US DOT Logo
Intelligent Transportation Systems Joint Program Office (ITS JPO)

ITS Cybersecurity Research Program

ITS Cybersecurity Research

The U.S. DOT’s ITS Program advances research on ITS cyber interests and works cooperatively with surface transportation agencies, including the National Highway Traffic Safety Administration (NHTSA), FHWA, Federal Motor Carrier Safety Administration (FMCSA), Federal Transit Administration (FTA), United States Maritime Administration (MARAD), and others. This work includes convening and facilitating the transportation ecosystem around shared priorities, facilitating the development of related policies, identifying and addressing cross-modal issues, and sharing best practices and information while eliminating activities that may hinder cooperation across teams.

The ITS Program also offers leadership, information, and resources to state, local, and tribal agencies that cross modal boundaries and ensures risk management across all of the transportation enterprise technology components. State, local, and tribal agencies do not necessarily have access to the type of expertise or the resources needed to pursue research initiatives to improve their daily operational mission and cyber hygiene. Further, needs that cross jurisdictional boundaries and apply nationally can be efficiently addressed via ITS program leadership and coordination.

Research in Progress

The U.S. DOT has several research initiatives dedicated to ensuring a secure, connected transportation environment:

  • Cybersecurity Best Practices for the Safety of Modern Vehicles – Draft 2020 Update – NHTSA’s draft 2020 Best Practices is intended to serve as a resource for the industry and covers safety-related cybersecurity issues for all motor vehicles and motor vehicle equipment. It is applicable to all individuals and organizations involved in the design, manufacture, and assembly of motor vehicles and their electronic systems and software.
  • Infrastructure cybersecurity – Research efforts focus on strategies and technology options to protect against threats and vulnerabilities to our nation’s roadside equipment, devices, and systems.
  • Development of a Cybersecurity Framework (CSF) for the ITS ecosystem –The NIST Cybersecurity Framework (CSF) is voluntary guidance, based on existing standards, guidelines, and practices for organizations to better manage and reduce cybersecurity risk. The framework provides a common language for understanding, managing, and expressing cybersecurity risk to internal and external stakeholders. It can be used to identify and prioritize actions for reducing cybersecurity risk, and it is a tool for aligning policy, business, and technological approaches to managing that risk. The framework core provides a set of activities to achieve specific cybersecurity outcomes, and references examples of guidance to achieve those outcomes. Building on the 2021 release of the Connected Vehicle CSF Profile, the U.S. DOT is sponsoring expansion of this profile to include ITS infrastructure. This research is focused on developing approaches, strategies, and examples for state, local, and tribal DOTs and transportation operating agencies on how to incorporate cybersecurity into their decision making, and options for how to address cybersecurity issues for the ITS ecosystem. When complete, the resulting ITS CSF profile will be posted on this site on the Implementation Practices page.
  • Vehicle-to-everything (V2X) communications security – Ongoing research focuses on ensuring trusted communications between vehicles, between infrastructure and vehicles, and evolving the current security standards for over-the-air credentials in use with V2X. This includes addressing transportation communication security requirements for next‑generation communications capabilities for 5G NR (fifth generation new radio cellular wireless), LTE vehicle-to-everything (LTE V2X) technologies, and other emerging radio access technologies relevant to ITS.
  • Security Credential Management Systems (SCMS) – Research efforts focus on misbehavior detection strategies to identify malicious actors or malfunctioning devices. Additional efforts concentrate on multi-vendor, multi-jurisdictional interoperable implementations of credential management systems.
  • Security in the National ITS Architecture Reference and ITS Standards – Ongoing collaboration between U.S. DOT, experts, standards working groups, and transportation stakeholders to ensure the evolution of the ITS architecture and ITS standards to ensure security is integrated into the connected vehicle environment.
  • Positioning, Navigation, and Timing (PNT) Technology Readiness for Safe Automated Driving Systems (ADS) Operations and advancing this work through surveying and documenting candidate PNT sensor technologies for ADS operations; and developing simulation and analysis tools, including algorithm development for resiliency enhancement under an unintentionally (e.g., cybersecurity spoofing attacks) degraded environment.
  • Cybersecurity Expands Into All Realms of Transportation – An extensive list of Transportation Research Board (TRB) reports focus on transportation and cybersecurity research. Includes links to TRB committees cited in the research reports: