Why a cybersecurity framework for autonomous vehicles is now vital

Like every other advancement of technology, in every industry, autonomous vehicle innovation brings new opportunity for exploitation.
18 May 2020

Attendees view the autonomous Hyundai Mobis M.Vision S concept vehicle for urban sharing at the Las Vegas Convention Center. Source: AFP

  • A consortium has invested up to US$1.4 million to fund projects investigating cybersecurity for autonomous vehicles
  • Cyber threats could interfere with data used to power self-driving tech
  • Digital twin is an emerging tech that could test the resilience of a system’s cybersecurity 

Automobile makers have been ramping up efforts to bring self-driving cars to the masses. Key players like Tesla, Waymo, Renault, Uber, Pony.ai, and Alibaba are among many that are racing to lead in the autonomous vehicles sphere. 

Companies like Uber are invested in developing self-driving cars for their ride-sharing business, and inking partnership deals with the likes of automaker Hyundai to work on turning flying taxis into a reality. 

Before these vehicles enter the mainstream consumer market, we’re likely going to see them in commercial use first. Autonomous vehicles could be a boon to the last-mile delivery market, for one – UPS, for example, has invested heavily into self-driving vehicle manufacturer Arrival. Last December, Plus.ai‘s autonomous trucks transported 40,000 pounds of Land O’ Lakes butter, successfully completing a three-day trip across the highways and roads of the United States. 

But greater uptake in the consumer market is the end goal. Self-driving technology is set to transform our lives by bringing forward innovative mobility solutions which reduce congestion on the roads, working in concert with other smart city technology, and generating reams of new data, providing new perspectives on our environments and society.

But like any connected technology, autonomous vehicles are rife with opportunity for breaches by cybercriminals with malicious intent. Compromised systems could be used to steal personal data from owners or, in possibly a worst case scenario, even to access systems and take control of a vehicle, which could be anything from a two-door saloon to a semi. 

There have already been early warning signs that cybersecurity considerations are not being prioritized sufficiently by manufacturers and developers.

It was recently discovered that Tesla computer units were being sold on eBay that still had previous owners’ personal data accessible on them. This revealed that carmaker does not routinely erase personal data from replaced components, and that owners who have had their car retrofitted with new hardware could be the victim of a personal data breach. 

While the data found was mainly related to the vehicles’ infotainment systems, it demonstrated that cybersecurity isn’t a universal consideration at a car company that seeks to pioneer new grounds of future transportation. What does that imply for the industry as a whole?

The issue of cybersecurity in autonomous vehicles is not a new consideration.

“Self-driving cars have the potential to transform our transportation network and society at large. This carries enormous consequences given that the data and technology are likely to fundamentally reshape the way our cities and communities operate,” read a report from Dartmouth College published two years ago.

“If we’re going to adopt self-driving cars, then we should really make absolutely sure that they are as secure as they can be […]”

Like regulation, safety and the readiness of the technology itself, researchers know that cybersecurity is a compulsory attribute for the successful deployment of these vehicles of tomorrow. Last year, Warwick Manufacturing Group (WMG), part of the University of Warwick, claimed to have demonstrated a number of innovations that could enhance the safety and security of autonomous vehicles.

It trialled these at a 5G-enabled future mobility test track in the UK, using technologies like encryption and edge computing in efforts to make data transfer between vehicles and their surroundings bombproof.

Fast forward to today, and recognizing the unprecedented growth of connected and autonomous vehicles and a lack of standard measures in cybersecurity, industry individuals in the UK have called for the establishment of a transport cybersecurity program.

The ResiCAV project aims to lay out the physical and virtual capabilities required to build a resilient cybersecurity system for autonomous vehicles, while also providing an infrastructure to detect and address digital threats.

A consortium led by Zenzic, together with Innovate UK and Centre for Connected and Autonomous Vehicles, have invested up to US$1.4 million to tackle cybersecurity issues through the launch of seven projects.

Releasing a report that outlined the findings of each project, they compiled information that would help create a strong foundation to dictate the direction of establishing a cybersecurity framework for autonomous vehicles.

The study highlighted the complex interaction between autonomous vehicles and their environment, including “road-side communications equipment, smart infrastructure, mobile communications equipment, and others,” which represent vulnerable areas for cybercriminals to target.

These threats can take many different guises. In one example, parties could distort an autonomous vehicle’s perception sensors – tricking cars into seeing something that’s not really there and using this to change a vehicle’s route.

Bad actors could even infiltrate a vehicle’s systems in order to manipulate data connections and shared information protocols like vehicle-to-vehicle (V2V) and vehicle-to-everything (V2X).

One of the projects, which aims to leverage digital twin technology for cybersecurity testing, amplified the need for a “systematic and proactive monitoring and identification of operational threats and attacks facing [autonomous vehicle] ecosystem.”

Another project dubbed DT-4-CT revealed a lack of standards and guidance in security compliance could lead to a weakened security within connected systems, something which could eventually compromise the safety of road vehicles and road networks.

Proposing the use of digital twin to “define quantitative measures and standardized processes to objectively measure the security of a system,” the project will use the technology to allow companies to design, simulate, and test their autonomous vehicle systems against cybersecurity threats, empowering enterprises to enhance their cybersecurity defenses.

A uniform cybersecurity framework for autonomous vehicles is critical for ongoing trials and deployment of autonomous vehicles on the road. The framework will ensure a global standard and compliance in security for all organizations in the autonomous vehicle ecosystem.

Like every other advancement of technology, in every industry, digital innovation brings new opportunity for exploitation. From self-driving vehicle makers to SaaS developers to IoT hardware manufacturers, pushing the envelope with innovation must also means pushing the envelope with cybersecurity – the two, by necessity, can no longer be exclusive.