Stakeholder guidance
Stakeholder Groups and Their Cybersecurity Focus Areas¶
1. Decision-Makers¶
Who they are:
Government officials, regulatory agencies, and executives shaping ITS strategies.
Key cybersecurity concerns: - Establishing national and regional cybersecurity policies for ITS.
-
Allocating funding for cybersecurity in transportation projects.
-
Defining compliance requirements for ITS cybersecurity frameworks.
-
Ensuring alignment with international cybersecurity standards (ISO, IEEE, ETSI, etc.).
Guidance provided:
- Risk-based approaches to cybersecurity policy development.
-
Investment strategies for security infrastructure.
-
Balancing security with usability and operational continuity.
2. Standards Developers¶
Who they are:
Organizations, industry consortia, and research institutions responsible for defining ITS security standards.
Key cybersecurity concerns: - Ensuring ITS security standards are globally interoperable.
-
Harmonizing regional and international security policies.
-
Addressing emerging threats and adapting to evolving cybersecurity risks.
-
Ensuring cryptographic agility and secure lifecycle management.
Guidance provided:
- Best practices for standardizing ITS security mechanisms.
-
Ensuring alignment with ISO, IEEE 1609.2, ETSI TS 103 097, and other frameworks.
-
Developing security controls for future ITS applications.
Click here for more details¶
3. Implementers¶
Who they are:
Vehicle manufacturers, infrastructure operators, ITS service providers, and technology vendors.
Key cybersecurity concerns: - Securing the configuration of ITS devices such as Onboard Units (OBUs), Roadside Units (RSUs), and backend infrastructure.
-
Managing digital certificates and cryptographic keys (IEEE 1609.2, X.509).
-
Preventing cyber threats such as spoofing, denial-of-service (DoS), and unauthorized access.
-
Ensuring compliance with cybersecurity policies in real-world deployments.
Guidance provided:
-
Implementation strategies for secure ITS deployments.
-
Threat modeling and risk management approaches for V2X communications.
-
Security best practices for device management and lifecycle security.
Click here for more details¶
Although we have provided guidance for specific stakeholders, ITS cybersecurity is a shared responsibility. All stakeholders should align towards a comprehensive cybersecurity strategy and architectural approach.