May 2021

As someone who has thought about cybersecurity for some time, including in previous posts on this blog, the recent events around the hack of the Colonial Pipeline has been front of mind, and not just because I live in Washington, D.C., where gas stations have been running out of fuel. The incident is yet another dramatic demonstration of how cyberattacks can cause serious real-world damage. As more and more of our transportation system becomes connected to computer networks (both vehicles and infrastructure) cybersecurity is becoming just as important issue as the physical safety and security of our roads and vehicles.  

Government Response

The Colonial Pipeline attack comes at a time when the Biden Administration and Congress have both turned their attention to cybersecurity. In the House, lawmakers have proposed $500 million in funding to help state and local governments protect themselves from cyberattacks, while other legislators have been discussing laws that require companies to report cyberattacks they suffer to the government and the public. Such rules would give the government greater insight into attacks and allow them to better coordinate responses when cybercriminals attack more than one company or industry. Making attacks public would also give the public a better idea of how the companies they patronize are protecting their data and products. At the same time, President Biden signed an executive order that will require all software sold to the federal government to meet set security standards. Given the sheer amount of buying power the U.S. government has, that means consumers will also likely benefit from the order, as companies up security in their products to make them competitive for government purchase.

The Colonial attack will also put more scrutiny on the Transportation Security Administration (this is the same TSA that confiscates your water bottles at the airport). While the U.S. Department of Transportation oversees the regulation of pipelines (via the Pipeline and Hazardous Materials Safety Administration), the TSA (part of the Department of Homeland Security) is tasked with helping pipeline owners protect their infrastructure from cyberattacks. In a 2018 report the government’s General Accounting Office (GAO) released a report on weaknesses in the TSA’s pipeline security efforts, including cybersecurity. As the fallout from the Colonial attack continues, the TSA’s infrastructure security will no doubt face some tough questions.

Issues for Transportation Technology Overall

Pipelines are far from the only part of our transportation system that is at risk of being hacked. Last June automaker Honda’s internal network was compromised, leading the company’s factories across the globe to shut down for a day or more. Journalists and hackers alike have shown how a vehicle’s onboard computers can be compromised in a number of ways. More recently, the European Union Agency for Cybersecurity issued a report that identified autonomous vehicles as “highly vulnerable to a wide range of attacks.” The complexity of AVs (and driver assistance systems) and the myriad of computer systems within them is part of why they make a tempting target. Issues also arise as vehicles become more networked – meaning a failure to connect to an outside server can limit a car’s capabilities, as has been reported with some Teslas at times. As AVs and connected vehicles of all kinds proliferate, along with connected infrastructure, the number of failure points or avenues of attack multiple, something that will keep engineers up for years to come.

One good thing that may come from the Colonial Pipeline incident is the centering of cybersecurity in our discussions over infrastructure and transportation. Especially as the White House and lawmakers continue to negotiate a potentially massive investment in infrastructure, addressing the cybersecurity ramifications will be vital. Likewise, the current surface transportation reauthorization (a bill that funds the U.S. DOT and highway projects) will expire on September 30, giving Congress a second opportunity to include cybersecurity issues into the greater transportation policy discussion.

Glossaries and Terms

The following resources were extremely helpful in the creation of our own glossary:

Legal and Policy Resources

University of Michigan Programs

Thank you to MCity for providing a glossary that served as the basis for this page. This glossary is in no way complete or conclusive – a list of further resources, including a number of excellent glossaries and term lists, can be found at the bottom of this page.

Levels of Automation

SAE International has created a set of definitions for levels of vehicle automation. Here is a descriptive version of those levels from the point of view of a driver:

Assisted driving features

  • Level 0 – You’re driving.
  • Level 1 – You’re driving, but you’re assisted with either steering or speed.
  • Level 2 – You’re driving, but you’re assisted with both steering and speed.

Automated driving features

  • Level 3 – You’re not driving, but you will need to drive if prompted in order to maintain safety.
  • Level 4 – You’re not driving, but either:
    • a) you will need to drive if prompted in order to reach your destination (in a vehicle you can drive); or
    • b) you will not be able to reach every destination (in a vehicle you can’t drive).
  • Level 5 – You’re not driving, and you can reach any destination.


5G (5th Generation)

Latest generation of cellular mobile communications that allows for have high data transmission speeds, reduced latency, energy savings, cost reductions, higher system capacities, and the capability for massive device connectivity.


The ability of any given individual to utilize a transportation system. Accessibility is primarily discussed in relation to people with disabilities and other mobility challenges.

Adaptive Cruise Control

Technology that allows a vehicle to automatically adjust its speed to maintain a safe distance between it and other vehicles.

Advanced Driver Assistance Systems (ADAS)

Safety features designed to avoid collisions and accidents by offering technologies that alert the driver to potential problems, or to avoid collisions by implementing safeguards and taking over control of the vehicle. These features can include automated lighting, adaptive cruise control, automated braking, GPS/ traffic warnings, alerts to drivers regarding other cars or dangers, lane keeping, or cameras/displays showing what is in a vehicle’s blind spots.


Parts or components installed in a vehicle after it has been purchased. These parts are usually not sourced from a vehicle’s original equipment manufacturer.

Automated Driving System (ADS)

The system used to automate a vehicle’s operation. This includes the sensors used to observe the world around the vehicle, the systems used to control the vehicle’s speed and direction, and the computer systems used for decision-making.

Automatic Emergency Braking (AEB)

System that allows a vehicle to slow or stop independently of human control when it senses a crash or collision is imminent. The capabilities and range of these systems can vary.

Computer Vision (Machine Vision)

Computer-based analysis of images via a camera or other sensor system. For example, an automated vehicle would use a computer vision system to analyze the input from its cameras to identify and differentiate road signs – i.e. tell a stop sign from a yield sign.

Connected Vehicle (CV)

A vehicle equipped with wireless communication systems that allows it to connect and communicate with other objects in its environment, like other vehicles or pieces of infrastructure.

Connected and Automated Vehicle (CAV)

A vehicle equipped with both CV and AV technologies. The term CAV is also frequently used as a catchall to refer to an array of automotive-based emerging transportation technologies.


Systems and practices used to protect digital systems and networks from unauthorized access, disruptions, and damage.

Dedicated Short Range Communication (DSRC)

A protocol for the transmission of information between multiple vehicles (V2V) and between vehicles and transportation infrastructure (V2I) using dedicated portions of the radio spectrum. The system does not require any communication infrastructure for vehicles to communicate, allowing it to function in remote or little-developed areas. The section of the radio spectrum originally dedicated to DSRC has been part of an ongoing debate and was partially reallocated by the FCC in 2020 for use by wifi devices.


Electric scooter – small electric-powered motorized scooters that have gained popularity as a form of micromobility. These vehicles are typically smaller than the gas-powered scooters popular around the globe.

Electric Vehicle (EV)

A vehicle (automobile, scooter, aircraft, etc.) powered by a rechargeable battery rather than an internal combustion engine or other power source.

Event Data Recorder (EDR)

Device that records information related to vehicle crashes or accidents.

First Mile/Last Mile

The portion of a trip between the end point of a form of transportation and an individual’s origin/destination. For example, the distance between a transit stop or open parking lot/space and an initial or final destination. 


A digital barrier that fences off where a vehicle (like an automated vehicle, e-scooter, or drone) can operate.

Highly Automated Vehicles (HAV)

Vehicles equipped with automated driving systems that meet SAE Levels 3-5, meaning that the ADS can take full control of a vehicle, requiring no human input, for at least some portion of the driving process.

Human Machine Interface or Interaction (HMI)

The relationship between humans and a machine system. In vehicles this can include software applications that present information to an operator or user about the state of a digital system, and the controls designed to accept and implement an operator’s instructions.

Intelligent Transportation Systems (ITS)

The application of advanced information and communications technology to surface transportation in order to achieve enhanced safety and mobility while reducing the environmental impact of transportation.

Internet of Things (IoT)

The ever-growing network of digitally connected items. This can include vehicles, phones, household appliances, medical devices, etc. – anything intended to in some way connect to a wider computer network.


The ability of two or more systems or components to exchange information and use what has been exchanged.

In-Vehicle Infotainment or Infotainment System

The equipment and software installed in a vehicle to provide entertainment and information to drivers/passengers – i.e. the radio, navigation system, or in-vehicle Wi-Fi.

LiDAR (Light Detection and Ranging)

A remote sensing method used to examine the an environment via a pulsed laser to measure ranges. LiDAR can be used to create high-resolution maps and 3D images of a vehicle’s surrounding environment.

Machine Learning

Artificial intelligence technology that allows computer systems to learn from input and alter their programming and behavior over time based on that input.


Catch-all term for small, lightweight vehicles that typically carry one person and travel at low speed. These include bicycles (including bike-sharing systems), e-bikes and e-scooters, among other options.

Mobility as a Service (MaaS)

An entity or company that integrates various forms of transportation services into a single on-demand platform. Uber and Lyft are two prominent examples of MaaS, as they provide not only automobile transport, but also micro-mobility access via their apps.

Operational Design Domain

The specific conditions and situations under which a system (such as an ADS or ADAS) is intended to operate. This domain can be limited by geography, vehicle speed, weather conditions, etc.

Original Equipment Manufacturer (OEM)

As used in the automotive industry, the company that originally manufactured the final complete vehicle (i.e. Ford, GM, Tesla, Honda, etc.).

Opt-In Services

Services that require approval from a user before they can be utilized. For example, a ride-sharing company may required users to share their location data before being able to summon a ride.

Over-the-Air (OTA) Update

Software or firmware updates to a device (or vehicle) that are transmitted wirelessly to a vehicle from the internet or a cloud service.


Grouping vehicles together to increase road capacity and efficiency by using automated and connected systems to enable vehicles to travel in tandem much more closely together than currently allowed by law (or would be safe while under human control).


An AV used to carry passengers for a fee.

Roadside Unit

Computing device located on the roadside that provides connectivity support to passing vehicles.

Smart Cities

The integration of connected transportation technology into wider society and the larger emerging digital infrastructure such as the Internet of Things. The benefits of integrating these systems include more efficient traffic management, improved access to transit, and reduced emissions.


The use of wireless devices and “black box” technologies to transmit data in real time. Typically, it’s used in the context of automobiles, whereby installed or after-factory boxes collect and transmit data on vehicle use, maintenance requirements or automotive servicing.

Transit Deserts

Areas with limited transportation supply. These deficiencies can include poor road conditions, little to no access to transit, and the lack of sidewalks.

Transportation Network Company (TNC)

Business model that allows individuals to arrange a ride with a vehicle via an app or other technological solution. The vehicles can be operated by another human (as in the case of Uber or Lyft) or could be operated by the individual seeking a ride (as in the case of Zipccar).

Universal Design

An approach to design that is intended to accommodate users with a wide array of needs and abilities.

Unmanned Aerial Vehicle (UAV)

Aircraft without a human pilot. Commonly known as “drones,” these can operate autonomously or under remote control.

Urban Air Mobility (UAM)

Proposed ecosystem of UAVs and other aircraft using automation and communication technologies to coordinate their movements through urban areas at altitudes lower than traditional aircraft.

User Interface

Set of commands or menus through which a user communicates with a program

Vehicle Miles or Kilometers Traveled (VMT or VKT)

Measure of the total number of miles/kilometers traveled by all of the vehicles in a given geographic area over a given period. This measurement is used in a number of ways in transportation planning, and is seen as a marker of transportation demand.

Vehicle to Infrastructure (V2I) Communication

Communication between a vehicle and pieces of infrastructure (stoplights, rail crossings, tolls, etc.).

Vehicle to Vehicle (V2V) Communication

Communication and information exchange between two or more vehicles.

Vehicle to X (V2X) Communication

Communication between vehicles and other connected digital equipment – including, but not limited to, infrastructure and other vehicles.

Vertical Takeoff and Landing (VTOL)

Aircraft capable of taking off and landing vertically, eliminating the need for a runway. Helicopters are the most wide-spread version of these aircraft in current use, though propeller or jet powered VTOL aircraft are in use by militaries. A number of urban air mobility proposals are built around automated (and often electric) VTOL aircraft for cargo and passenger use.

Vulnerable Road User (VRU)

Road users without the protection of an automobile, such as pedestrians and cyclists.


American Association of State Highway and Transportation Organization (AASHTO)

Nonprofit, nonpartisan association representing highway and transportation departments in the fifty states and all five transportation modes: air, highways, public transportation, rail, and water, with the goal of fostering the development, operation, and maintenance of an integrated national transportation system.

Defense Advanced Research Projects Agency (DARPA)

A Department of Defense (DoD) agency that supports the development of new technologies. One of their programs is the DARPA Grand Challenge prize competition for Autonomous Vehicles, in which university teams enter and work with automotive and tech companies.

Federal Aviation Administration (FAA)

Federal civil aviation agency that regulates aircraft safety, certifies pilots and airports, and monitors and manages air traffic. Part of the U.S. Department of Transportation.

Federal Communications Commission (FCC)

Independent federal commission (lead by five commissioners) that regulates communication industries and technologies, including radio, television, and satellite communications. The FCC is responsible for regulating the use of radio spectrum, and allocates different ranges of spectrum for different uses.

Federal Highway Administration (FHWA)

Federal agency that coordinates highway programs, including operating programs that fund construction and maintenance. Part of the U.S. Department of Transportation.

Federal Motor Carrier Safety Administration (FMCSA)

Federal agency that regulates commercial motor-vehicles, including interstate buses and cargo trucking. Part of the U.S. Department of Transportation.

Federal Railroad Administration (FRA)

Federal agency responsible for regulating rail transportation safety and the railroad industry. Part of the U.S. Department of Transportation.

Federal Transit Administration (FTA)

Federal agency that assists states and cities in developing and maintaining mass transit systems. Part of the U.S. Department of Transportation.

Intelligent Transportation Society (ITS)

The nation’s largest organization dedicated to advancing the research, development and deployment of intelligent transportation systems to improve the nation’s surface transportation system.

National Highway Traffic Safety Administration (NHTSA)

Federal agency that sets and enforces motor vehicle safety standards, while also promoting traffic safety and other automobile-related issues. Part of the U.S. Department of Transportation.

National Transportation Safety Board (NTSB)

Independent federal agency that investigates transportation accidents. The board does not have regulatory authority, but can make recommendations to other agencies based on their investigations. As an independent agency it is separate from the U.S. Department of Transportation or any other department or agency.

SAE International (SAE)

Formerly the Society of Automotive Engineers, SAE International is an organization of engineers from the automotive and aerospace industries. The organization sets engineering standards that are used globally.

Transportation Research Board (TRB)     

Section of the National Academies of Sciences, Engineering, and Medicine focused on transportation. TRB facilitates the sharing of information on transportation practice and policy by researchers and practitioners.

Uniform Law Commission (ULC)

Organization that provides lawmakers with non-partisan model laws drafted and discussed by legal experts.

U.S. Department of Transportation (DOT or USDOT)

Federal department that manages the U.S.’s transportation infrastructure and industries via a number of administrations (some of which are noted above).

Further Resources

The following resources were extremely helpful in the creation of this list, and are excellent sources for more detailed descriptions of many of the above terms and concepts. 

Last year I wrote about Uber and Lyft’s battle against a California law that required them to treat their drivers as employees, rather than contractors. Then, in November, California voters passed Prop. 22, which exempted app-based drivers from that law, something Claire covered in detail. Two recent actions from the Biden Administration, which has positioned itself as pro-worker and pro-organized labor, indicate that the fight over how to classify gig workers is far from over, and that the administration will throw their weight toward increasing the rights of gig workers. These actions come as Uber, Lyft, and other emerging transportation companies reckon with their labor practices overall, amid a changing atmosphere as we emerge from COVID lockdown.

Administration Moves

Last week the Department of Labor withdrew a Trump-era proposed rule change governing the definition of “independent contractor.” The Trump Administration’s proposed change would have deemphasized a number of factors that are used in deciding a worker’s classification, which would have weighted considerations toward classifying workers as independent contractors. By pulling the rule before it can go into effect, the existing rule, with six factors for consideration, remains in use under the Fair Labor Standards Act. This move comes in the same week in which the Secretary of Labor, Marty Walsh, voiced his support for gig workers being considered as employees and receiving benefits, like health insurance, in “a lot of cases.” While that’s far from a definitive course of action, when combined with the regulatory changes, the Secretary’s words indicate the Federal government will be paying attention to the classification fight going forward and is putting its weight behind pro-worker options. I’ll also note that in March Uber announced it will categorize its UK drivers (which total more than 70,000) as employees, bringing them into compliance with a recent court decision – meaning Uber is facing labor changes on both sides of the Atlantic.

Uber and Lyft Need Drivers

While Uber and Lyft gird themselves for possible regulatory changes, they are also dealing with a shortage of drivers. In 2020 COVID lockdowns and the continued threat of the virus (along with the threat of monstrous customers…) cratered demand for rideshares, leading many drivers to move on from ridesharing. Now, with demand for rides growing as the world opens back up, both companies find themselves in need of more drivers and having to turn to financial incentives to recruit them. On the ground the shortage has raised prices and increased wait times for users.

At the same time as they have been recruiting more human drivers, both Uber and Lyft have purged their in-house development of automated vehicles. In December, Uber sold its automation efforts over to automated vehicle developer Aurora for roughly $4 billion. Then last month Lyft offloaded it’s automation program to a Toyota subsidiary for $550 million. For a long time the conventional wisdom was that the end-goal of the ridesharing companies was to automate their fleets and escape from having to deal with human employees (or contractors). Yet given that automation is still years away from widespread deployment and that only a few major corporations can afford the long term development costs of AVs, it seems Lyft and Uber are cutting their losses. That said, if they can survive COVID losses and changing demands, I’m sure they’ll be first in line to buy production AVs.

Emerging Tech and Emerging Labor Issues

Of course, Uber and Lyft are far from the only transportation-tech related companies with labor issues that have become apparent over the past year. Last year, as grocery deliveries exploded in popularity, Amazon drivers were coming up with unique ways of ensuring they got a crack at incoming orders – hanging their phones from trees as close to a Whole Foods as possible. The idea was that by leaving phones closer to the building they would be the first to be offered a delivery job via the gig-app Amazon Flex. Depending on your point of view this is either ingenious, or demonstrative of the gig economy pitting workers against each other. More recently Amazon has taken flack for making the delivery drivers who operate Amazon branded vans (yet are wait for it… contractors…) sign biometric consent forms. The forms give Amazon permission to use cameras and sensors to monitor drivers “100%” of the time they are working, in the name of safety, as the system can give audio alerts to drivers in real time. I can’t imagine that an AI-enabled camera that can yell corrections at you as you drive is anyone’s ideal boss, but here we are.

The gig economy is clearly not going away anytime soon, even if some gig jobs become automated. And now there is momentum for dealing with the employment issues around these companies and their platforms. Just where that momentum takes the labor market, and how it may change the relationship between platforms and workers, remains to be seen.

Last week I wrote about how a recent crash in Texas is illustrative of a serious issue with Tesla’s Autopilot feature. As a refresher, Autopilot is an advanced driver-assistance system (ADAS), meaning it can take over a number of driving tasks and help protect drivers, but a human is supposed to remain focused on the driving task. Failures within the Autopilot system have contributed to several fatal accidents, and Tesla drivers have at times abused the system, using it to operate their vehicle while sleeping, or when they were passed out due to drinking. But these incidents shine a light on bigger problems with Autopilot and ADAS systems in general – problems of public perception in regards to the capabilities of these systems and the lack of regulation dealing with them.

Public Perception

The first consideration in regards to Autopilot and the rest of ADAS/AV development is the question of the public’s perception of Autopilot and just what the technology can actually do. While some of these incidents are no doubt caused by drivers intentionally pushing the limits of the Autopilot system, others are likely cases of “mode confusion” – something previously seen in fighter pilots. Fighter aircraft can have multiple different modes of automation, and to prevent confusion pilots are highly trained to understand the capabilities and limits of each mode available in a given aircraft. The same is not true for drivers, especially when marketing materials and manuals are unclear or make a vehicle out to be more autonomous than it really is. Indeed, a German court recently found that Tesla’s claims about Autopilot were misleading, in a suit brought by a watchdog organization (of which several German automakers are members…). Indeed, the name “Autopilot” seems tailor-made to confuse consumers, though Tesla founder (and soon to be Saturday Night Live host?) claims the name is apt, as aircraft autopilot systems always require supervision. While that may be true, one does wonder how many Tesla owners or potential Tesla owners are up on aircraft operation procedures.

The issue is compounded by Tesla’s introduction of further automation technology and software, including what they call “Full Self-Driving” (FSD). While Tesla’s website and their manuals do state that a driver must be “fully attentive” the danger of confusion is clear (enough that the California DMV, which regulates AVs in that state, had to press Tesla to explain just what FSD did and why Tesla believed the DMV shouldn’t regulate it like other AV systems. It also doesn’t help that the systems in place to monitor drivers using Autopilot can rather easily be tricked, meaning that it’s extremely likely some drivers are intentionally circumventing the vehicle’s safeguards.

Problems for AV and ADAS development and deployment arise if Tesla’s incidents become the face these systems to the public. Tesla has a well-earned image as an innovative company, having pushed the electric vehicle market into a new era, and Autopilot is almost certainly preventing accidents when used properly, just as other ADAS systems do. But if all that cuts into the public consciousness is high profile abuses and deadly accidents, that could set back public trust of automation and harm the industry overall.

Lack of Regulation

There is a very important piece of the puzzle left to talk about – the government’s role in regulating Autopilot and vehicle automation overall. Much has been discussed in this blog about the lack of overall AV regulation, and ADAS has fallen into the same situation – namely the technology is out on the road while safety regulations remain in the draft folder. As I mentioned last week, the National Transportation Safety Board (NTSB), in its 2019 investigation of an Autopilot-related crash, took to task the government’s primary vehicle safety regulator, the National Highway Traffic Safety Administration (NHTSA), for failing to generate clear ADAS safety rules. During the Trump administration, NHTSA remained extremely hands off on generating new rules or regulations regarding ADAS. In 2016, Obama-era NHTSA regulators had indicated that “predictable abuse” could be considered a potential defect in an automated system, which could have flagged Autopilot misuse, but that guidance wasn’t followed up. It remains to be seen if the Biden administration will pivot back toward regulating automation, but given that ADAS accidents continue to occur and garner a lot of attention, they may be unable to ignore it for long. For now, state-level regulators can attempt to fill the gap, as seen in the California DMV emails linked above, but their power is limited when compared to the federal government.

It’s hard to tell how all of this will end. Tesla seems uninterested in pulling back and testing their automation systems in more controlled environments (as other automakers do), and instead continues to push out updates and new tech to the public. Perhaps that level of bravado is to be expected from a company that made its name in challenging the existing paradigm, but that doesn’t excuse the fact that the Federal government has yet to step in and lay down clear rules on ADAS systems. For the sake of the promising safety-benefits of ADAS and automation overall those rules are needed soon, not only to protect the public, but to ensure confidence in these emerging technologies – something that would be to the benefit Tesla and other automakers.

P.S. – I’ll leave you with this – a perfect illustration of absurdity of how vehicle features are named.