As cars and other forms of transportation increasingly rely on online systems for everything from safety to onboard entertainment, the cybersecurity threat from those who would exploit such electronic control packages has also increased.
That's why the US Department of Transportation (DOT) today issued a Request For Information to the security industry to help it devise a roadmap to build "motor vehicle safeguards against cybersecurity threats and assure the reliability and safety of automotive electronic control systems."
More on auto technology: Seven advanced car technologies the government wants now
According to the RFI: "The DOT is collecting relevant information to characterize needs and establish a strategic research roadmap to meet the rising challenges of ensuring the safety of automotive safety-critical systems due to increasing complexity of motor vehicle systems using advanced electronic controls to improve drivability, safety, efficiency, and operational reliability; escalating use of information technology in motor vehicles to enhance basic and secondary vehicle functions and to enable infotainment applications; and wireless connectivity to in-vehicle systems, between vehicles and external information networks, and among vehicles."
The DOT wants input to help it make strategic decisions about "next research steps and justifying initiatives relative to research possibilities as well as revised approaches to regulation, enforcement, incident/forensics, vehicle testing, communications/outreach/professional capacity building, or recommended electronic hardware/software systems architecture and engineering design safeguard principles and/or practices, including human factors and training considerations."
Basically starting from scratch, the DOT is looking at all manner of cybersecurity topics including:
- Types and magnitudes of risks in modern motor vehicles
- Threats and vulnerabilities to safety-critical systems within vehicle networks and vehicle connectivity to the outside world
- How risks might amplify with increasing connectivity including dedicated short range communications, cellular, or other communications methods.
- Risk management including risk/vulnerability assessment and approaches/strategies to risk mitigation that can be applicable
- Security testing, including penetration testing
- Approaches to cybersecurity outreach and training throughout the automotive value chain, in particular automotive software developers.
- Incident/Forensic approaches
- Secure automotive controller-area networks and diagnostics
- Was there an initial event or occurrence that brought cybersecurity issues to the forefront in the industry? If so, what was it? What resources were brought to bear?
- What industry committees or working groups were formed?
- What standards were used, modified, or created?
- What approaches to cybersecurity were developed, how, and how are they evolving as the industry moves forward in its strategic planning?
- What was/is the role of the Federal government in the industries' cybersecurity practices and how did it evolve?
- How were issues such as privacy, sensitive competitive information, etc. addressed (in particular in industry-wide security working groups)?
The DOT is working with the Research and Innovative Technology Administration (RITA)/Volpe National Transportation Systems Center (Volpe Center), to gather the information.
The DOT's own Connected Vehicles program is a prime example of what the agency is looking to protect. The Connected vehicles program includes cars, trucks, buses, and other vehicles fitted with technology that lets them communicate with each other online and with roadway infrastructure like traffic lights, dangerous road segments, and railroad crossings to avoid accidents, be alerted for roadway problems and other hazards.
Follow Michael Cooney on Twitter: nwwlayer8
Layer 8 Extra
Check out these other hot stories: