Automated city shuttles: Mapping the key challenges in cybersecurity, privacy and standards to future developments

Abstract

The Automated City Shuttles (ACSs) aim to shape the future public transportation and provide more efficient and accessible mobility in smart cities. With the absence of a driver, such mini-busses process the sensors’ inputs and exchanged data with other vehicles and intelligent transport systems to achieve a real time assimilation of its surroundings. Consequently, the technologies supporting the driverless functionalities ushered new cybersecurity risks and data privacy breaches. Unfortunately, several studies mostly focus on individual Connected-Automated Vehicles (CAV), though intrinsic underpinnings of the ACS’s threat vectors remain unexplored. In the present paper, we considerably extend that investigation by proposing a comprehensive state of the art with farsighted analyses addressing security threats and data privacy concerns from both technical and legal perspectives to thwart potential attacks. Moreover, as existing approaches have not provided yet a clear road map about ACS’s security standards, the present work sheds light on recent and up to date standards and standardisation bodies dealing with cybersecurity and privacy issues in the automated driving ecosystem. This paper presents an analysis debating the trade-off between maximising the ACS benefits and minimising the associated security vulnerabilities and attacks through an overview of technical and legal mitigation strategies.