Radiological material transportation is primarily facilitated by heavy-duty on-road vehicles. Modern vehicles have dozens of electronic control units or ECUs, which are small, embedded computers that communicate with sensors and each other for vehicle functionality. ECUs use a standardized network architecture--Controller Area Network or CAN--which presents grave security concerns that have been exploited by researchers and hackers alike. For instance, ECUs can be impersonated by adversaries who have infiltrated an automotive CAN and disable or invoke unintended vehicle functions such as brakes, acceleration, or safety mechanisms. Further, the quality of security approaches varies wildly between manufacturers. Thus, research and development of after-market security solutions have grown remarkably in recent years. Many researchers are exploring deployable intrusion detection and prevention mechanisms using machine learning and data science techniques. However, there is a gap between developing security system algorithms and deploying prototype security appliances in-vehicle. In this paper, we, a research team at Oak Ridge National Laboratory working in this space, highlight challenges in the development pipeline, and provide techniques to standardize methodology and overcome technological hurdles.

翻译：放射性物资运输主要依赖重型道路车辆。现代车辆配备有数十个电子控制单元（ECU），这些微型嵌入式计算机通过传感器及彼此间的通信实现车辆功能。ECU采用标准化网络架构——控制器局域网（CAN）——该架构存在严重的安全隐患，已被研究人员和黑客利用。例如，入侵汽车CAN网络的攻击者可伪装成ECU，禁用或意外触发制动、加速、安全机构等非预期车辆功能。此外，不同制造商的安全方案质量差异显著。因此，近年来售后安全解决方案的研发规模显著增长。众多研究者正探索基于机器学习与数据科学技术、可实际部署的入侵检测与防御机制。然而，从开发安全系统算法到在实车环境中部署安全原型设备仍存在鸿沟。作为在此领域开展研究的橡树岭国家实验室团队，本文重点阐述了开发流水线中的挑战，并提出了标准化方法学与突破技术障碍的方案。