Aftermarket July/August 2023

modern vehicles are increasing controlled by software, the IAAF is committed to ensuring there is a level playing field in regards to accessing the vehicle generated data so that the aftermarket doesn’t get locked out for diagnostic, repair and maintenance services. However, this is not the only issue, as the access to software functions creates a potential cybersecurity risk, and it is therefore important that the aftermarket is fully aware of the implications and has more involvement when it comes to verified access. “Just one example of how we’re seeing this technology become more prevalent is that of the eCall emergency call system, which uses mobile phone networks to communicate with the car should an accident occur. This remote communication vehicle interface creates increased cybersecurity risks.” Mark continued: “UNECE vehicle type approval regulations now require all new vehicle types to have a cybersecurity approval, and all new vehicles being sold from July 2024, but how a vehicle manufacturer implements their cybersecurity system is only known to the vehicle manufacturer and the type approval authority. It is not known to the aftermarket, or more specifically, diagnostic tool manufacturers, manufacturers and suppliers of electronically controlled replacement parts and independent workshops. This could mean that to replace a part that has a software function, an electronic security certificate to access the in-vehicle systems, typically via the OBD port, will be necessary, together with additional security certificates for the pre-verified diagnostic tool and replacement part involved. If the rights and roles of these certificates are directly and arbitrarily set by the vehicle manufacturer, then the vehicle manufacture will control who, where, when, and how the repair is conducted, to the detriment of the independent aftermarket.” Mark added: “New ways of using the data generated when the vehicle is being driven now form the basis of diagnostics, service and maintenance services, as well as being able to directly show a vehicle manufacturer’s quotation for any service or repair directly on the in-vehicle dashboard display, which can be accepted by ‘the touch of a button’ by the driver. However, the independent aftermarket cannot currently offer competing services, as the vehicle manufacturers will not provide direct access to the vehicle, its data and resources to process this data, as they are available to themselves. The legislator needs to address how the independent aftermarket can continue to access directly and independently of the vehicle manufacturer to ensure non-discrimination and truly effective competition.” Critical LKQ Euro Car Parts CEO Andy Hamilton observed: “The independent aftermarket faces two big challenges surrounding vehicle cybersecurity, both of which are critical to its longterm future. The first is regulatory, and the advent of new legislation that will provide an accreditation permitting garages and bodyshops – and the technicians they employ – to access a vehicle’s data, including repair and maintenance information (RMI). However, the system being implemented in the EU, known as the SERMI scheme, is not yet being implemented in UK legislation. It should provide a standardised system that would apply to all vehicle manufacturers ensuring a accreditation scheme for access to security related RMI and a transparent audit trail of whomever has accessed a vehicle’s systems, by awarding registered individuals with a personal pass. In the EU, it will come into force in August this year, but although this should also apply to Northern Ireland, it is not clear when the UK government will implement it there. So far, there appear to be no plans to bring any equivalent system. That’s not all though. Andy continued: “Our deeper concern is that a very busy DfT is looking to the automotive industry to organise its own solution to data access, with vehicle manufacturers and the aftermarket striking their own separate deals. This will create a fragmented system in which it’s possible that every individual vehicle manufacturer will look to install its own accreditation criteria and systems rather than a universal standard like SERMI. At best, this presents a major administrative burden on garages and bodyshops that handle multiple marques – not to mention a big new expense. At worst, this would allow manufacturers to set their own rules over who can access vehicle data. “The lack of accreditation for data access is a security risk that needs fixing. But we firstly believe that legislation is the answer, and not a patchwork of individual agreements between the aftermarket and manufacturers in which they, and 10 AFTERMARKET JULY/AUGUST 2023 BIG ISSUE www.aftermarketonline.net

RkJQdWJsaXNoZXIy MjQ0NzM=