Cybersecurity regulatory challenges for connected and automated vehicles – State-of-the-art and future directions

Abstract

The technological advancements of Connected and Automated Vehicles (CAVs) are outpacing the current regulatory regime, potentially resulting in a disconnect between legislators, technology, and CAV stakeholders. Although many studies explore the regulatory requirements of operations of CAVs, studies on regulatory challenges specific to the cybersecurity of CAVs are also emerging and receiving lots of attention among researchers and practitioners. However, studies providing an up-to-date synthesis and analysis on CAVs regulatory requirements specific to cyber-risk reduction or mitigation are almost non-existent in the literature. This study aims to overcome this limitation by presenting a comprehensive overview of the role of key Intelligent Transportation Systems (ITS) stakeholders in CAV's cybersecurity. These stakeholders include road operators, service providers, automakers, consumers, repairers, and the general public.The outcome of this review is an in-depth synthesis of CAV-based ITS stakeholders by visualising their scope in developing a Cybersecurity Regulatory Framework (CRF). The study demonstrated the compliance requirements for ITS communication service providers, regulatory standards for CAVs automakers, policy readiness for CAVs customers and the general public who interact with CAVs, and the role of the CAVs Network Operator Centre in regulating CAVs data flow. Moreover, the study illuminates several critical pathways necessary in future for synthesizing and forecasting the legal landscape of CAV-based transportation systems to integrate the regulatory framework for CAV stakeholders. The paper's findings and conclusions would assist policymakers in developing a comprehensive CRF.