Security poses a significant challenge to the mammoth task of preparing Australian road networks for automated vehicles – an obstacle that could see the involvement of suppliers working in the broader cyber security space.
With trials of automated vehicles currently underway in several locations nation-wide, efforts to develop a regulatory and technological environment that allows vehicles to communicate with other vehicles and infrastructure – known as a Cooperative Intelligent Transport System (C-ITS) – is gaining momentum.
With C-ITS considered a key component of the “disruptive transformation occurring to our vehicles, roads, cities and technologies”, keeping the system secure is critical but proving to be a persistent challenge, according to a report by the Transportation Certification Australia (TCA).
“As we move into a world where vehicles become computers on wheels, we need to establish new ways for ‘trust’ to be established between vehicles and all road users – not just drivers”, states the report.
The security solution for C-ITS that grew out of international collaboration is known as the Security Credential Management System (SCMS) – a broad umbrella term that encompasses “a highly sensitive and responsive system comprising people, technical and operational processes and policies”.
Though a sophisticated and highly-specialised area, the report indicates that SCMS draws on existing technologies, entities, resources and capabilities.
Key technological questions identified include determining whether SCMS will use Blacklisting, Whitelisting, or both; what cryptographic curve will be used in Australia, including possible adaptation of existing Public Key Infrastructure; and the best disaster recovery measures to be taken.
The private sector is well placed to operate several SCMS components, according to the report. Though the overall composition of the system requires specialist legal and policy knowledge, the SCMS also requires deep technical expertise in areas such as cyber security.
In both the United States and Europe, private organisations are operating most of the SCMS components, with a government body overseeing the system as “SCMS Manager”.
It is likely that, much like the Australian Signals Directorate’s Certified Cloud Services List, the TCA will depend on the Information Security Manual (ISM) to accredit the ICT systems involved in the SCMS.
The report states that: “The ISM is aimed at Government operations and organisations that make use of, among other things, cybersecurity, communications systems and cryptography – operations directly concerning C-ITS and the SCMS.”