As cars and other forms of transportation increasingly rely
on online systems for everything from safety to onboard entertainment,
the cybersecurity threat from those who would exploit such electronic control
packages has also increased.
That's why the US Department of Transportation (DOT) today
issued a Request For Information to the security industry to help it devise a
roadmap to build "motor vehicle safeguards against cybersecurity threats
and assure the reliability and safety of automotive electronic control
systems."
More on auto technology: Seven advanced car technologies
the government wants now
According to the RFI: "The DOT is collecting relevant
information to characterize needs and establish a strategic research roadmap to
meet the rising challenges of ensuring the safety of automotive safety-critical
systems due to increasing complexity of motor vehicle systems using advanced
electronic controls to improve drivability, safety, efficiency, and operational
reliability; escalating use of information technology in motor vehicles to
enhance basic and secondary vehicle functions and to enable infotainment
applications; and wireless connectivity to in-vehicle systems, between vehicles
and external information networks, and among vehicles."
The DOT wants input to help it make strategic decisions
about "next research steps and justifying initiatives relative to research
possibilities as well as revised approaches to regulation, enforcement,
incident/forensics, vehicle testing, communications/outreach/professional
capacity building, or recommended electronic hardware/software systems
architecture and engineering design safeguard principles and/or practices,
including human factors and training considerations."
Basically starting from scratch, the DOT is looking at all
manner of cybersecurity topics including:
- Types and magnitudes of risks in modern motor vehicles
- Threats and vulnerabilities to safety-critical systems within vehicle networks and vehicle connectivity to the outside world
- How risks might amplify with increasing connectivity including dedicated short range communications, cellular, or other communications methods.
- Risk management including risk/vulnerability assessment and approaches/strategies to risk mitigation that can be applicable
- Security testing, including penetration testing
- Approaches to cybersecurity outreach and training throughout the automotive value chain, in particular automotive software developers.
- Incident/Forensic approaches
- Secure automotive controller-area networks and diagnostics
- Was there an initial event or occurrence that brought cybersecurity issues to the forefront in the industry? If so, what was it? What resources were brought to bear?
- What industry committees or working groups were formed?
- What standards were used, modified, or created?
- What approaches to cybersecurity were developed, how, and how are they evolving as the industry moves forward in its strategic planning?
- What was/is the role of the Federal government in the industries' cybersecurity practices and how did it evolve?
- How were issues such as privacy, sensitive competitive information, etc. addressed (in particular in industry-wide security working groups)?
The DOT is working with the Research and Innovative
Technology Administration (RITA)/Volpe National Transportation Systems Center
(Volpe Center), to gather the information.
The DOT's own Connected Vehicles program is a prime example
of what the agency is looking to protect. The Connected vehicles program
includes cars, trucks, buses, and other vehicles fitted with technology that
lets them communicate with each other online and with roadway infrastructure
like traffic lights, dangerous road segments, and railroad crossings to avoid
accidents, be alerted for roadway problems and other hazards.
Article Credit: www.networkworld.com
No comments:
Post a Comment