Cybersecurity, Data, and Privacy Subcommittee Meeting #1 March 1 st , 2019 2/28/2019 1
Welcome and Introductions 2/28/2019 2
Review of Round 1 Recommendations and Round 2 Scoping Results 2/28/2019 3
Round 1 Recommendations Topics • Preventing cyberattacks • Responding to cyberattacks • Protection of consumer privacy • Data management Cybersecurity Requirements • The manufacturer shall certify that the autonomous vehicle meets appropriate and applicable current industry standards to help defend against, detect, and respond to cyber-attacks, unauthorized intrusions, or false vehicle control commands • To aid with transparency with the testing process, to increase public trust in autonomous vehicle design and cybersecurity practices, and to aid in the effort to protect related cybersecurity infrastructure, the task force encourages manufacturers to work with recognizes industry information sharing entities. Data Privacy • Principle: Support for a framework that protects data privacy
Task Force Round 2 Scoping Results Principles Privacy and Intellectual Property • Review applicability of existing law and don’t reinvent • Secondary use of data the wheel • Protecting privacy and security of consumer and personal • Maintain consistency with other states data Resources • Protecting private and proprietary data • Auto-ISAC Data • AICPA’s SSAE-18 Data Security Standards • Data standards • SAE/Synopsys Report: Securing the Modern Vehicle • Data needs of vehicles • Upstream Security Report: Global Automotive • Flexibility to adapt to new technologies (5G, etc.): focus Cybersecurity Report 2019 on what data is needed rather than how it is accessed • NCHRP 03-127: Cybersecurity of Traffic Management • Data transparency in the aggregate Systems • Data sharing for public sector responsibilities, including Cybersecurity planning, operation, and funding • Cybersecurity for road infrastructure/V2I • Public sector data infrastructure, storage, expertise, analysis, and cost • Responding to cybersecurity incidents • Sideboards for data in underwriting • Accountability for cyber breaches • Preservation of crash data • State authorities in relation to manufacturer’s cybersecurity plan 2/28/2019 5
State, Federal, and Private Sector Roles in Cybersecurity 2/28/2019 6
National and international guidance on AVs 2/28/2019 7
National Highway Traffic Safety Administration (NHTSA): Federal and State Regulatory Roles for Conventional Vehicles Federal State Regulating motor vehicles and motor Regulating the human driver and vehicle equipment most other aspects of motor vehicle operation • License drivers • Set Federal Motor Vehicle Safety Standards (FMVSS) for motor • Register motor vehicles vehicles and equipment • Enact and enforce traffic laws • Enforce compliance with FMVSS • Conduct safety inspections • Manage safety recalls • Regulate insurance and liability • Educate public about safety 2/28/2019 8
Federal and State Safety Roles for Automated Vehicles • The National Highway Traffic Safety Administration (NHTSA) proposes that regulation of automated driving systems (ADSs) mirror existing roles • NHTSA has proposed new safety areas for ADSs, such as cybersecurity, data recording, and human-machine interface, that it may regulate pending the development of FMVSS • States are encouraged to provide licensing and registration procedures for AVs, reporting and communications methods for Public Safety Officials, and to review traffic laws and regulations that conflict with AVs Learn more in NHTSA’s “Automated Vehicles 3.0” guidance here 2/28/2019 9
Background on National Efforts 2/28/2019 10
Auto-ISAC • Automotive Information Sharing and Analysis Center (Auto-ISAC) • Forum for industry, government, and cybersecurity experts to share information on threats, best practices, etc. • Monthly calls to highlight new developments, security efforts, and other topics • ODOT participates 2/28/2019 11
SAE/Synopsys Report: Securing the Modern Vehicle • Survey of cybersecurity practices in automotive industry to identify risks • Identified that many organizations still lack dedicated cybersecurity team, sufficient staff resources • Vehicle connectivity presents an increasing risk to system safety, requiring additional attention 2/28/2019 12
Upstream Security Report: Global Automotive Cybersecurity Report 2019 • Tallies cyberattacks on vehicles in 2019 – rapid growth in previous years • Malicious “black hat” attacks now outnumber attacks by security researchers • Attacks range from penetrating back-end systems to direct attacks on vehicle security equipment, such as key fobs 2/28/2019 13
NCHRP 03-127: Cybersecurity of Traffic Management Systems • National Cooperative Highway Research Project (NCHRP) has several projects related to connected/automated vehicles • Project 03-127 seeks to develop guidance for state and local transportation agencies to mitigate cyber attacks on traffic systems • Literature review already available, project expected to conclude August 2019 2/28/2019 14
Additional National Initiatives to Track? 2/28/2019 15
Revisions to Subcommittee Scope and Discussion of Final Product 2/28/2019 16
Recap and Next Steps 2/28/2019 17
Recommend
More recommend
