Policy Analysis and Guidance to Support Secure Transportation Cyber-Physical-Social Systems
Rapidly evolving advanced transportation systems rely on computing and communications technologies to integrate and optimize our systems for moving goods and people while focusing on equitably advancing society. Transformative technologies include autonomous vehicles (AVs), vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) communications, as well as hardware and software that enable the collection, storage, transfer, processing, analysis, and responses based on enormous amounts of data in real-time. This is intended to reduce congestion, delays, crashes, fuel consumption, emissions, financial costs, social inequities, and more. However, the more we rely on automation and connectivity, the more we give malicious actors unprecedented opportunities to steal data, invade privacy, demand ransom, generate misinformation, and malign the systems on which our lives, prosperity, and security depend. Although the need for regulatory and enforcement measures is dire, no single federal law or federal regulatory framework governs cybersecurity or data privacy focusing on transportation in the United States. Innovative but legally unprecedented technological advances are creating policy issues for legislative and regulatory bodies in a world of automated mobility. These include problems surrounding the amount, nature, and potential exploitation of data collected from connected transportation systems. Perhaps most concerning, current cybersecurity regulations overwhelmingly fail to require or even encourage, the use of machine learning and predictive analysis to understand privacy threats, cyberattacks, and data theft. Instead, policymakers have focused predominantly on ex-post litigation-based remedies for consumers harmed through cybersecurity breaches. These remedies, however, are often out of reach for marginalized sectors of the population. The unregulated use of these technologies can even raise equity and discrimination issues. The project attempts to answer: (1) what federal and/or state agencies are responsible for governing cybersecurity practices in the U.S., including risk assessment, preventative measures, detection of breaches, and remedial enforcement; and (2) how do industry experts assess the greatest risks/threats to ensuring cybersecurity in the transportation sector? The results of these two reviews will then be analyzed using natural language processing methods to identify consistencies and gaps in the nation's cybersecurity policy and what the industry indicates it should have. Finally, this analysis will be used to develop a policy guidance document to share with stakeholders who wish to develop and implement effective cybersecurity legislation and regulatory governance. Thus, the overarching goal of this project is to perform a nationwide survey of existing federal and state cybersecurity and privacy regulatory measures and analyze that legislative landscape, considering identified risks and threats to the transportation industry. Specifically, the objectives of this project are to (1) identify and analyze the gaps that exist in the U.S. cybersecurity regulatory schematic as applied to transportation law and policy and (2) develop a policy guidance document and/or toolkit to assist interested stakeholders in constructing and implementing effect transportation cybersecurity measures.
Language
- English
Project
- Status: Active
- Funding: $306796
-
Contract Numbers:
69A3552344812
69A3552348317
-
Sponsor Organizations:
Office of the Assistant Secretary for Research and Technology
University Transportation Centers Program
Department of Transportation
Washington, DC United States 20590University of Alabama, Tuscaloosa
Department of Civil, Construction and Environmental Engineering
P.O. Box 870205
Tuscaloosa, AL United States 35487-0205 800 W Campbell Rd
Richardson, Texas United States 75080Clemson University
216 Lowry Hall
Clemson, SC, SC United States 29634 -
Managing Organizations:
National Center for Transportation Cybersecurity and Resiliency (TraCR)
Clemson University
Clemson, SC United StatesUniversity of Alabama, Tuscaloosa
Department of Civil, Construction and Environmental Engineering
P.O. Box 870205
Tuscaloosa, AL United States 35487-0205 -
Project Managers:
Chowdhury, Mashrur
-
Performing Organizations:
University of Alabama, Tuscaloosa
Department of Civil, Construction and Environmental Engineering
P.O. Box 870205
Tuscaloosa, AL United States 35487-0205 800 W Campbell Rd
Richardson, Texas United States 75080Clemson University
216 Lowry Hall
Clemson, SC, SC United States 29634 -
Principal Investigators:
Jones, Steven
Rahman, Mizanur
Hockstad, Trayce
Khan, Latifur
Chowdhury, Mashrur
Salek, Sabbir
- Start Date: 20240101
- Expected Completion Date: 20241231
- Actual Completion Date: 0
- USDOT Program: University Transportation Centers
Subject/Index Terms
- TRT Terms: Autonomous vehicles; Computer security; Data privacy; Mobile communication systems; Policy analysis; Policy, legislation and regulation; Risk assessment; Technological innovations
- Geographic Terms: United States
- Subject Areas: Data and Information Technology; Law; Planning and Forecasting; Policy; Security and Emergencies; Transportation (General);
Filing Info
- Accession Number: 01906997
- Record Type: Research project
- Source Agency: National Center for Transportation Cybersecurity and Resiliency (TraCR)
- Contract Numbers: 69A3552344812 , 69A3552348317
- Files: UTC, RIP
- Created Date: Feb 5 2024 4:09PM