CISA releases autonomous transit vehicle guidelines

Companies around the U.S. have piloted the use of autonomous vehicles (AVs) in their supply chains and operations. Although fully autonomous vehicles are still relatively rare, supervised semi-autonomous vehicles are being developed and tested on the road, according to new guidance from the Cybersecurity and Infrastructure Security Agency (CISA).

As organizations integrate artificial intelligence and wireless security systems into AVs, CISA has released guidance to mitigate the cyber and physical risks posed by smart vehicles. CISA highlighted the following potential risks to enterprises and their assets created by AVs:

Access control: A malicious actor gains unauthorized access to a network, potientially via a control room, and introduces malware via USB
Insider threat: A malicious actor works with insiders at a third-party supplier to modify data-processing motherboards
Cyberattack: A cybercriminal creates privileged access credentials to mark AVs as stolen via their anti-theft system, rending AVs potentially inaccessible
Tampering with the environment: A malicious actor uses reflective strips or paint to alter identifiers such as stop signs on the AV's route, misdirecting the vehicle

These risks and more pose threats to AVs and the supply chains that rely on them. With this information, CISA released guidelines for organizations who develop and/or use AVs in their operations:

Develop and implement employee training and exercises to ensure on-the-ground personnel are aware of interconnected cyber-physical risks
Ensure physical access points to networks and systems are secure
Conduct vulnerability assessments
Report vulnerabilities and cyber-physical incidents
Adopt and implement system security guidance, best practices, and design principles
Implement recommended vehicle software updates regularly
Avoid connecting non-manufacturer, unsecured, or unknown devices to vehicle systems
Design, develop, and implement cybersecurity standards for connected vehicles and associated components

Find a full list of CISA's identified threats to AVs and their guidance on how to mitigate AV risk to enterprises here.

Madeline Lauver is a former Editor in Chief at Security magazine. Within her role at Security, Lauver focused on news articles, web exclusives, features and several departments for Security’s monthly digital edition, as well as managing social media and multimedia content.

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.

CISA releases autonomous transit vehicle guidelines

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.

CISA releases autonomous transit vehicle guidelines

Share This Story

Related Articles

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.