Module 3: Cybersecurity for CAVs: Safety and Security Assurance Against Cyber-Physical Attacks

Module 3: Cybersecurity for CAVs: Safety and Security Assurance Against Cyber-Physical Attacks

Course Overview: This course will cover a wide range of topics in security and safety for CAVs (Connected and Automated Vehicles), providing a broad introduction of the CAV ecosystem, followed by both known attacks and emerging attacks (e.g., adversarial machine learning), along with defense solutions. The course will provide the introduction of the CAV software stack, the core algorithms, and the role that Machine Learning/AI plays in Transportation, Automated Vehicles, and Connected Vehicles. It also covers how connectivity between vehicles (e.g., using CV2X or DSRC support) can enable new capabilities such as cooperative sensing to improve safety and security of CAV based driving. The second part of the course will cover advanced topics such as hardening the CAV ecosystem and reducing cybersecurity risks, which requires a concerted, multi-pronged approach that incorporates vehicles, diverse sensors, roadside units, transportation, and digital infrastructure including cellular networks and edge/cloud computing facilities. We will survey the existing work in a security analysis framework to study various cybersecurity risks in the CAV ecosystems. The course will conclude with some research results in understanding new attacks on AI (artificial intelligence) algorithms and systems used for cooperative driving and proposed potential new directions in mitigating such threats. Throughout this course, we will also cover the standards and best common practices from industry and standards bodies related to security and safety.


Course Instructor(s): Z. Morley Mao, Professor of Electrical Engineering and Computer Science — University of Michigan
Dr. Andre Weimerskirch, Chief Operating Officer — Block Harbor Cybersecurity

Headshot of Z. Morley Mao. The link directs to their bio page on the CCAT website.

Dr. Morley Mao received their B.S., M.S., and Ph.D. degrees from the University of California at Berkeley. They are a recipient of the NSF CAREER Award, Sloan Fellowship, and the IBM Faculty Partnership Award. They have been named the Morris Wellman Faculty Development Professor. Their research interests encompass network systems, mobile and distributed systems, and network/systems security. Their work involves both empirical data collection and analysis, as well as the design and implementation of new systems.

Andre Weimerskirch Headshot

Dr. André Weimerskirch is COO of Block Harbor Cybersecurity. Before that, André was Vice President for Product Integrity and Technology at Lear Corporation where he was responsible for product security, functional safety, platform software, and validation labs. André also established the transportation cybersecurity group at the University of Michigan Transportation Research Institute (UMTRI) and still holds an Adjunct Associate Research Scientist appointment. André co-founded the embedded systems security company ESCRYPT in 2004 which was sold to Bosch in 2012.

André is active in all areas of transportation cybersecurity and privacy, he is a main designer of the American vehicle-to-vehicle (V2V) SCMS security system, published numerous articles in automotive and embedded cyber security. He is co-founder of the American workshop on embedded security in cars (escar USA), co-chairs the CCAT cybersecurity working group at the University of Michigan and is an advisor to the University of Michigan Dearborn Computer and Information Science Department.


Winter 2026 Office Hours (Z. Morley Mao): Wednesday, March 25th | 10:00 – 11:00 AM ET
Link: https://umich.zoom.us/my/morleymao

Winter 2026 Office Hours (Andre Weimerskirch): Friday, March 27th | 1:00 – 2:00 PM ET
Link: TBD


Course Content

Section 0: Introduction

Section 0 Videos


Section 1-4: Introduction of Perception Systems, Sensor Fusion of a Single Vehicle, etc.

Section 1-4 Description

In this section, you can expect:

  • An introduction of CAVs, infrastructure, automotive electronics, and vehicle architectures
  • To learn how the different entities contribute to the CAV ecosystem, the dependencies, the standards, and how new technology is introduced and adopted
  • An introduction of CAV’s impact on the transportation system
  • To learn how CAVs can improve the safety of the transportation system: the current deployment status and future plans. 

Section 1-4 Videos


Section 1-4 Quiz

Section 5-8: Security and Safety Foundations

Section 5-8 Description

In this section, you can expect to learn the following:

  • Underlying cryptography and security relevant to CAVs
  • Underlying safety theory/mechanisms relevant to CAVs
  • Secure hardware and secure boot
  • Secure FOTA and secure in-vehicle communication

Section 5 Videos — Introduction to Cryptography


Section 5.1 Quiz

Section 5.2 Quiz

Section 5.3 Quiz


Section 6 Videos — Introduction to Safety


Section 6 Quiz


Section 7 Videos — Secure Hardware and Secure Boot


Section 7 Quiz


Section 8 Videos — Secure FOTA and Secure In-vehicle Communication


Section 8 Quiz

Section 9: Software Defined Vehicles: Security and Safety Considerations

Section 9 Description

In this section, you can expect to learn:

  • SDV and embedding vehicles in ecosystem: in-vehicle

Section 9 Videos


Section 9 Quiz

Section 10-12.5: Connected Aspects of CAV: V2X (Security and Safety)

Section 10-12.5 Description

In this section, you can expect:

  • An overview of V2X technology and applications
  • To learn V2X security standards
  • To learn V2X robustness improvement
  • To learn about collaborative applications (security thereof), and collaborative security applications such as collaborative misbehavior detection
  • To learn collaborative perception/sensing

Section 10 Videos — Overview of V2X


Section 10 Quiz


Section 11 Videos — V2X Security


Section 11 Quiz


Section 12 Videos — V2X Robustness Improvement


Section 12 Quiz


Section 12.5 Videos — Collaborative Perception


Section 12.5 Quiz

Section 13-16: Security of AVs (Single Vehicle)

Section 13-16 Description

In this section, you can expect:

  • An introduction to AI/ML and AML (adversarial Machine Learning)
  • To learn about trajectory prediction, AI/ML applications and security
  • To learn about sensor security: sensor spoofing attacks (e.g., LiDAR spoofing)
  • To learn about the security of perception systems, sensor fusion of a single vehicle, etc.

Section 13 Videos — Adversarial Machine Learning


Section 13 Quiz


Section 14 Videos — Trajectory Prediction


Section 14 Quiz


Section 15-16 Videos — CAV Traffic Signal Control


Section 15-16 Quiz

Section 17: Security of CAV-based Transportation System

Section 17 Description

In this section, you can expect to learn:

  • About defense against data spoofing attacks (collaborative sensing)

Section 17 Videos


Section 17 Quiz

Section 18-19.5: SOC/Monitoring/Anomaly Detection

Section 18-19.5 Description

In this section, you can expect:

  • To learn about IDS in vehicles and ML/Anomaly detection to find issues
  • To learn about Vehicle SOC

Section 18-19 Videos — IDS, Anomaly Detection, and VSOC


Section 18-19 Quiz


Section 19.5 Videos — Privacy


Section 19.5 Quiz

Section 20-21: Overview of Research Hacks and Future Directions

Section 20-21 Description

In this section, you can expect:

  • To learn about the Jeep Cherokee Hack
  • To learn about other interesting hacks

Section 20 Videos — Jeep Cherokee Hack


Section 20 Quiz


Section 21 Videos — Other Interesting Hacks


Section 21 Quiz

Section 22-23: Standards and Regulations

Section 22-23 Description

In this section, you can expect:

  • An overview of standards, standards bodies and processes
  • An overview of automotive cybersecurity engineering

Section 22 Videos — Regulation and Standards


Section 22 Quiz


Section 23 Videos — Automotive Cybersecurity Engineering


Section 23 Quiz

Section 24: Conclusion & Summary

Section 24 Description

In this section, you can expect:

  • To learn about future challenges in this space

Section 24 Videos — Conclusion & Summary