The Standards That Secure Modern Vehicles — and the Engineer Who Works to Write Them
Most people don’t know where the framework comes from that keep hackers from infiltrating their car or truck, the vehicle cybersecurity standards, or even that such a framework exists. Mark Zachos focuses his career on working with the International Society of Automotive Engineers (SAE), the International Standards Organization (ISO) and the American Trucking Associations’ (ATA) Technology & Maintenance Council (TMC) to write the industry standards that protect all cars, trucks and all other heavy-duty vehicles on the road.
His starting point began with a simple observation. Engineers designed networks inside vehicles — CAN bus, OBD diagnostic ports, J1939 protocols — to move data efficiently, not to stop attackers. The oversight became an industry-wide problem. Fixing it required someone willing to sit in the rooms where experts make the actual decisions.
The Committee Chair
Professionally, Mark lives this. For SAE, he chairs the J1939 Network Security Task Force, the J3138 Data Link Connector Security Committee and the J3005 OBD Dongle Security Committee. He also leads the U.S. Technical Advisory Group to the ISO Road Vehicle Electronics Standards Subcommittee and the TMC Cybersecurity Issues Task Force. Here in these working committees, members argue over language, stress-test edge cases and move nothing forward until the engineering holds up. Doing the work for more than 25 years, Mark knows that standards that engineers build in haste fail in the field. And field failures in vehicle security don’t remain abstractions — they become exploits.
The work has produced significant, tangible results. Mark has developed more than 25 vehicle cybersecurity standards and owns 10 patents covering intrusion defense systems and protocol adapters. The industry now embeds his OBD port hardening protocols into vehicles. Concurrently, his J1939 security frameworks protect heavy-duty fleets, military vehicles and commercial transport systems domestically and internationally. His latest committee chair project, for the recent J1939-91C standard, provides methods for establishing trust and securing mutual messages with optional encryption, ensuring message authenticity, integrity and confidentiality.
It adds up to infrastructure people can rely on without knowing it exists – exactly how people expect good engineering to work.
How Vehicle Cybersecurity Standards Get Built
More than designing a curriculum, Mark Zachos helped build a program around a problem the industry couldn’t ignore. Vehicle cybersecurity began emerging as a national priority for both commercial and military fleets. Mark saw that the engineering community needs graduates who can contribute immediately, not after years of on-the-job training. In direct response to that gap, he built the University of Detroit Mercy’s Vehicle Cyber Engineering (VCE) Lab to augment the school’s graduate VCE program – because he understands it from the inside.
