Policy Analysis and Guidance to Support Secure Transportation Cyber-Physical-Social Systems

Rapidly evolving advanced transportation systems rely on computing and communications technologies to integrate and optimize our systems for moving goods and people while focusing on equitably advancing society. Transformative technologies include autonomous vehicles (AVs), vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) communications, as well as hardware and software that enable the collection, storage, transfer, processing, analysis, and responses based on enormous amounts of data in real-time. This is intended to reduce congestion, delays, crashes, fuel consumption, emissions, financial costs, social inequities, and more. However, the more we rely on automation and connectivity, the more we give malicious actors unprecedented opportunities to steal data, invade privacy, demand ransom, generate misinformation, and malign the systems on which our lives, prosperity, and security depend. Although the need for regulatory and enforcement measures is dire, no single federal law or federal regulatory framework governs cybersecurity or data privacy focusing on transportation in the United States. Innovative but legally unprecedented technological advances are creating policy issues for legislative and regulatory bodies in a world of automated mobility. These include problems surrounding the amount, nature, and potential exploitation of data collected from connected transportation systems. Perhaps most concerning, current cybersecurity regulations overwhelmingly fail to require or even encourage, the use of machine learning and predictive analysis to understand privacy threats, cyberattacks, and data theft. Instead, policymakers have focused predominantly on ex-post litigation-based remedies for consumers harmed through cybersecurity breaches. These remedies, however, are often out of reach for marginalized sectors of the population. The unregulated use of these technologies can even raise equity and discrimination issues. The project attempts to answer: (1) what federal and/or state agencies are responsible for governing cybersecurity practices in the U.S., including risk assessment, preventative measures, detection of breaches, and remedial enforcement; and (2) how do industry experts assess the greatest risks/threats to ensuring cybersecurity in the transportation sector? The results of these two reviews will then be analyzed using natural language processing methods to identify consistencies and gaps in the nation's cybersecurity policy and what the industry indicates it should have. Finally, this analysis will be used to develop a policy guidance document to share with stakeholders who wish to develop and implement effective cybersecurity legislation and regulatory governance. Thus, the overarching goal of this project is to perform a nationwide survey of existing federal and state cybersecurity and privacy regulatory measures and analyze that legislative landscape, considering identified risks and threats to the transportation industry. Specifically, the objectives of this project are to (1) identify and analyze the gaps that exist in the U.S. cybersecurity regulatory schematic as applied to transportation law and policy and (2) develop a policy guidance document and/or toolkit to assist interested stakeholders in constructing and implementing effect transportation cybersecurity measures.

Language

  • English

Project

  • Status: Active
  • Funding: $306796
  • Contract Numbers:

    69A3552344812

    69A3552348317

  • Sponsor Organizations:

    Office of the Assistant Secretary for Research and Technology

    University Transportation Centers Program
    Department of Transportation
    Washington, DC  United States  20590

    University of Alabama, Tuscaloosa

    Department of Civil, Construction and Environmental Engineering
    P.O. Box 870205
    Tuscaloosa, AL  United States  35487-0205

    University of Texas at Dallas

    800 W Campbell Rd
    Richardson, Texas  United States  75080

    Clemson University

    216 Lowry Hall
    Clemson, SC, SC  United States  29634
  • Managing Organizations:

    National Center for Transportation Cybersecurity and Resiliency (TraCR)

    Clemson University
    Clemson, SC  United States 

    University of Alabama, Tuscaloosa

    Department of Civil, Construction and Environmental Engineering
    P.O. Box 870205
    Tuscaloosa, AL  United States  35487-0205
  • Project Managers:

    Chowdhury, Mashrur

  • Performing Organizations:

    University of Alabama, Tuscaloosa

    Department of Civil, Construction and Environmental Engineering
    P.O. Box 870205
    Tuscaloosa, AL  United States  35487-0205

    University of Texas at Dallas

    800 W Campbell Rd
    Richardson, Texas  United States  75080

    Clemson University

    216 Lowry Hall
    Clemson, SC, SC  United States  29634
  • Principal Investigators:

    Jones, Steven

    Rahman, Mizanur

    Hockstad, Trayce

    Khan, Latifur

    Chowdhury, Mashrur

    Salek, Sabbir

  • Start Date: 20240101
  • Expected Completion Date: 20241231
  • Actual Completion Date: 0
  • USDOT Program: University Transportation Centers

Subject/Index Terms

Filing Info

  • Accession Number: 01906997
  • Record Type: Research project
  • Source Agency: National Center for Transportation Cybersecurity and Resiliency (TraCR)
  • Contract Numbers: 69A3552344812 , 69A3552348317
  • Files: UTC, RIP
  • Created Date: Feb 5 2024 4:09PM