DHS Programs: Cybersecurity for Government Vehicles

Chair: David Balenson, SRI International

Moderator:

David Balenson, SRI International

Presenters

Kevin Harnett, US DOT/Volpe Center

Graham Watson, US DOT/Volpe Center

Brendan Harris, US DOT/Volpe Center

Dan Massey, DHS S&T

Abstract:

Cybersecurity is critical for vehicles operated by federal, state, and local governments, who all depend on commercially available passenger cars and trucks in their fleets. Vehicles used by government agencies and critical infrastructure owners/operators will have at least the same vulnerabilities as commercial vehicles, and possibly more vulnerabilities due to additional technology for communications and fleet management. The risks and potential consequences must be weighed against both economic and operational constraints.  Government agencies will be challenged to find the right balance between protecting against potential threats and achieving mission objectives.

To address these challenges, the Department of Homeland Security Science and Technology Directorate (DHS S&T) Cyber Security Division (CSD) has partnered with the Department of Transportation (DOT) Volpe National Transportation Systems Center (Volpe Center), the General Services Administration (GSA), and non-profit research institute SRI International. The team has been actively engaging both the cybersecurity community and automotive community on assessing the threat to government vehicles and on developing appropriate security measures for government vehicles. This outreach has included workshops, funded research projects, discussions with industry ranging from major manufacturers to small startups, government coordination meetings, and a number of other activities.

This session will provide information on cybersecurity issues impacting government vehicles, including first responder and law enforcement vehicles, undercover vehicles, government official vehicles, non-tactical government vehicles, and general-use vehicles.

The following topics will be discussed:

• An overview of various types of automotive attack vectors and possible mitigations, including remote attacks, OBD-II dongle/telematics vulnerabilities and attacks, fleet type attacks, and experiments in RF fingerprinting of a modern automobile.
• Steps government agencies can take today to start protecting their vehicles from cybersecurity attacks, including best practices, updates, and monitoring.
• The longer-term path toward comprehensive solutions, including current government funded research to address cybersecurity challenges and needs.