Securing Autonomous Vehicles – New Guidelines 

This post is also available in: עברית (Hebrew)

Ground vehicles are increasingly part of connected systems that will change and improve transportation in smart cities and elsewhere. Trucking, mass transit, and logistical services are among the first to adopt this advanced technology. 

Autonomous vehicles (AVs) represent a leading-edge technology in the evolution of smart cities, where infrastructure relies on Internet of Things (IoT) devices to operate effectively. This includes AVs as a viable means for trucking, last-mile delivery, and mass transit —often referred to as mobility-as-a service — which can benefit organizations and communities through improved mobility, access, and speed; decreased environmental impacts; enhanced safety; improved public transit options; reduced operating costs; and a shift from fixed-route, fixed-timetable services to dynamic, on demand services.

However, connected vehicles are challenged by potential threats. New guidelines formulated by the US Cybersecurity and Infrastructure Security Agency (CISA) provides transportation systems sector partners with a framework to better understand cyber-physical threats related to AVs and recommended strategies to mitigate both enterprise- and asset-level security risks.

Interested in learning more about cyber threats to transportation infrastructure? Attend INNOTECH 2021 Cyber, HLS, and Innovation Event at Expo Tel Aviv, Nov. 17-18.

According to the Autonomous Ground Vehicle Security Guide, systems and components connecting to AVs and enable them to operate include Vehicle-to-everything (V2X) technologies, Global Navigation Satellite Systems / Inertial Navigational Systems (GNSS/INS), Light Detection and Ranging (LiDAR), etc.  

CISA says that as the cyber-physical systems (CPS) threat landscape continues to evolve, organizations will become increasingly vulnerable to attacks that can result in data breaches, supply chain disruptions, property damage, financial loss, injury, and loss of life. 

CSOs and CISOs should therefore proactively monitor and manage AV technology risks using holistic security strategies that address both enterprise and asset vulnerabilities. 

The guide provides an Autonomous Vehicle Cyber-Attack Taxonomy (AV|CAT) tool – a framework for identifying AV risks based on the attack vectors, targets, consequences, and outcomes associated with a specific cyber-physical attack. Organizations can use the AV|CAT to understand risks, predict an attack’s effects, etc.

A multi-layered approach is required to protect AVs. This includes the evaluation of threats to the enterprise, such as compromised proprietary data or operational disruptions, and to assets, such as an AV itself, as reported by hstoday.us.