Autonomous vehicles like Waymo's robotaxis could face serious cyberattack risks that go far beyond financial losses, according to a major research project led by University of Minnesota computer scientists. While self-driving technology promises to save lives by reducing human error, the same connected systems that enable autonomous operation could become targets for criminals unless stronger cybersecurity measures are built into the technology now .

Why Are Autonomous Vehicles Vulnerable to Cyberattacks?

As companies like Waymo expand robotaxi services across cities including Minneapolis, the underlying technology becomes increasingly complex. Autonomous vehicles rely on constant communication with digital infrastructure, artificial intelligence models, and data-sharing networks. Each of these components represents a potential entry point for attackers .

The stakes are fundamentally different from traditional cybersecurity threats.

"Cybersecurity is really important for our future transportation system. If your computer gets hacked, you may have financial losses. But if the target is an automated vehicle or its digital infrastructure, the stakes are much higher. You can potentially have a life-or-death problem," said Zhi-Li Zhang.

Zhi-Li Zhang, Professor in the Department of Computer Science and Engineering at the University of Minnesota

Zhang led a research team from the University of Minnesota, University of Michigan, and Purdue University to examine how to strengthen what researchers call "digital guardrails" that will protect autonomous vehicles and their networks. The project, funded by the U.S. Department of Transportation through the Center for Connected and Automated Transportation (CCAT), analyzed the entire autonomous vehicle ecosystem to identify existing vulnerabilities and new risks introduced by communications, data sharing, and artificial intelligence models .

What Specific Cybersecurity Solutions Are Researchers Developing?

The research team identified several promising approaches to protect autonomous vehicles from cyberattacks. These solutions address different layers of the autonomous vehicle system, from the vehicle itself to the infrastructure that supports it:

• Teleoperated Vehicle Security: Researchers developed methods to secure the data pipeline between an autonomous vehicle and a remote control station, protecting against cyberattacks that could alter or corrupt the data used to guide the vehicle during operation.
• SCORPION System: The team created an artificial intelligence-powered system called SCORPION that improves how hardware, networks, and software work together, helping keep the system accurate and filling in missing pieces when data gets lost during vehicle-to-vehicle communication or other system imperfections.
• Infrastructure-Based Detection: Rather than relying solely on data from vehicles (which could be compromised), researchers developed roadside sensing, monitoring, and prediction tools that can detect unusual vehicle behavior and identify potential cyberattacks independent of data received from the vehicles themselves.

The infrastructure-based detection approach represents a significant shift in how researchers think about autonomous vehicle security. By monitoring vehicle behavior from outside the vehicle, using roadside sensors and analysis tools, security experts can identify attacks even if a vehicle's own systems have been compromised .

How Can Cities and Operators Protect Autonomous Vehicle Networks?

The research team identified several promising directions for future development and deployment. These recommendations suggest a multi-layered approach to autonomous vehicle cybersecurity that involves technology, infrastructure, and human oversight:

• Real-Time Traffic Management: Anomalies detected from infrastructure could support real-time traffic management systems that automatically respond to potential cyberattacks by rerouting vehicles or alerting traffic control centers.
• Targeted Attack Detection: Developing tools that identify specific types of cyberattacks, such as spoofing (where attackers impersonate legitimate vehicles or signals), would enable more targeted mitigation strategies rather than broad system shutdowns.
• Human-in-the-Loop Warnings: Incorporating human involvement when needed, such as issuing warnings to nearby vehicles with human drivers when something appears wrong, creates a safety net that combines automated detection with human judgment.

The research emphasizes that next-generation connected and automated transportation systems are complex "systems of systems." This means that vulnerabilities in one component, such as a vehicle's communication system or a data-sharing network, could potentially spread to other parts of the system and threaten the security of the entire autonomous vehicle network .

As Waymo and other autonomous vehicle operators expand their services, the timing of this research is critical. The findings suggest that cybersecurity infrastructure must be designed and implemented now, before autonomous vehicles become widespread on public roads. Without these digital guardrails in place, the technology that promises to make transportation safer could introduce new risks that regulators and operators are only beginning to understand.