CISA is Facing New Challenge

This post is also available in: עברית (Hebrew)

Trucking, mass transit, and last-mile delivery services (often referred to as mobility-as-a service) are among the first to adopt autonomous ground vehicles and multiple states are conducting testing on public roads to ensure their safe integration. 

Autonomous vehicles (AVs) represent a leading-edge technology in the evolution of Smart Cities, where infrastructure relies on Internet of Things (IoT) devices to operate effectively. This making them particularly vulnerable to cyberattacks, claims a new guide issued by the US Cybersecurity and Infrastructure Security Agency (CISA), an agency within the Department of Homeland Security. 

According to the Autonomous Ground Vehicle Security Guide, organizations will become increasingly vulnerable to attacks that can result in data breaches, supply chain disruptions, property damage, financial loss, injury, and loss of life.

Interested in learning about the latest innovations in infrastructure and autonomous systems cybersecurity?  Attend INNOTECH 2021 Cyber, HLS, and Innovation Event at Expo Tel Aviv, Nov. 17-18.

CISA developed a tool to help Chief Security Officers (CSOs) and Chief Information Security Officers (CISOs) understand the risks associated with AVs and implement strategies that can greatly reduce risk to people and property.

According to CISA, these teams should proactively monitor and manage AV technology risks using holistic security strategies that address both enterprise and asset vulnerabilities related to cyber physical systems (CPS) integration with broader connected networks. 

The Autonomous Vehicle Cyber-Attack Taxonomy (AV|CAT) tool provides a framework for identifying AV risks based on the attack vectors, targets, consequences, and outcomes associated with a specific cyber-physical attack. 

The tool offers a baseline for conceptualizing attack sequences and predicting an attack’s ripple effects. Security teams can use the taxonomy to trace how a malicious actor can exploit a vulnerability, assess potential impacts, and identify associated risk mitigation strategies to enhance future resilience.