Challenges with mobility data
Digitization has long since made its way into the mobility sector and is placing increasing demands on the security of processes and systems. The early inclusion of suitable protective measures is mandatory for many institutions. Norms and standards describe general as well as specific requirements that are placed on an information security management system (ISMS). But collecting and merging mobility data is also a challenge.
As a division of Theis Consult GmbH, which operates as an engineering firm in the mobility sector, we deal with the relevance of data in the mobility sector on a daily basis. Data are a key to success for the mobility of the future. They can make mobility safer, cleaner and multimodal. While public transportation services in rural areas are often still inadequate, services in cities are not yet interconnected or are inadequately interconnected. Digital solutions are available for both challenges. But collecting and merging mobility data is proving to be a challenge. Simply expanding the infrastructure will not achieve the desired results. Instead, solutions are needed that keep an eye on the entire mobility situation at the local, regional and supraregional levels and thus make it possible to plan and manage. This can only be achieved if mobility flows are recorded universally. In theory, these can be best mapped using digital data. Up-to-date and reliable mobility information in real time enables mobility participants to plan their journeys optimally.
The demand for confidentiality of data and telecommunications is high, both from the business community and from consumers. Reliability, security and high availability are also the most important quality characteristics. This is one of the reasons why the transport and traffic sector is classified as a critical infrastructure (CRITIS), for which special protective measures must be taken. For this purpose, the BSI began 25 years ago to develop the IT-basic protection standards, according to which specifications for practice have been created at European and national level. Norms and standards describe general as well as specific requirements that are placed on a management system for information security. Local authorities, the administrations of the German Bundestag and the state parliaments, the audit offices of the federal and state governments, and the federal and state data protection officers are recommended to apply the guideline for information security.
Currently, sensors on or near a road count the number of passing vehicles, among other things. It is also possible to record the volume of traffic, e.g., by determining the location of digital speedometers, which are already mandatory for newly registered trucks. In the future, more data will be added by cooperative, connected, and automated vehicles. As a national access point for mobility data, Germany already has the so-called mobility data marketplace, which will be transferred to the mobility data platform in the coming months together with the mCloud. Municipalities, cities and states also already collect (local) data. However, due to hierarchically structured responsibilities, each mainly takes care of its own areas, and there is a lack of capacity and know-how. In addition, long latency times cause difficulties or the data are not accurate enough. Reliable and comprehensive collection of mobility data is not possible and exchange between telematics systems is costly. The requirements and tasks that have arisen in the context of the CRITIS sectors also entail a not inconsiderable amount of work. They have an impact on all the planning steps of an infrastructure technology project, the roles of the players and the planning and implementation within them. The totality of infrastructural, organizational, personnel and technical components require, among other things, data protection concepts, the creation of general and specific guidelines and directives as well as one or more security concepts, risk analyses, emergency management, training, sensitization and much more. Every organizational level has to face responsibilities in the area of information security. Outsourcing the corresponding services is therefore an attractive time- and cost-saving option for many companies.