Driverless tech should care about cybersecurity. Here’s why
The claims around the transformative nature of driverless technology to our environment, our productivity, our mobility and even our overall wellbeing are well documented, but despite considerable hype surrounding the technology in recent years, we seem to be scarcely any closer to having a driverless world today than we were a few years ago.
While the hurdles to overcome are numerous, perhaps one of the biggest is ensuring that the vehicles, and the networks they rely on, are secure from malicious activity. GM CEO Mary Barra famously said that the key to autonomous technology is the ecosystem, and that they will only truly thrive when they're talking to each other on a continuous basis.
Research from Coventry University highlights the importance of securing this communication infrastructure, with the researchers reminding us that autonomous vehicles are in many ways no different to nodes on the internet of things (IoT), and therefore face many of the same cybersecurity threats.
There are, however, a number of elements of autonomous, and indeed, connected vehicles that make them stand out from other IoT networks, however. For instance, the onboard safety systems, including ‘Smart SOS’ emergency response functionality, or direct connectivity to insurers to monitor usage all offer unique functionality alongside unique challenges in securing the network.
The researchers believe that four such features are especially vital and whose security needs to be addressed as a priority. The first of these is the very nature of cyberspace itself, as the commercial nature of the environment can render it especially challenging to effectively regulate. The second is the inherent complexity of the connected environment, as the vehicles and the supporting infrastructure contain a bewildering array of components, each of which offers potential vulnerabilities. The third factor the researchers identify is the speed with which threats can present themselves, and there is considerable potential for ‘zero-day’ attacks that require almost immediate action to ensure catastrophic failures in the system don’t emerge. Lastly, it’s likely that any attackers will keep their actions undercover for the time being, which can lull manufacturers, governments and even the public into a false sense of safety in relation to the technology.
Some of these security risks were put to the test in a simulated environment in research undertaken by the University of Michigan. The team, who were operating out of the university’s extensive Mcity vehicle technology facility, developed a tool they refer to as the Mcity Threat Identification Model. The model aims to provide a clear and robust framework for industry stakeholders to develop reliable cybersecurity processes that take into account a wide range of factors, including the motivations of the attacker, the ways in which an attack can unfold and the consequences of a successful attack on the passengers, other road users and other stakeholders.
Despite the severity and risk posed by cyberattacks, the researchers believe that addressing cybersecurity is often something of an afterthought across the industry. They hope that their tool will provide an easy way for the industry to make initial steps in identifying the kind of threats the sector faces, and then creating effective counter-measures to ensure autonomous systems remain secure.
Autonomous technology is an example of a cyber-physical system that intersperses both physical and virtual worlds. This creates unique challenges in terms of ensuring the system remains secure yet functional. The researchers highlight how the network is vulnerable both to traditional cyberattacks surrounding the running of the vehicle and the information that supports it, but also in areas such as vehicle theft and ransomware.
As with the team from Coventry, they also identify significant risks to the infrastructure used to connect vehicles with one another, and with the infrastructure itself. Whether it’s the roadside sensor network or traffic control features, financial infrastructure for processing insurance and toll charges or electricity infrastructure to power the vehicles, there is a wide range of potential vulnerabilities.
Indeed, with vendors and commentators touting the potential for connectivity between your vehicle and your home, the ability to turn on your air conditioning from your car as it drives you home from work may be a nice way for a burglar to break in.
The Michigan team put the Mcity framework to the test in a range of simulations, and it successfully highlighted a range of security vulnerabilities in the automated parking process. The model was able to show that the biggest vulnerability was in the range sensors in the vehicle, and that hackers would likely try and send a false signal to the vehicle to then disable remote parking. This could even be used by a thief to steal the vehicle.
It’s perhaps understandable that initial efforts have focused primarily on the core functionality of autonomous vehicles, but as the technology gets nearer to market, it’s vital that cybersecurity considerations are baked into the very construction of the vehicles and their supporting infrastructure. The research highlighted in this article reminds us that such developments will require a coordinated approach from all stakeholders to ensure that no weak spots exist that can be exploited by attackers.
Indeed, the Michigan team argue that without such robust and foolproof cybersecurity, the technology will fail to successfully make it to market, as both regulators and the general public will lack sufficient trust to make what will inevitably be a leap of faith to take their hands from the wheel. As such, investing in cybersecurity cannot come soon enough for the industry to maintain trust in the technology and assure us that the infrastructure will be immune from nefarious influence.