CYBER SECURITY Securing the future of autonomous vehicles
While autonomous vehicles will bring many benefits to transport, the environment and society, one of the major issues facing their development is security. As self-driving car prototypes become ever more complex, policing security will soon become a major challenge.
Recently, it was discovered that Tesla computer units were being sold on eBay with previous owners’ personal data still on them. Similarly, a group of Chinese researchers were able to hack Tesla’s Autopilot software into swerving into an oncoming traffic lane. And then there’s the two security researchers who demonstrated how it easy it was to hack into a Jeep Cherokee through an internet connection.
In light of these and attacks, let’s take a closer look at the security issues facing autonomous vehicles and the potential solutions.
The security risks facing autonomous vehicles
Autonomous vehicles (AVs) run on increasingly complex software. They use sensors and physical feedback to gauge breaking distances, change lanes and avoid collisions. Like all software, AV software is vulnerable to hacking. Autonomous vehicles also rely on connectivity with other devices and as such, they require an internet connection, which makes them even more vulnerable to cyber attacks. And over time, new threats and vulnerabilities will arise. Not only will traditional attacks on data and software remain an issue, but so will Internet of Things (IoT) attacks, ransomware and vehicle theft. And as AVs are given the ability to process payments, they will become vulnerable to attacks through financial networks.
Currently, AV security is heavily focused on securing product quality and passenger safety. Features like Advanced Driver Assistance Systems (ADAS) help identify safety-critical situations and warn drivers of potential hazards. However, there’s still some way to go before the risk of external threats from hackers are mitigated. Cloud databases are one area where hackers may be able to manipulate a car’s features like switching off safety devices. Likewise, the use of multiple coding languages for component parts creates the potential for system penetration.
Mitigating the risks of cyber attacks
To mitigate the risks of cyber attacks, a multi-layered approach is required that uses existing security frameworks and encourages industry best practices. The European Union Agency for Cybersecurity, ENISA is one such agency dedicated to achieving a high common level of cybersecurity across Europe.
A comprehensive approach to AV cyber security would include a prioritized approach to identifying vulnerability, with a particular focus on vehicle entry and exit points. A rapid detection and response to security incidents would also be required alongside architectures and measures that enable rapid recovery when attacks do occur. Machine Learning (ML) can also play a pivotal role in identifying unusual behaviour. For example, if a vehicle’s safety features were to be disabled while the car is moving, ML would be able to raise an alert.
5G networks should also be diversified to avoid all cars being connected to the same network at once. In the event of a network attack, diversification would ensure only some vehicles are impacted, which would also avoid traffic congestion issues.
In the UK, the ResiCAV project was recently established to protect AVs against rising security threats. As a consortium of partners, the project explores how the mobility industry will detect and respond to emerging cyber security threats in real-time.
The challenges of implementing security measures
The primary barrier to realising a comprehensive approach to AV cyber security is cost. Without affordable systems and infrastructures, manufacturing costs will be too high to create a viable AV mass market. Consumers will be reluctant to pay premium prices for cyber security features that don’t enhance their driving experience.
A lack of standardisation across automotive security is another obstacle. Unless car manufacturers work in collaboration to advance cyber security features, the costs associated with ensuring interoperability will be too high for many automakers.
Collaboration is essential to ensuring security frameworks and components to mature at a faster rate. Cyber security can be scaled more effectively across AVs through partner collaborations that enforce rules and regulations. Data sharing can help automakers and tech companies learn from the success of others an anticipate future security challenges.
Without best practice sharing, automakers are limited in their ability to predict the impact of implementing new security frameworks, which consequently, stifles progress.
Autonomous vehicles have the potential to greatly benefit society, but there are still important challenges and obstacles that need to be overcome.
How cyber security is approached in the near-future will determine the long-term success of autonomous vehicles. External factors like security regulation and industry collaboration not only across Europe, but the globe, will also play an important role in the process.
As in any industry, innovation advances progress. As an increasing number of AV prototypes are realised, cyber security must become an essential part of the design process.