S 3175 Introduced – Smart Transportation

Earlier this month Sen. Cortez-Masto introduced S 3175, the Smart Transportation Advancement and Transition (STAT) Act. The bill would amend 23 USC 512 (Note, §5305) and require changes to the DOT’s Intelligent Transportation Systems (ITS) program to improve the “development of local smart communities”. One minor mention of cybersecurity in the bill.

Amendment

Section 2 of the bill would make amendments to §5305(h) in the note to §512, revising provisions for the establishment of an ITS program Advisory Committee. It would modify and expand the membership of the Committee and revise the duties of the Committee.

New Requirements

Section 4 of the bill would require DOT to develop a resource guide “to assist States and local communities in developing and implementing intelligent transportation technology or smart community transportation programs” {§4(b)}. The guide would be updated at least every three years.

Section 5 would require the identification and development of various ITS workforce development efforts. This would include designating “not less than 10 consortia of public institutions of higher education as a ‘Center of Excellence in Advanced Transportation Workforce Training’” {§5(e)(1)}. It is in the ‘Education and Training Requirements’ portion of §5(e) that we find the bare mention of the term ‘cybersecurity’ {§5(e)(3)(F)}.

Moving Forward

Cortez-Masto is not a member of the Senate Commerce, Science, and Transportation Committee to which this bill was assigned for consideration. This means that it is unlikely that the bill will receive consideration in that Committee. The only provision in the bill that would engender any opposition to the bill would be the $10 million annual grant authorization in §5(f)(7). It is not a lot of money, but it would have to come from somewhere.

Commentary

I continue to be amazed at the lack of congressional concern with cybersecurity issues in the ITS field. Any networked, cyber-enabled system that is designed to increase the efficiency of transportation networks is going to be a complicated amalgam of information technology and control system technology from a wide variety of vendors, owners and operators. The communications requirements for these systems ensures that they will be a major target for wide-spread ransomware attacks.

This bill is certainly not the best place to address this issue, but we could start by making the following changes:

On page 5, line 12 {revised §5305(h)(2)(A)(iii)} insert:

“(XIX) an automotive control system cybersecurity expert with knowledge of intelligent transportation system communications;”

On page 7, line 16 {revised §5305(h)(3)(B)} insert:

“(vi) how the Department is working to ensure the development of cybersecurity processes and protocols to prevent cyber-attacks on ITS components;”

On page 11, line 17 {§4(c)} insert:

“(4) cybersecurity best practices and lessons learned from smart community transportation demonstration projects, including information on inter-component communications security;”

On page 18, line 5 {§5(e)(3)(F)}, after “cybersecurity” insert”

“, including security of systems communications protocols:”

On page, line 25 {§5(f)(1)} insert:

(C) the development of a cybersecurity workforce skilled in various types of intelligent transportation technologies, components, infrastructure, and equipment.