to safely maneuver the vehicle in case of failure?
3.2.12 Are event data recorders being used and what are the characteristics of data collected?
3.2.13 In case of safety-critical system failure, what types of alert signals (visual, audible, and/or haptic) are issued to the operator including their correlation between their intensity and the degree of hazard severity? What recommended actions are displayed to the operator, if any? What types of instruction/training are given to the operator in dealing with system failures? Given automatic controls in operation, how is the transition from automatic to manual control handled?
3.2.14 What are the diagnostic strategies and codes used to facilitate a solution to the problem or perform effective maintenance service? How are potential quality, reliability and safety issues identified and prioritized? What data sources are used (diagnostic codes, warranty systems, informal feedback from dealer personnel and field service engineers, etc.) and what strategies are used to synthesize this data?
3.2.15 How should information about system failure causes and potential solutions be shared among manufacturers?
3.2.16 What kinds of safety culture and safety management processes are in place for the design and development of embedded control system hardware and software?

4.0 General Guidance for Submission. Respondents may submit or identify comments, ideas, answers, or issues that address all or any of the topics and questions in section 3.0 above. Respondents should provide a clear statement of how each part of their submission addresses a specific topic or question in sufficient detail to allow the Government to evaluate the relevance and usefulness of the information submitted.

5.0 Submission Instructions. Respondent should make submissions by e-mail to including any questions regarding this RFI. Electronic attachments to the e-mail should be submitted in Microsoft Office 2003 (or later) productivity application formats, or any format that can be imported by Microsoft Office. Responses should be prepared on standard 8.5 x 11-inch pages. Text font must be no smaller than 12 point; however any text on charts, figures, and/or matrices may be reduced to 8 point. There is no page limit to responses. Submissions must be disclosable to the public or the submitter should provide a summary statement that can be disclosed to the public with fuller supporting information that is clearly marked as restricted. The Government will use customary means to safeguard proprietary information, but only when such information is (1) clearly marked as proprietary, (2) is, in fact, information that could not have been obtained from another party or source, and (3) is otherwise deserving of such treatment under standards and processes described in the FOIA and E.O. 12600. Responses must be received no later than the time specified in this announcement. Include in your response name, address, telephone number, and, if applicable, small business status.

6.0 Information Availability. Information submitted to the USDOT in response to this request will be made available to USDOT personnel with an official interest in its subject (and involved contractor personnel under non-disclosure arrangements). Information made available without a claim of restriction and summary sheets will be made available to the public upon request.

7.0 Acquisition Potential. This is not a request for proposals. Submitters are advised that the USDOT is under no obligation to take any further action with any party as a result of this RFI.

55 Broadway
Kendall Square
Cambridge, Massachusetts 02142-1093
55 Broadway
Kendall Square
Cambridge, Massachusetts 02124
United States
Jeremy Barrasso,
Contract Specialist
Phone: 617-494-2282
Fax: 617-494-3024
Daniel J. Leone,
Contracting Officer
Phone: 6174942128