While autonomous vehicles are expected to be far less prone to accidents than driver-controlled vehicles once they’ve undergone substantial training, they may pose a more serious threat. Due to the over-the-air hardware and software updates these vehicles routinely require, experts believe they have the potential to easily come under attack from hackers who can use them to wreak havoc on the road, potentially turning them into weapons.
“Hackers, for instance, could remotely interfere with a connected vehicle and disrupt safety-critical systems and functions including the engine, brakes, and steering wheel, causing the driver to lose control. On a larger scale, a hacker could enter a single vehicle and access an entire fleet, as a fleet is only secure as its least-secure vehicle,” Moshe Shlisel, CEO at GuardKnox, told Help Net Security.
This cyber security threat means autonomous vehicles will need to undergo intense security vetting.
Three Risk Levels to Consider
To better secure autonomous vehicles, three risk levels should be taken into account:
1) Critical hardware and software components that receive over-the-air updates must have supply chains that are adequately understood and protected.
2) The vehicle’s operating system must use an interface that is secure and equipped to repel cyber security threats.
3) Vehicle operating centers need to be secure.
Currently, there are no specific regulations mandating these considerations for autonomous vehicle cyber security. The SELF DRIVE Act, U.S. legislation surrounding the safety and innovation in testing and deployment of autonomous vehicles, requires a cyber security plan only for highly automated vehicles. Additionally, the U.S. Department of Transportation has not provided specific security regulations for advanced driver-assistance systems.
In Europe, the United Nations Economic Commission has been working on cyber security regulations for autonomous vehicles in the 54 countries it oversees. Under UNECE, regulations will mandate a Certificate of Compliance for Cyber Security Management Systems.
According to Shlisel, regulations are vital to ensuring autonomous vehicles are protected from cyber security threats, especially as these vehicles grow more connected and autonomous.
“Federal lawmakers should enact legislation–with the input of cyber security experts–setting uniform safety standards across the board for these vehicles. We see the beginnings of this in the U.S., as several bills–such as the SPY Car Act and AV START Act–have been drafted surrounding connected and autonomous vehicles, but no bill has yet succeeded,” he said.
Potential Security Risks of AV Crowdsourcing
Crowdsourcing platforms like the Japanese-based group Autoware can help speed innovation in the autonomous vehicle industry. However, information sharing within crowdsource environments, which have multiple contributors, pose potential cyber security threats. While crowdsourcing may speed solutions, it’s important to ask these questions:
- How will unknown contributors be validated?
- In what ways should the contributor be trusted, especially when it comes to their competence?
- Is the contributor actually acting as an enemy?
- Is it smart to unveil the code to anyone who can see it, particularly those who may have bad intentions?
- Validation will be expensive — who will pay for it?
One potential solution is to rely on smaller consortia instead of larger crowdsourcing platforms, writes Rahul Razdan for Forbes.
“It would seem that for safety critical systems smaller trusted consortia which make the active engineering trade-off between innovation velocity and validation costs makes a great deal of sense,” Razdan wrote, citing the Automotive Grade Linux as an example. “In addition, in this structure, contribution equity and consortium stability issues can be much more easily managed. When this process can reach ‘escape’ velocity in terms of the producers/consumers, there is a potential path to a more open system.”
Understand Autonomous Vehicle Technology
Prepare your organization for the latest developments in autonomous vehicle technology. Offer training in foundational and practical applications of autonomous, connected, and intelligent vehicle technologies. Developed by leading experts in the field—including Steve Vozar, CTO and co-founder of May Mobility—the IEEE Guide to Autonomous Vehicle Technology is a seven-course online training program.
Connect with an IEEE Content Specialist today to learn more about purchasing the program for your organization.
Interested in purchasing the program just for yourself? Access it through the IEEE Learning Network.
Razdan, Rahul. (9 May 2020). Open Source And Automotive Safety Critical Systems: What Are The Tradeoffs? Forbes.
Razdan, Rahul. (2 May 2020). Tesla Decepticons ? Is Automotive CyberSecurity A National Defense Issue? Forbes.
Zora, Mirko. (15 April 2020). Are we doing enough to protect connected cars? Help Net Security.