Connected Vehicles and Cybersecurity

As our cars become more connected (to the Internet, to wireless networks, with each other, and with our infrastructure), the risk of cyber-attacks is a growing concern.

The USDOT understands the threat against the nation’s cyber infrastructure and has made cybersecurity a top priority. The Department is taking action to respond to the threat and improve the vehicle cybersecurity posture and capabilities of the United States. View the connected vehicles and cybersecurity fact sheet.

Secure Communications

Connected vehicles will communicate via dedicated short-range communication (DSRC), which is a wireless technology that has more security and privacy protections than traditional Wi-Fi. DSRC only has a range of 1,000 feet, meaning many attacks would require close proximity. Since safety concerns predominately involve moving vehicles, there is a very short window for attack.

Secure Design

In addition, the USDOT has adopted a “security by design” principle as it develops the system architecture for connected vehicles—meaning, cybersecurity systems will be built in. This connected vehicle architecture will encompass the entire system (not just the vehicle parts or the roadside parts), so secure uniform practices can be applied to the entire vehicle, traffic signals, work zones, and other parts of the connected vehicle ecosystem. The USDOT’s vision is to apply communication security from end to end as a unit of data travels from one object to another. The data unit can then travel through unknown media with the assured level of security.

Secure Credentials

The USDOT is also investing in the development of a Security Credential Management System (SCMS) that will ensure trusted and secure vehicle-to-vehicle and vehicle-to-infrastructure communications. The SCMS employs highly innovative methods and encryption and certificate management techniques to ensure communications security between entities that previously have not encountered each other—but also wish to remain anonymous (as is the case when vehicles and drivers encounter each other on the road).

Manufacturers of devices, vehicles, or other physical components critical to the connected vehicle environment will have to demonstrate that they have used the correct practices before they receive the credentials that enable participation in any trusted communications.