Companies across the country are beginning to introduce driverless automated vehicles (AVs) on public roads. Waymo, for example, is testing a robotaxi service in Minneapolis, initially with human drivers behind the wheel—but with plans to operate a fully automated service in the future.
AVs have the potential to save lives on roadways by reducing human error, yet the same technology that brings safety benefits may introduce new vulnerabilities for cyberattacks. Researchers have raised an important caution: Criminals could target AVs and the physical and digital infrastructure that will support them unless stronger cybersecurity measures are planned now.
That concern is at the center of a project led by Zhi-Li Zhang, a professor in the University of Minnesota Department of Computer Science and Engineering, CTS scholar, and Distinguished McKnight University Professor.
For this project, Zhang and a team of research colleagues from the University of Michigan and Purdue University set out to understand how to strengthen “digital guardrails” that will protect AVs and their networks in the future.
“Cybersecurity is really important for our future transportation system,” Zhang says. “If your computer gets hacked, you may have financial losses.” But if the target is an automated vehicle or its digital infrastructure, the stakes are much higher. “You can potentially have a life-or-death problem,” he says.
To better understand these risks, the research team examined the entire AV ecosystem, analyzing threats and assessing risks focused on existing vulnerabilities and new ones introduced by communications, data sharing, and the use of artificial intelligence (AI) models. Researchers noted that next-generation connected and automated transportation systems are complex “systems of systems”—requiring a holistic approach to ensure that vulnerabilities from one component do not spread to others and threaten the security of the entire system.
One phase of the project introduced a new framework for protecting next-generation transportation systems by using a teleoperated vehicle, for which a human operator assists an AV remotely. In a case study, researchers were able to secure the data pipeline between the AV and the control station, protecting against cyberattacks that could alter or corrupt the data used to guide the vehicle.
The team also developed a system, dubbed “SCORPION,” that uses AI to improve how hardware, networks, and software work together. SCORPION is designed to help keep the system accurate and fill in missing pieces when data gets lost during vehicle-to-vehicle communication or through other system imperfections.
Another phase of the project focused on detecting cyberattacks from the infrastructure side rather than relying on data from vehicles, which could be compromised. By using roadside sensing, monitoring, and prediction tools, researchers could detect unusual vehicle behavior and identify potential cyberattacks independent of data received from vehicles.
The team identified several promising directions for future research. Those include exploring how anomalies detected from infrastructure could support real-time traffic management; developing tools that identify specific types of cyberattacks, such as spoofing, to support more targeted mitigation strategies; and incorporating human involvement when needed—for example, issuing warnings to nearby vehicles with human drivers when something appears wrong.
This project was funded by the U.S. Department of Transportation through the Center for Connected and Automated Transportation (CCAT) at the University of Michigan. CTS is a research partner within the CCAT consortium of participating universities.
—Peter Raeker, contributing writer
