Policy Analysis and Guidance to Support Secure Transportation Cyber-Physical-Social Systems

Rapidly evolving advanced transportation systems rely on computing and communications technologies to integrate and optimize our systems for moving goods and people while focusing on equitably advancing society. Transformative technologies include autonomous vehicles (AVs), vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) communications, as well as hardware and software that enable the collection, storage, transfer, processing, analysis, and responses based on enormous amounts of data in real-time. This is intended to reduce congestion, delays, crashes, fuel consumption, emissions, financial costs, social inequities, and more. However, the more we rely on automation and connectivity, the more we give malicious actors unprecedented opportunities to steal data, invade privacy, demand ransom, generate misinformation, and malign the systems on which our lives, prosperity, and security depend. Although the need for regulatory and enforcement measures is dire, no single federal law or federal regulatory framework governs cybersecurity or data privacy focusing on transportation in the United States. Innovative but legally unprecedented technological advances are creating policy issues for legislative and regulatory bodies in a world of automated mobility. These include problems surrounding the amount, nature, and potential exploitation of data collected from connected transportation systems. Perhaps most concerning, current cybersecurity regulations overwhelmingly fail to require or even encourage, the use of machine learning and predictive analysis to understand privacy threats, cyberattacks, and data theft. Instead, policymakers have focused predominantly on ex-post litigation-based remedies for consumers harmed through cybersecurity breaches. These remedies, however, are often out of reach for marginalized sectors of the population. The unregulated use of these technologies can even raise equity and discrimination issues. The project attempts to answer: (1) what federal and/or state agencies are responsible for governing cybersecurity practices in the U.S., including risk assessment, preventative measures, detection of breaches, and remedial enforcement; and (2) how do industry experts assess the greatest risks/threats to ensuring cybersecurity in the transportation sector? The results of these two reviews will then be analyzed using natural language processing methods to identify consistencies and gaps in the nation's cybersecurity policy and what the industry indicates it should have. Finally, this analysis will be used to develop a policy guidance document to share with stakeholders who wish to develop and implement effective cybersecurity legislation and regulatory governance. Thus, the overarching goal of this project is to perform a nationwide survey of existing federal and state cybersecurity and privacy regulatory measures and analyze that legislative landscape, considering identified risks and threats to the transportation industry. Specifically, the objectives of this project are to (1) identify and analyze the gaps that exist in the U.S. cybersecurity regulatory schematic as applied to transportation law and policy and (2) develop a policy guidance document and/or toolkit to assist interested stakeholders in constructing and implementing effect transportation cybersecurity measures.

• Record URL:
  https://www.clemson.edu/cecas/tracr/research/projects.html

Language

• English

Project

• Status: Active
• Funding: $306796
• Contract Numbers:

  69A3552344812

  69A3552348317

• Sponsor Organizations:

  Office of the Assistant Secretary for Research and Technology

  University Transportation Centers Program
  Department of Transportation
  Washington, DC  United States  20590

  University of Alabama, Tuscaloosa

  Department of Civil, Construction and Environmental Engineering
  P.O. Box 870205
  Tuscaloosa, AL  United States  35487-0205

  University of Texas at Dallas

  800 W Campbell Rd
  Richardson, Texas  United States  75080

  Clemson University

  216 Lowry Hall
  Clemson, SC, SC  United States  29634
• Managing Organizations:

  National Center for Transportation Cybersecurity and Resiliency

  1 Research Dr
  Greenville, South Carolina  United States  29607

  University of Alabama, Tuscaloosa

  Department of Civil, Construction and Environmental Engineering
  P.O. Box 870205
  Tuscaloosa, AL  United States  35487-0205
• Project Managers:

  Chowdhury, Mashrur

• Performing Organizations:

  University of Alabama, Tuscaloosa

  Department of Civil, Construction and Environmental Engineering
  P.O. Box 870205
  Tuscaloosa, AL  United States  35487-0205

  University of Texas at Dallas

  800 W Campbell Rd
  Richardson, Texas  United States  75080

  Clemson University

  216 Lowry Hall
  Clemson, SC, SC  United States  29634
• Principal Investigators:

  Jones, Steven

  Rahman, Mizanur

  Hockstad, Trayce

  Khan, Latifur

  Chowdhury, Mashrur

  Salek, Sabbir

• Start Date: 20240101
• Expected Completion Date: 20241231
• Actual Completion Date: 0
• USDOT Program: University Transportation Centers

Subject/Index Terms

• TRT Terms: Autonomous vehicles; Computer security; Data privacy; Mobile communication systems; Policy analysis; Policy, legislation and regulation; Risk assessment; Technological innovations
• Geographic Terms: United States
• Subject Areas: Data and Information Technology; Law; Planning and Forecasting; Policy; Security and Emergencies; Transportation (General);

Filing Info

• Accession Number: 01906997
• Record Type: Research project
• Source Agency: National Center for Transportation Cybersecurity and Resiliency (TraCR)
• Contract Numbers: 69A3552344812 , 69A3552348317
• Files: UTC, RIP
• Created Date: Feb 5 2024 4:09PM