Experts have no confidence that we can protect next-gen streets and cars from hackers

A new survey of people working on a connected-driving project finds that few people are optimistic about its security.


Patrick Howell O'Neill


Posted on Oct 16, 2015   Updated on May 27, 2021, 7:23 pm CDT

Our cars are quickly transforming into 5,000-pound computers with wheels—one of the most dangerous weapons a hacker can attack.

The streets themselves will soon connect to the Internet in networks called V2I (vehicle-to-infrastructure), which carry significant transportation and safety benefits but also offer more targets for hackers. Can the networks be protected from attacks that might track vehicles or steal personal information?

Security is the foremost challenge for the emerging V2I technology, according to a Government Accountability Office (GAO) survey of government experts, academics, and industry specialists. Fewer than half of the experts surveyed said that it would be possible to develop a secure system.


In the not-so-distant future, your car will talk to traffic lights over a wireless connection to warn you not to run red lights. Roads will tell you when weather has made driving unsafe, and intersections will tell you the most environmentally friendly speed at which to drive.

The Department of Transportation is currently researching how to keep these new networks secure, and so far, they don’t have the answer.

The government is coordinating with the transportation industry on the Security Credential Management System (SCMS), a project to verify that basic road-safety messages come from authorized devices. But few people have confidence in SCMS; a majority of respondents in the GAO survey told the office that they had only low confidence in their ability to develop a secure system.


At this point, it’s not clear who would even run such a system. Previous plans pointed toward car industry control, but the Transportation Department is now looking into playing “a more active leadership role” for V2I as well as V2V (vehicle-to-vehicle) networks. That role would include setting security and privacy standards when V2I and V2V networks become operational.

Privacy will be a key component of the new road networks. Data generated by V2I networks may be given to academics, government agencies, and private companies for research purposes. The Transportation Department is only just beginning to research the best ways to protect that data.

Safety messages will be short-range broadcasts (ranging approximately 300 meters) and “will not contain any information that identifies a specific driver, owner or vehicle (through vehicle identification numbers or license plate or registration information),” according to the GAO report.

“The messages transmitted by DSRC [dedicated short-range communications] devices (such as roadside units) in support of V2V and V2I technologies also will be signed by security credentials that change on a periodic basis (currently expected to be every 5 minutes),” the report said, “to minimize the risk that a third party could use the messages as a basis for tracking the location or path of a specific individual or vehicle.”

Japan already operates V2I technology, and Japanese officials have urged their American counterparts to use strong encryption and delete old data. Japan doesn’t share its V2I data with industry or academic partners and has had no security issues with its system thus far.

The Transportation Department will provide up to $100 million in the next five years to deploy V2I technology. Its goal is to make 20 percent of U.S. intersections V2I-capable by 2025, and 80 percent by 2040.

Photo via rockindave1/Flickr (CC BY 2.0)

Share this article
*First Published: Oct 16, 2015, 7:53 am CDT