Cybersecurity requirements for heavy duty vehicles developed in collaboration with motor freight carriers, OEMs and cybersecurity experts.
The cybersecurity requirements captured here are for use by fleets to include in their procurement process with OEMs. The requirements are intended to cover the following truck body configurations, which we intend to cover most of what LTL carriers need:
- North America "on highway" Class 7-8 trucks e.g. the classic truck w/ trailer or double as the most common configuration
- and also the last mile delivery truck with a dry freight truck body that could include a lift gate
We recommend that fleets use these requirements by following some steps during the procurement process. We are open to feedback on how to improve the requirements and the process.
- Fleets should ask OEMs to identify all the modules in the requested truck by the Device Classes below.
- Fleets should prepare questionnaires to be completed by the OEMs based on the classes found.
- OEMs complete the questionnaires, answering in the affirmative if all devices of the given class satisfy the requirement. Deviations and rationale can be noted in the provided cells of the questionnaires.
The VCRWG analyzed several truck vehicle network architectures and performed a risk analysis to classify the known truck electronic components into a series of device classes. The devices classes were created to group the devices into similar risk profiles; i.e. cybersecurity requirements for procurement are assigned to these classes instead of to each devices individually.
Each device identified, its assigned class and the rationale for assigning that class are captured here in a truck order
sheet view for ease of use by the fleets. This is also available in a word docx file here:
resources/Truck_Component_Order_Sheet_Breakdown_for_Cybersecurity_Matrix_v2_DRAFT.docx.
Note 1: the analysis (and hence the rationales below) assumes that the Next Generation Tractor Trailer Interface (NGTTI) will not use J2497 for any function other than regulation required LAMP messages, if that is not the case then the devices using J2497 for those other functions(especially diagnostics) should be classified instead as class 2 Multi Segment with Wireless.
Note 2: the analysis makes the distinction between Untrusted Network Domains and Trusted Network Domains of the vehicle networks.
- Untrusted Network Domain (UND):
- A UND is a network domain (or segment) that contains any of the following:
a) wireless communication or reachable wirelessly (e.g J2497, ISO 15118, BlueTooth, WiFi)
b) an interface for aftermarket devices or operator access (e.g. an OBD port, RP1226 connector)
c) a telematics device that does not satisfy the HD VCR requirements
d) a multi-network device (e.g. intended or unintended gateway) that does not satisfy the HD VCR requirements
- Trusted Network Domain (TND):
- A TND is a network domain (or segment) that does not contain any of the following:
a) wireless communication or reachable wirelessly (e.g J2497, ISO 15118, BlueTooth, WiFi)
b) an interface for aftermarket devices or operator access (e.g. an OBD port, RP1226 connector)
c) a telematics device that does not satisfy the HD VCR requirements
d) a multi-network device (e.g. intended or unintended gateway) that does not satisfy the HD VCR requirements
ENGINE
| Component Reference Name | Cybersecurity Requirements Class | Class Assignment Rationale |
|---|---|---|
| Engine Telematics (J1939 SA 249) | 0 | telematics device |
| Engine #1 (aka Motor Control Module (MCM) / Engine Management System (EMS) / Engine Control Module (ECM)) (J1939 SA 00, 01) | 3 | 'high' scope change risk (assumes NGTTI with no J2497) and untrusted wired connection |
| Engine Cylinder Pressure Monitoring System | 5 | 'high' overall fleet risk |
| Engine #2 | None Specified | no responses / not common component |
ENGINE EQUIPMENT
| Propulsion Battery Charger (J1939 SA 73) | 1 | has a CCS/ISO 15118 interface which is accessible wirelessly and connects to J1939 |
|---|---|---|
| Thermal Management System Controller (J1939 SA 49) | 3 | 'high' scope change risk (assumes NGTTI with no J2497) and untrusted wired connection |
| Water Pump Controller (J1939 SA 57) | 3 | 'high' scope change risk (assumes NGTTI with no J2497) and untrusted wired connection |
| Low-Voltage Disconnect (J1939 SA 49) | 3 | 'high' scope change risk (assumes NGTTI with no J2497) and untrusted wired connection |
| Fan Drive Controller (aka Fan Hub) (J1939 SA 78) | 3 | 'high' scope change risk (assumes NGTTI with no J2497) and untrusted wired connection |
| Powertrain Control Module (aka Common Powertrain Controller Module (CPC)) (J1939 SA 90) | 3 | 'high' scope change risk (assumes NGTTI with no J2497) and untrusted wired connection |
| Ignition Control Module #2 (J1939 SA 57) | 3 | 'high' scope change risk (assumes NGTTI with no J2497) and untrusted wired connection |
| Starter System (J1939 SA 00, 03) | 3 | 'high' scope change risk (assumes NGTTI with no J2497) and untrusted wired connection |
| Fuel Heater, In-Tank (J1939 SA 72) | 3 | 'high' scope change risk (assumes NGTTI with no J2497) and untrusted wired connection |
| Oil Sensor (J1939 SA 00) | 4 | 'medium' scope change risk (connected to two or more vehicle networks) |
| Retarder - Engine (J1939 SA 15) | 4 | 'medium' scope change risk (connected to two or more vehicle networks) |
| Radiator (aka Radiator Fan Control) (J1939 SA 78, 00, 255) | 4 | 'medium' scope change risk (connected to two or more vehicle networks) |
| Oil Pan Heater (J1939 SA 00) | 4 | 'medium' scope change risk (connected to two or more vehicle networks) |
| Engine Injection Control Module (J1939 SA 00) | 4 | 'medium' scope change risk (connected to two or more vehicle networks) |
| Ignition Control Module #1 (J1939 SA 52) | 4 | 'medium' scope change risk (connected to two or more vehicle networks) |
| Idle Control System (J1939 SA 68) | 5 | 'high' overall fleet risk |
| Aftertreatment #1 system gas intake (J1939 SA 81) | 5 | 'high' overall fleet risk |
| Aftertreatment #2 system gas intake (J1939 SA 86) | 5 | 'high' overall fleet risk |
| Diesel Particulate Filter Controller (aka Aftertreatment Control Module (ACM) / Exhaust Emission Controller) (J1939 SA 211) | 5 | 'high' overall fleet risk |
| Engine Exhaust Backpressure (J1939 SA 34) | 5 | 'high' overall fleet risk |
| Retarder, Exhaust, Engine #1 | 5 | 'high' overall fleet risk |
| Retarder, Exhaust, Engine #2 | 5 | 'high' overall fleet risk |
| Engine Valve Controller (J1939 SA 0) | 6 | 'medium' overall fleet risk |
| Battery Pack Monitor #1 (J1939 SA 243) | 7 | 'low' overall fleet risk |
| Aftertreatment #2 system gas outlet (J1939 SA 87) | 7 | 'low' overall fleet risk |
| Aftertreatment #1 system gas outlet (aka NoX Sensors ) (J1939 SA 82) | 7 | 'low' overall fleet risk |
| Catalyst Fluid Sensor (aka DEF Quality Sensor) (J1939 SA 211) | 7 | 'low' overall fleet risk |
| Turbocharger (J1939 SA 02) | 7 | 'low' overall fleet risk |
| Turbocharger Compressor Bypass (J1939 SA 02) | 7 | 'low' overall fleet risk |
| Turbocharger Wastegate (J1939 SA 02) | 7 | 'low' overall fleet risk |
| Air Intake System (J1939 SA 70) | 7 | 'low' overall fleet risk |
| Filtration Control | 7 | 'low' overall fleet risk |
| Engine Exhaust Gas Recirculation (J1939 SA 70) | 7 | 'low' overall fleet risk |
| Alternator/Electrical Charging System | 7 | 'low' overall fleet risk |
| Battery Charger | 7 | 'low' overall fleet risk |
| Exhaust Emission Controller (J1939 SA 61) | None Specified | no responses / not common component |
| Air Compressor | None Specified | no responses / not common component |
TRANSMISSION
| Transmission Telematics | 0 | telematics device |
|---|---|---|
| Transmission #1 (aka Transmission Control Module (TCM)) (J1939 SA 03) | 3 | 'high' scope change risk (assumes NGTTI with no J2497) and untrusted wired connection |
| Electronic Clutch Actuator (J1939 SA 03) | 4 | 'medium' scope change risk (connected to two or more vehicle networks) |
| Power TakeOff (Front or Secondary) (J1939 SA 07) | 5 | 'high' overall fleet risk |
| Retarder - Driveline (J1939 SA 16) | 5 | 'high' overall fleet risk |
| Power TakeOff - (Main or Rear) (J1939 SA 07) | 5 | 'high' overall fleet risk |
| Clutch/Converter Unit (J1939 SA 78) | 6 | 'medium' overall fleet risk |
| Transmission #2 (aka Auxiliary Transmission) (J1939 SA 16) | 6 | 'medium' overall fleet risk |
FRONT AXLE & EQUIPMENT
| Steering Input Unit (aka Steering Angle Sensor (SAS)) | 3 | high' scope change risk (assumes NGTTI with no J2497) and untrusted wired connection |
|---|---|---|
| Steering Controller (aka Front Axle Steering (FAS) / VDS / MCS) (J1939 SA 19) | 4 | |
| 'medium' scope change risk (connected to two or more vehicle networks) | ||
| Suspension - Steer Axle (aka Electronically Controlled Suspension (ECS) / Electronically Controlled Air Suspension (ECAS)) (J1939 SA 20) | 6 | 'medium' overall fleet risk |
| Suspension - System Controller #1 (J1939 SA 47) | 6 | 'medium' overall fleet risk |
| Axle - Steering (J1939 SA 08) | 7 | 'low' overall fleet risk |
| Brakes - Steer Axle (J1939 SA 13) | None Specified | no responses / not common component |
| Suspension - System Controller #2 (J1939 SA 64) | None Specified | no responses / not common component |
REAR AXLE & EQUIPMENT
| Antilock Brake System (ABS) (J1939 SA 11) | 1 | has J2497 interface (in NA) which is accessible wirelessly |
|---|---|---|
| Brakes - Drive axle #1 (J1939 SA 13) | 1 | has J2497 interface (in NA) which is accessible wirelessly |
| Brakes - Drive Axle #2 (J1939 SA 14) | 1 | has J2497 interface (in NA) which is accessible wirelessly |
| Traction Control (J1939 SA 138, 39) | 3 | 'high' scope change risk (assumes NGTTI with no J2497) and untrusted wired connection |
| Differential Lock Controller (J1939 SA 138, 72, 39 ) | 3 | 'high' scope change risk (assumes NGTTI with no J2497) and untrusted wired connection |
| Axle - Drive #1 (J1939 SA 09) | 4 | 'medium' scope change risk (connected to two or more vehicle networks) |
| Axle - Drive #2 (J1939 SA 10) | 4 | 'medium' scope change risk (connected to two or more vehicle networks) |
| Electric Propulsion Control Unit #1 | 7 | 'low' overall fleet risk |
| Electric Propulsion Control Unit #2 | None Specified | no responses / not common component |
| Electric Propulsion Control Unit #4 | None Specified | no responses / not common component |
| Endurance Braking System | None Specified | no responses / not common component |
ADDITIONAL AXLES
| Lift Axle (J1939 SA 138, 71) | 4 | 'medium' scope change risk (connected to two or more vehicle networks) |
REAR SUSPENSION
| Suspension - Drive Axle #1 (J1939 SA 138, 72, 39) | 3 | 'high' scope change risk (assumes NGTTI with no J2497) and untrusted wired connection |
|---|---|---|
| Suspension - Drive Axle #2 (J1939 SA 22) | 3 | 'high' scope change risk (assumes NGTTI with no J2497) and untrusted wired connection |
| Vehicle Dynamic Stability Controller (J1939 SA 62) | 6 | 'medium' overall fleet risk |
TRAILER CONNECTIONS
| Tractor/Trailer Bridge #2 (J1939 SA 138, 39) | 3 | 'high' scope change risk (assumes NGTTI with no J2497) and untrusted wired connection |
|---|---|---|
| Tractor-Trailer Bridge #1 (J1939 SA 32) | 3 | 'high' scope change risk (assumes NGTTI with no J2497) and untrusted wired connection |
TIRES & WHEELS
| Tire Pressure Controller (aka Tire Pressure Monitoring System (TPMS)) (J1939 SA 51) | 1 | has a wireless interface and connects to J1939 |
|---|---|---|
| Wheel End Monitoring | 1 | has a wireless interface and connects to J1939 |
FRAME & EQUIPMENT
| Fifth Wheel Smart System (J1939 SA 138, 39) | 3 | 'high' scope change risk (assumes NGTTI with no J2497) and untrusted wired connection |
|---|---|---|
| ADAS Lane Keep (aka LCS Side Sensor (blind spot only) / Lane Warning / Lane Departure Warning System / Bendix Fusion / Exterior Camera for Lane Departune Warning / Driver Assistance Camera (MPC)) (J1939 SA 232, 19) | 3 | 'high' scope change risk (assumes NGTTI with no J2497) and untrusted wired connection |
| Body-to-Vehicle Interface Control (aka VECU - Vehicle ECU) (J1939 SA 33) | 3 | 'high' scope change risk (assumes NGTTI with no J2497) and untrusted wired connection |
| Forward Road Image Processor (J1939 SA 232) | 3 | 'high' scope change risk (assumes NGTTI with no J2497) and untrusted wired connection |
| Automated Driving (L0-L2) (aka Bendix FLR and FLC (Forward looking Camera / Radar)) | 6 | 'medium' overall fleet risk |
| Collision Avoidance (J1939 SA 42) | 6 | 'medium' overall fleet risk |
| Slope Sensor (aka Hill Start Assist) | 7 | 'low' overall fleet risk |
| Personnel Detection Device (aka Pedestrian Detection) | 7 | 'low' overall fleet risk |
| Aerodynamic Control (J1939 SA 27) | None Specified | no responses / not common component |
| Electrical System (J1939 SA 30) | None Specified | no responses / not common component |
| Hitch Control (J1939 SA 35) | None Specified | no responses / not common component |
| Power Systems Manager (J1939 SA 91) | None Specified | no responses / not common component |
FUEL TANK & EQUIPMENT
| Fuel Actuator (J1939 SA 15) | 4 | 'medium' scope change risk (connected to two or more vehicle networks) |
|---|---|---|
| Fuel System (J1939 SA 18) | None Specified | no responses / not common component |
CAB EXTERIOR
| Exterior Camera Telematics | 0 | telematics device |
|---|---|---|
| Mirrors (J1939 SA 40) | 4 | 'medium' scope change risk (connected to two or more vehicle networks) |
| Body Controller (aka Key-Lock Options) | 6 | 'medium' overall fleet risk |
| Body Controller #2 | 7 | 'low' overall fleet risk |
| Door Controller (J1939 SA 236) | 7 | 'low' overall fleet risk |
| Door Controller #1 (J1939 SA 237) | 7 | 'low' overall fleet risk |
| Door Controller #2 | 7 | 'low' overall fleet risk |
| Door Controller #3 | 7 | 'low' overall fleet risk |
| Door Controller #4 | 7 | 'low' overall fleet risk |
| Roadway Information | 7 | 'low' overall fleet risk |
| Vehicle Security (J1939 SA 29) | 7 | 'low' overall fleet risk |
| Forensic Exterior Cameras (J1939 SA 232) | None Specified | no responses / not common component |
CAB INTERIOR
| Interior Camera Telematics | 0 | telematics device |
|---|---|---|
| Vehicle Navigation (J1939 SA 84) | 1 | has a wireless interface and connects to J1939 |
| Radio (aka Head Unit / Infotainment) (J1939 SA 76, 84) | 1 | likely to have wireless interfaces and a J1939 interface |
| Cab Controller - Primary (aka SAM CAB) (J1939 SA 49) | 3 | 'high' scope change risk (assumes NGTTI with no J2497) and untrusted wired connection |
| Cab Controller - Secondary (J1939 SA 50) | 3 | 'high' scope change risk (assumes NGTTI with no J2497) and untrusted wired connection |
| Cruise Control (J1939 SA 17) | 3 | 'high' scope change risk (assumes NGTTI with no J2497) and untrusted wired connection |
| Object Detection Display (aka Active Safety Components / Bendix Fusion (Display)) | 3 | 'high' scope change risk (assumes NGTTI with no J2497) and untrusted wired connection |
| Lighting - Operator Controls (J1939 SA 71) | 3 | 'high' scope change risk (assumes NGTTI with no J2497) and untrusted wired connection |
| Throttle (J1939 SA 0) | 4 | 'medium' scope change risk (connected to two or more vehicle networks) |
| Transmission Display - Primary (J1939 SA 59) | 4 | 'medium' scope change risk (connected to two or more vehicle networks) |
| Trip Recorder (J1939 SA 24) | 4 | 'medium' scope change risk (connected to two or more vehicle networks) |
| Switch Field (aka Additional Switches / Modular Switch Field (MSF)) (J1939 SA 138) | 4 | 'medium' scope change risk (connected to two or more vehicle networks) |
| Power TakeOff (PTO) Switches (J1939 SA 07) | 5 | 'high' overall fleet risk |
| Shift Console - Primary (aka Gearshift ECU) (J1939 SA 05) | 6 | 'medium' overall fleet risk |
| Safety Restraint System (SRS) (J1939 SA 83) | 6 | 'medium' overall fleet risk |
| Retarder Display (J1939 SA 23) | 7 | 'low' overall fleet risk |
| Shift Console - Secondary (J1939 SA 06) | 7 | 'low' overall fleet risk |
| Transmission Display - Secondary (J1939 SA 60) | 7 | 'low' overall fleet risk |
| Passenger-Operator Climate Control #1 (aka LECM (Living Environment Control Module) / HVAC / HVAC FCU) (J1939 SA 25) | 7 | 'low' overall fleet risk |
| Steering Column Unit (aka Turn Signal Control) | 7 | 'low' overall fleet risk |
| Steering Wheel Switches (J1939 SA 77) | 7 | 'low' overall fleet risk |
| Passenger-Operator Climate Control #2 (aka HVAC #2 / HVAC ACU) | 7 | 'low' overall fleet risk |
| Seat Control #1 | 7 | 'low' overall fleet risk |
| Cab Display #1 | 7 | 'low' overall fleet risk |
| Cab Display #2 | None Specified | no responses / not common component |
| Driver Impairment Device (J1939 SA 94) | None Specified | no responses / not common component |
| On-board axle group display | None Specified | no responses / not common component |
| On-board axle group scale | None Specified | no responses / not common component |
| Safety Restraint System #2 (aka Seat SRS) | None Specified | no responses / not common component |
| Seat Control #2 | None Specified | no responses / not common component |
| Tachograph | None Specified | no responses / not common component |
| User Interface System | None Specified | no responses / not common component |
| Virtual Terminal | None Specified | no responses / not common component |
| Interior Cameras | None Specified | no responses / not common component |
INSTRUMENTS & CONTROLS
| Ammeter (J1939 SA 23, 39) | 3 | 'high' scope change risk (assumes NGTTI with no J2497) and untrusted wired connection |
|---|---|---|
| Instrument Cluster #1 (aka Gauges) (J1939 SA 23) | 3 | 'high' scope change risk (assumes NGTTI with no J2497) and untrusted wired connection |
| ADAS Adaptive Cruise Control (aka Bendix Fusion) (J1939 SA 42) | 3 | 'high' scope change risk (assumes NGTTI with no J2497) and untrusted wired connection |
| Headway Controller (J1939 SA 42) | 4 | 'medium' scope change risk (connected to two or more vehicle networks) |
| Engine Display | 4 | 'medium' scope change risk (connected to two or more vehicle networks) |
| Pyrometer | 6 | 'medium' overall fleet risk |
| Instrument Cluster #2 (aka Auxiliary Gauges) | None Specified | no responses / not common component |
INFORMATION & COMMUNICATION SYSTEMS
| OEM Telematics (aka Telematics GateWay (TGW) / Off Vehicle Gateway / Communications Unit / Communications Telematics (CTP-FB)) (J1939 SA 249, 251) | 0 | telematics device |
|---|---|---|
| Onboard Diagnostics Connector Gateway (aka Gateway (CGW)) (J1939 SA 39, 17, 44, 49, 50, 77) | 2 | gateway device |
| 3rd Party Equipment Gateway (J1939 SA 249) | 2 | gateway device |
| Telematics Interface Gateway | 2 | gateway device |
| On Board Diagnostic Unit (aka OEM Factory & Service tool) (J1939 SA 250) | 3 | 'high' scope change risk (assumes NGTTI with no J2497) and untrusted wired connection |
| On-Board Data Logger (J1939 SA 251) | 3 | 'high' scope change risk (assumes NGTTI with no J2497) and untrusted wired connection |
| Predictive Cruise Control (aka E-Horizon / Intelligent Predictive Powertrain Control (IPPC)) (J1939 SA 75) | 3 | 'high' scope change risk (assumes NGTTI with no J2497) and untrusted wired connection |
| Information System Controller #1 | None Specified | no responses / not common component |
| On Board Diagnostic Unit #2 | None Specified | no responses / not common component |
LIGHTS & SIGNALS
| Chassis Controller #2 (J1939 SA 72) | 4 | 'medium' scope change risk (connected to two or more vehicle networks) |
|---|---|---|
| Adaptive Front Lighting System (J1939 SA 71) | 6 | 'medium' overall fleet risk |
| Chassis Controller #1 (aka SAM Chassis) (J1939 SA 71) | 7 | 'low' overall fleet risk |
AIR EQUIPMENT
| Brake Telematics | 0 | telematics device |
|---|---|---|
| Brakes - System Controller (J1939 SA 11) | 1 | has J2497 interface (in NA) which is accessible wirelessly |
| Parking Brake Controller (J1939 SA 80) | 3 | 'high' scope change risk (assumes NGTTI with no J2497) and untrusted wired connection |
| Pneumatic - System Controller (J1939 SA 48) | 5 | 'high' overall fleet risk |
| Auxiliary Valve Control or Engine Air System Valve Control (J1939 SA 34) | 7 | 'low' overall fleet risk |
| Brake Stroke Alert | None Specified | no responses / not common component |
All of the devices identified by the VCRWG are captured below, organized by their device class. This list can be useful when a particular device can not be found in the order sheet view above. If the device the fleet and OEM are interested in classifying cannot be found here then some device class characteristics are provided for determining membership of such unknown (to the VCRWG) devices.
| Class | Devices | Heuristic |
|---|---|---|
| 0 Telematics | Engine Telematics (J1939 SA 249), OEM Telematics (aka Telematics GateWay (TGW) / Off Vehicle Gateway / Communications Unit / Communications Telematics (CTP-FB)) (J1939 SA 249, 251), Brake Telematics, Transmission Telematics, Exterior Camera Telematics, Interior Camera Telematics |
Components of a telematics system or truck modules that otherwise connect to cellular, satellite or other Wide Area Networks (WANs), or the internet |
| 1 Multi Segment with Wireless | Antilock Brake System (ABS) (J1939 SA 11), Brakes - System Controller (J1939 SA 11), Tire Pressure Controller (aka Tire Pressure Monitoring System (TPMS)) (J1939 SA 51), Wheel End Monitoring, Propulsion Battery Charger (J1939 SA 73), Brakes - Drive axle #1 (J1939 SA 13), Brakes - Drive Axle #2 (J1939 SA 14), Vehicle Navigation (J1939 SA 84), Radio (aka Head Unit / Infotainment) (J1939 SA 76, 84) |
Truck modules that may or may not be intended to perform gateway functions (transport, translate, transform, filter or encapsulate data) and has at least one wireless interface |
| 2 Vehicle Gateway | Onboard Diagnostics Connector Gateway (aka Gateway (CGW)) (J1939 SA 39, 17, 44, 49, 50, 77), 3rd Party Equipment Gateway (J1939 SA 249), Telematics Interface Gateway |
Truck modules intended to perform gateway functions (transport, translate, transform, filter or encapsulate data) between two or more vehicle network segments |
| 3 Multi Segment with Untrusted Wired Connection | Tractor/Trailer Bridge #2 (J1939 SA 138, 39), Thermal Management System Controller (J1939 SA 49), Parking Brake Controller (J1939 SA 80), Traction Control (J1939 SA 138, 39), Water Pump Controller (J1939 SA 57), Steering Input Unit (aka Steering Angle Sensor (SAS)), On Board Diagnostic Unit (aka OEM Factory & Service tool) (J1939 SA 250), Low-Voltage Disconnect (J1939 SA 49), Fifth Wheel Smart System (J1939 SA 138, 39), ADAS Lane Keep (aka LCS Side Sensor (blind spot only) / Lane Warning / Lane Departure Warning System / Bendix Fusion / Exterior Camera for Lane Departune Warning / Driver Assistance Camera (MPC)) (J1939 SA 232, 19), Tractor-Trailer Bridge #1 (J1939 SA 32), Engine #1 (aka Motor Control Module (MCM) / Engine Management System (EMS) / Engine Control Module (ECM)) (J1939 SA 00, 01), Fan Drive Controller (aka Fan Hub) (J1939 SA 78), Powertrain Control Module (aka Common Powertrain Controller Module (CPC)) (J1939 SA 90), Transmission #1 (aka Transmission Control Module (TCM)) (J1939 SA 03), Body-to-Vehicle Interface Control (aka VECU - Vehicle ECU) (J1939 SA 33), Ignition Control Module #2 (J1939 SA 57), Cab Controller - Primary (aka SAM CAB) (J1939 SA 49), Cab Controller - Secondary (J1939 SA 50), Starter System (J1939 SA 00, 03), Fuel Heater, In-Tank (J1939 SA 72), Differential Lock Controller (J1939 SA 138, 72, 39 ), Suspension - Drive Axle #1 (J1939 SA 138, 72, 39), Suspension - Drive Axle #2 (J1939 SA 22), Cruise Control (J1939 SA 17), Forward Road Image Processor (J1939 SA 232), Object Detection Display (aka Active Safety Components / Bendix Fusion (Display)), Ammeter (J1939 SA 23, 39), On-Board Data Logger (J1939 SA 251), Instrument Cluster #1 (aka Gauges) (J1939 SA 23), ADAS Adaptive Cruise Control (aka Bendix Fusion) (J1939 SA 42), Predictive Cruise Control (aka E-Horizon / Intelligent Predictive Powertrain Control (IPPC)) (J1939 SA 75), Lighting - Operator Controls (J1939 SA 71) |
Truck modules that are not intended to be Vehicle Gateways but nonetheless are connected to two or more vehicle network segments where one or more of those segments are untrusted. |
| 4 Multi Segment | Oil Sensor (J1939 SA 00), Retarder - Engine (J1939 SA 15), Radiator (aka Radiator Fan Control) (J1939 SA 78, 00, 255), Oil Pan Heater (J1939 SA 00), Electronic Clutch Actuator (J1939 SA 03), Steering Controller (aka Front Axle Steering (FAS) / VDS / MCS) (J1939 SA 19), Lift Axle (J1939 SA 138, 71), Engine Injection Control Module (J1939 SA 00), Fuel Actuator (J1939 SA 15), Throttle (J1939 SA 0), Headway Controller (J1939 SA 42), Ignition Control Module #1 (J1939 SA 52), Chassis Controller #2 (J1939 SA 72), Transmission Display - Primary (J1939 SA 59), Trip Recorder (J1939 SA 24), Engine Display, Axle - Drive #1 (J1939 SA 09), Axle - Drive #2 (J1939 SA 10), Mirrors (J1939 SA 40), Switch Field (aka Additional Switches / Modular Switch Field (MSF)) (J1939 SA 138) |
Truck modules that are not intended to be Vehicle Gateways but nonetheless are connected to two or more vehicle network segments where all of the segments are trusted. |
| Class 5 | Power TakeOff (Front or Secondary) (J1939 SA 07), Idle Control System (J1939 SA 68), Pneumatic - System Controller (J1939 SA 48), Power TakeOff (PTO) Switches (J1939 SA 07), Engine Cylinder Pressure Monitoring System, Aftertreatment #1 system gas intake (J1939 SA 81), Aftertreatment #2 system gas intake (J1939 SA 86), Diesel Particulate Filter Controller (aka Aftertreatment Control Module (ACM) / Exhaust Emission Controller) (J1939 SA 211), Engine Exhaust Backpressure (J1939 SA 34), Retarder - Driveline (J1939 SA 16), Power TakeOff - (Main or Rear) (J1939 SA 07), Retarder, Exhaust, Engine #1, Retarder, Exhaust, Engine #2 |
Truck modules found to have a 'high' overall fleet risk |
| Class 6 | Suspension - Steer Axle (aka Electronically Controlled Suspension (ECS) / Electronically Controlled Air Suspension (ECAS)) (J1939 SA 20), Suspension - System Controller #1 (J1939 SA 47), Automated Driving (L0-L2) (aka Bendix FLR and FLC (Forward looking Camera / Radar)), Engine Valve Controller (J1939 SA 0), Clutch/Converter Unit (J1939 SA 78), Transmission #2 (aka Auxiliary Transmission) (J1939 SA 16), Collision Avoidance (J1939 SA 42), Body Controller (aka Key-Lock Options), Shift Console - Primary (aka Gearshift ECU) (J1939 SA 05), Safety Restraint System (SRS) (J1939 SA 83), Vehicle Dynamic Stability Controller (J1939 SA 62), Pyrometer, Adaptive Front Lighting System (J1939 SA 71) |
Truck modules found to have a 'medium' overall fleet risk |
| Class 7 | Electric Propulsion Control Unit #1, Retarder Display (J1939 SA 23), Shift Console - Secondary (J1939 SA 06), Transmission Display - Secondary (J1939 SA 60), Chassis Controller #1 (aka SAM Chassis) (J1939 SA 71), Passenger-Operator Climate Control #1 (aka LECM (Living Environment Control Module) / HVAC / HVAC FCU) (J1939 SA 25), Battery Pack Monitor #1 (J1939 SA 243), Slope Sensor (aka Hill Start Assist), Aftertreatment #2 system gas outlet (J1939 SA 87), Axle - Steering (J1939 SA 08), Steering Column Unit (aka Turn Signal Control), Steering Wheel Switches (J1939 SA 77), Auxiliary Valve Control or Engine Air System Valve Control (J1939 SA 34), Body Controller #2, Passenger-Operator Climate Control #2 (aka HVAC #2 / HVAC ACU), Aftertreatment #1 system gas outlet (aka NoX Sensors ) (J1939 SA 82), Catalyst Fluid Sensor (aka DEF Quality Sensor) (J1939 SA 211), Seat Control #1, Turbocharger (J1939 SA 02), Turbocharger Compressor Bypass (J1939 SA 02), Turbocharger Wastegate (J1939 SA 02), Air Intake System (J1939 SA 70), Filtration Control, Door Controller (J1939 SA 236), Door Controller #1 (J1939 SA 237), Engine Exhaust Gas Recirculation (J1939 SA 70), Cab Display #1, Alternator/Electrical Charging System, Battery Charger, Personnel Detection Device (aka Pedestrian Detection), Door Controller #2, Door Controller #3, Door Controller #4, Roadway Information, Vehicle Security (J1939 SA 29) |
Truck modules found to have a 'low' overall fleet risk |
This is still a work in progress. The WG expects the cybersecurity requirements to be similar to the Telematics Security Requirements Matrix https://github.com/nmfta-repo/nmfta-telematics_security_requirements but will incorporate more requirements pertaining specifically to vehicle components. The WG started with a small subset of the requirements to prove methods and tools in the https://github.com/nmfta-repo/vcr-experiment.
If you would like to join the working group please contact [email protected]
All files are Copyright (c) 2022 National Motor Freight Traffic Association, Inc. and are made available under the MIT license.
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
The previous work on cybersecurity requirements by the NMFTA CTSRP (then, HVCS) was to create the Telematics Security Requirements Matrix https://github.com/nmfta-repo/nmfta-telematics_security_requirements . These requirements were ported to this project and re-applied where possible. The questionnaires for those requirements and also contract template language was captured in the https://github.com/nmfta-repo/nmfta-rfp_templates repo.
The initial work to create these requirements started with a vehicle network architecture survey in collaboration with OEMs. The results were:
- a picture of 'typical' Class 7-8 truck networks, circa 2021 -- can be found in the "degrees of separation" captured in the
resources/Component_Class_Assignment_v18_DRAFT.xlsx - a list of common components/modules/devices names and aliases -- mapped to the J1939 names wherever possible -- can be found in the "reference names" captured in the
resources/Component_Class_Assignment_v18_DRAFT.xlsx - a risk analysis of components/modules/devices in those networks as it pertains to fleets (aka fleet risk)
- the assignment of the components/modules/devices to Device Classes as captured above -- can be found in the "proposed device class" captured in the
resources/Component_Class_Assignment_v18_DRAFT.xlsx
Some preliminary work on capturing security (and functional) requirements for vehicle gateways performed during the Nov 2021 CTSRP meeting was done in the https://github.com/nmfta-repo/vcr-experiment where the strictdoc requirements format was assessed. A gap analysis of the Canis labs CAN security gateway against those requirements was performed in April 2022 and the analysis is available freely here.
The test plan used by the CTSRP for onsite vehicle testing is provided as a starting point for an eventual acceptance test plan for these requirements; available here: resources/heavy vehicle testing plan.md