Transportation technology is rapidly emerging and converging. Concepts such as autonomous vehicles and drones have become reality, while the legal and regulatory frameworks to support them are still in flux.
The Intelligent Transportation Society (ITS) of America recently published the “Connected Vehicle Assessment: Cybersecurity and Dependable Transportation” report and the Transportation Research Board of the National Academies published a request for proposals titled “A Look at the Legal Environment for Driverless Vehicles.” Both documents outline measures to take for the unintended consequences that will inevitably arise with a connected transportation system.
The ITS report notes that more than one billion connected machine-to-machine (M2M) devices will likely be in highway transportation systems by 2020, of which more than half will be embedded in cars and trucks. The report says that figuring out ways to secure M2M applications and preventing mischief and misfortune will be major tasks for the transportation sector.
These reports also detail the potential privacy breaches that might occur. For example, current trends suggest that future vehicles will use more software and will be more complex and connected. Just as mobile device manufacturers provide ongoing software maintenance and security upgrades to increase the reliability of their products, cars and the infrastructure they rely on will have to do the same.
In general, hackers like to start with the path of least resistance. They find vulnerabilities in systems that provide the greatest number of potential targets, and most of these are in widely commercialized and deployed information technology platforms. In transportation, most mobility applications rely on IT security to support tolls, maintain location privacy, and prevent manipulation of telemetry in cases of fraud or theft.
However, where information is centralized and cloud-based, the aggregation of data in one place makes it a more attractive target. For applications such as car-sharing services, electronic tolls, and smart parking, it is vitally important to prevent disruption to these new services as businesses and consumers become more dependent on them in the next several years.
Researchers have voiced concerns that generations of safety automotive electronics and traffic control devices may be vulnerable to attacks. These embedded systems are fragile, and often do not have the computational resources to support strong authentication and access control. With that said, they cannot bend under the weight of a determined and well-resourced adversary.
Rules and regulations for transportation will continue to evolve and increasingly include privacy and data security concerns, especially as more vehicles become connected and share more information.
Thomas M. Kowalick is an expert on event data recording technology. He is the chair of the IEEE 1616 standard working group committee and president of AIRMIKA, Inc., in Southern Pines, N.C., and author of Fatal Exit: The Automotive Black Box Debate.