Impacts of Connected Vehicles and Automated Vehicles on State and Local Transportation Agencies--Task-Order Support. Task 10. Cybersecurity Implications of CV/AV Technologies on State and Local Transportation Agencies

Connected vehicle (CV) technologies and applications have significant security requirements, not only for the applications themselves, but also as potential access points that could enable attackers to get inside an agency’s broader network and operations. Safety-critical messaging between vehicles and infrastructure (and vice versa) needs to be trusted as being from a valid source and not spoofed by a hacker or malevolent agency. These cybersecurity requirements and technologies exceed the experience levels of most current DOT and local agency staff responsible for intelligent transportation equipment, as well as being more complex than most existing security schemes for commonly used services, such as online banking. Agencies need to understand the implications of these technologies on the design of their communications networks, networking equipment configuration, field device security, and operations best practices. AV technologies have similar vulnerabilities to hacking that could result in liability and public safety exposure to public agency owner/operators. While a proof of concept for the Security Credential Management System (SCMS) has been demonstrated in the Safety Pilot and will be further evaluated in the DOT CV pilot deployment programs, the ultimate scalability of the security approach(es) will still need to be determined as the market penetration levels increase dramatically. The role of AASHTO and state and local agencies in the development of security standards and certification for AV/CV operation in a locality needs to be clearly identified. The objective of the research was to develop a primer on cybersecurity and related privacy issues in state DOT and local agency environments, based on experience gained in other domains where security and privacy issues are currently being managed (such as financial services). The report will focus initially on recommendations for best practices on a general level and then describe techniques that will support the agency in planning for the security environment and practices necessary for safety-critical CV applications, including the SCMS. The primer will provide recommendations for best practices and explore the development of standard requirements and testing and certification protocols for protecting the liability and burden of the protection of public safety for agencies when CV/AV technologies are in widespread deployment.

Language

  • English

Project

  • Status: Terminated
  • Contract Numbers:

    Project 20-102, Task 10

  • Sponsor Organizations:

    National Cooperative Highway Research Program

    Transportation Research Board
    500 Fifth Street, NW
    Washington, DC  United States  20001

    American Association of State Highway and Transportation Officials (AASHTO)

    444 North Capitol Street, NW
    Washington, DC  United States  20001

    Federal Highway Administration

    1200 New Jersey Avenue, SE
    Washington, DC  United States  20590
  • Project Managers:

    Derr, B

  • Start Date: 20210907
  • Expected Completion Date: 0
  • Actual Completion Date: 20210907
  • Source Data: RiP Project 41004

Subject/Index Terms

Filing Info

  • Accession Number: 01607613
  • Record Type: Research project
  • Source Agency: Transportation Research Board
  • Contract Numbers: Project 20-102, Task 10
  • Files: TRB, RIP
  • Created Date: Aug 12 2016 9:11AM