Literally and Figuratively, Autonomous Vehicles Are Driving the Tolling Industry to Focus on IoT and Cybersecurity

The Internet of Things (IoT) is one of those rare terms that means exactly what it says: it’s a network comprised of different objects—computers, watches and phones, yes, but also everything else, from toothbrushes, medical devices and glasses to refrigerators, dishwashers, garage doors and numerous other items—all capable of transmitting data between, and communicating with, one another. It’s like an internet, some might say, of things.

“IoT devices are found everywhere,” said Rushabh Kadchhud, a senior network and security architect with IBI Group during a recent IBTTA webinar about IoT and the security challenges it presents to tolling and transportation operations. “They are in our houses, on the roads and on our highways.”

Kadchhud referred to a Gartner study that showed there were 2.5 billion internet-connected IoT devices operating on the market in 2020, and that’s just in the sectors that were relevant to the tolling industry (i.e. automotive, transportation, building automation, etc.). That figure is poised to grow exponentially over the coming years, driven, at least in part, by autonomous vehicles (AVs).

“The future is autonomous vehicles,” said Kadchhud, who noted that AVs will necessarily come with hundreds of IoT sensors so the vehicle can communicate with and move safely through its surroundings. “They are going to interact with all of the end devices that we already have” on our roads, he added, referring to traffic signal computers, ID cameras on highways and tunnels and other technologies already in use on toll roads across the U.S. “[Modern vehicles] are already communicating with these devices.”

“A time is coming when that these sensors will communicate with that network without any human intervention,” Kadchhud said, noting that this presents a number of vulnerabilities that aren’t very well understood or defended against, even today. “There are certain examples where autonomous vehicles are transmitting data and we don’t even know what risks are involved in these systems,” he added. “We need to see how we can manage that data and apply the correct security standards so that we can protect our internal network.”

Successfully mitigating cybersecurity threats takes a concerted effort and constant vigilance, according to Kadchhud’s fellow panelist, Pavel Stoev, professional systems engineer with IBI. “Cybersecurity is not a start-to-end project,” he said. “It is a continuous improvement process.” Many organizations don’t know where to begin with this process, so Stoev offered a cybersecurity framework comprised of six steps that, once completed, start over again in a process of continual improvement. The six steps are:

1. Define your strategy.
2. Implement a documented cybersecurity policy.
3. Create organizational awareness of the policy.
4. Implement specific controls as part of the policy.
5. Monitor and measure the impact of the cybersecurity policy.
6. Correct and report on the policy based on its successes and failures.

For more detailed information on how your organization can build its own cybersecurity strategy and take steps today to prepare for tomorrow’s risks, watch the full webinar recording here.