Massachusetts is the only state (so far) to have a law (2019 MA S 2056) directly addressing the cybersecurity capabilities of autonomous vehicles. The law provides that:

“… regulations shall be designed to safeguard the personal information…of residents of the commonwealth and shall be consistent with the safeguards for protection set forth in the federal regulations by which the person is regulated. The objectives of the regulations shall be to: insure [sic] the security and confidentiality of customer information in a manner fully consistent with industry standards; protect against anticipated threats or hazards to the security or integrity of such information; and protect against unauthorized access to or use of such information that may result in substantial harm or inconvenience to any consumer.”

This is a machine-to-human law, and as important as that is, it is incomplete. What is also needed is a machine-to-machine law. Specifically, one that addresses the same safeguard principles we see above, but focused on data collected by autonomous vehicles that does not relate to the driver/operator. (There are no confidentiality or privacy concerns with this type of data.)

The machine-to-machine law aims to safeguard data that encompasses virtually all of the infrastructure conditions and traffic patterns recorded by the vehicle during any given trip and transmitted to the transportation-centric ontology. In my discussion of this ontology, the need to protect the integrity of this data was of paramount concern. (One method I advanced for consideration is blockchain.) Any degradation in its trust value can trigger large scale operational disruption, but more critically, tampering with this data can lead to catastrophic, fatal consequences.