Cybersecurity for Transportation System Users

This cybersecurity project will research critical concerns for privacy and security of individual transportation system users, particularly vulnerable road users (VRU) (e.g. pedestrians, cyclists, people with disabilities) in connected/automated vehicle environments and integrated mobility systems. In an integrated mobility system, the PII/sensitive data gathered takes the form of payment information, saved addresses or phone numbers, disability status, or any other data that may be required for a user to engage mobility services. Individually some of these elements may not need special protections, but when they are all co-located and correlated within an application or database these efforts may require stricter protections. There is an opportunity for USDOT to establish recommended guidelines for obtaining, handling, and storage of sensitive data and combinations of non-sensitive data that require stricter security, particularly PII or other information that would have more stringent restrictions placed upon it. This project will develop a white paper identifying best practices related to sensitive data, reviewing legal and regulatory requirements and restrictions, and clarifying previous Federal guidance. Similarly, additional consideration is required to protect the safety and privacy of vulnerable road users (VRU) in the connected vehicle ecosystem. VRUs are more likely to use assistive mobility devices that would be connected to the transportation network IoT. However, the use of an assistive mobility device such as a cane, wheelchair, or stroller, should not jeopardize a traveler’s safety or privacy. Privacy regarding which devices a VRU is using should be maintained, as should the location of the devices, like the protections offered by rotating certificates for OBUs/ASDs. This project is intended to develop a framework where the privacy and cybersecurity considerations of P2X devices for pedestrians and cyclists, including those with mobility aids, are created to begin the integration of those devices into a SCMS. The emphasis of the project would be on KTT activities, promoting the technical white paper/report(s) with engagement at industry conferences (in-person or virtually), a webinar focused on identified best practices by state and local agencies, and participation in meetings with USDOT grantees (such as the ITS4US Deployment Program and FTA’s IMI grants) for providing knowledge transfer.

  • Supplemental Notes:
    • USDOT Research Hub DisplayID 157482


  • English


  • Status: Active
  • Funding: $300000
  • Sponsor Organizations:

    Intelligent Transportation Systems - Joint Program Office

  • Managing Organizations:

    Department of Transportation

    Intelligent Transportation Systems Joint Program Office
    1200 New Jersey Avenue, SE
    Washington, DC  United States  20590
  • Project Managers:

    Sill, Steve

  • Start Date: 20210201
  • Expected Completion Date: 20230831
  • Actual Completion Date: 0
  • USDOT Program: Cybersecurity for ITS
  • Subprogram: Cybersecurity

Subject/Index Terms

Filing Info

  • Accession Number: 01864824
  • Record Type: Research project
  • Source Agency: Department of Transportation
  • Files: RIP, USDOT
  • Created Date: Nov 21 2022 4:26PM