US wants to build cybersecurity protection plan for cars

US DOT puts out call for technical information on how to protect online auto systems from cybersecurity threats

us dot
As cars and other forms of transportation increasingly rely on online systems for everything  from safety to onboard entertainment, the cybersecurity threat from those who would exploit such electronic control packages has also increased.

That's why the US Department of Transportation (DOT) today issued a Request For Information to the security industry to help it devise a roadmap to build "motor vehicle safeguards against cybersecurity threats and assure the reliability and safety of automotive electronic control systems."

More on auto technology: Seven advanced car technologies the government wants now

According to the RFI: "The DOT is collecting relevant information to characterize needs and establish a strategic research roadmap to meet the rising challenges of ensuring the safety of automotive safety-critical systems due to increasing complexity of motor vehicle systems using advanced electronic controls to improve drivability, safety, efficiency, and operational reliability; escalating use of information technology in motor vehicles to enhance basic and secondary vehicle functions and to enable infotainment applications; and wireless connectivity to in-vehicle systems, between vehicles and external information networks, and among vehicles."

The DOT wants input to help it make strategic decisions about "next research steps and justifying initiatives relative to research possibilities as well as revised approaches to regulation, enforcement, incident/forensics, vehicle testing, communications/outreach/professional capacity building, or recommended electronic hardware/software systems architecture and engineering design safeguard principles and/or practices, including human factors and training considerations."

Basically starting from scratch, the DOT is looking at all manner of cybersecurity topics including:

  • Types and magnitudes of risks in modern motor vehicles
  • Threats and vulnerabilities to safety-critical systems within vehicle networks and vehicle connectivity to the outside world
  • How risks might amplify with increasing connectivity including dedicated short range communications, cellular, or other communications methods.
  • Risk management including risk/vulnerability assessment and approaches/strategies to risk mitigation that can be applicable
  • Security testing, including penetration testing
  • Approaches to cybersecurity outreach and training throughout the automotive value chain, in particular automotive software developers.
  • Incident/Forensic approaches
  • Secure automotive controller-area networks and diagnostics
  • Was there an initial event or occurrence that brought cybersecurity issues to the forefront in the industry? If so, what was it? What resources were brought to bear?
  • What industry committees or working groups were formed?
  • What standards were used, modified, or created?
  • What approaches to cybersecurity were developed, how, and how are they evolving as the industry moves forward in its strategic planning?
  • What was/is the role of the Federal government in the industries' cybersecurity practices and how did it evolve?
  • How were issues such as privacy, sensitive competitive information, etc. addressed (in particular in industry-wide security working groups)?

The DOT is working with the Research and Innovative Technology Administration (RITA)/Volpe National Transportation Systems Center (Volpe Center), to gather the information.

The DOT's own Connected Vehicles program is a prime example of what the agency is looking to protect.  The Connected vehicles program includes cars, trucks, buses, and other vehicles fitted with technology that lets them communicate with each other online and with roadway infrastructure like traffic lights, dangerous road segments, and railroad crossings to avoid accidents, be alerted for roadway problems and other hazards.

Follow Michael Cooney on Twitter: nwwlayer8  

Layer 8 Extra

Check out these other hot stories:

20 of the weirdest, wackiest and stupidest sci/tech stories of 2011 (so far!)

Spaceflight contest blasts off

Apple has more cash than the US government! Buyout not imminent though

The IBM Selectric typewriter turns 50

NASA teams with Chevron to build energy exploration technologies

Confusing array of security job titles complicates Pentagon cyber warrior strategy

10 wicked off-the-cuff uses for retired NASA space shuttles

7 high-tech programs that want to pick your brain

Astronomers spot massive space reservoir holding 140 trillion times water in Earth's oceans

DARPA program wants to corral zany social media into a science

Borg building: How does your overtaxed brain work?

US to let everyday drivers test advanced wireless auto safety technology

NASA sets up robotic satellite refueling experiment on International Space Station

Keyboards type out death knell for cursive writing?

Online Social Security Statement in limbo as agency adjusts for future  

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2011 IDG Communications, Inc.