Securing autonomous vehicles

roborace2

Roborace unveiled the design for their autonomous race car at Mobile World Congress in Barcelona this week. Without a driver the car is lightweight and high performing. Powered by four 300kW motors which run off a 540kWh battery, the vehicle is capable of speeds up to 200 mph.

Last month, an FIA Formula E event in Buenos Aires featured the first ever race between driverless cars – two autonomous vehicles DevBot 1 and DevBot 2 competed head-to-head around the track. They reached 115 mph, and at one point even managed to avoid a stray dog which had ventured onto the track. Unfortunately the race ended when one of the vehicles crashed into a barrier while cornering too fast – there are still some kinks to iron out in the AI.

It won’t be long before we see a full field of driverless autonomous race cars competing in race events. Lessons learned on the track accelerate development of autonomous vehicles on public roads.

Motor vehicles are undergoing the most significant transformation since Carl Benz first unveiled his single-cylinder motor in 1879. Advancements are enabled by the convergence of AI, positional sensors, electrical power, automation and connectivity.

The Society of Automotive Engineers (SAE) define levels of vehicle autonomy from 0-5. At level 1 for example, a driver must be ready to take over control at all times, level 4 is full autonomy except under certain conditions such as severe weather, and level 5 requires no human in all situations. An autonomous Volvo S60 for example is capable of level 3, able to drive unsupervised in limited environments such as on a freeway.

While these technological advancements have potential to significantly enhance our lives through better safety, convenience, efficiencies, productivity and lower stress, they also introduce considerable new threats from cyber attack. Intrusions can lead to the remote hijacking of vehicle operations as demonstrated by Charlie Miller and Chris Valasek when they successfully hacked into a Jeep Cherokee through its entertainment system, and remotely controlled car dashboard functions, brakes, steering and transmission. In order to help improve security, some vehicle manufacturers such as Fiat Chrysler, Tesla, and GM, have initiated bug bounty programmes. The car industry may need to learn lessons from the airline industry who have built-in redundancy through multiple parallel systems.

Consequences of attacks could be anywhere on a scale from merely inconvenient, to financially costly (such as in the case of ransomware attacks), to life-threatening if the attacker controls vehicle operations. Software bugs, blue screens, false positives and such issues found in conventional QA processes, have greater significance for critical systems relied upon in vehicle automation. Cyber attacks could target multiple vehicles simultaneously, potentially creating gridlock and disabling an entire transportation infrastructure.

Autonomous vehicles are a complex collection of leading-edge technologies, and comprise a large number of connected computing devices (directing Electronically Controlled Units – ECUs), sourced from different suppliers in different countries, powered by different software running on a variety of operating systems. Some components are connected to ecosystems external to the vehicle. Exploitation of the system could potentially originate on any of these independent systems. This complexity produces a significant security problem. Protective security measures need to be embedded at the level of the ECU as well as at the layer of external communication.

The Automotive Information Sharing and Analysis Centre is an industry-operated body for enhancing cyber security awareness and coordination across the automotive industry.

As vehicle technology advances, top priority needs to be given to cyber security. By its very nature, autonomous vehicles will be transporting consumers who are apprehensive about security, even though most have blissfully travelled great distances as passengers of commercial planes on autopilot. News of security breaches will be particularly high-profile and the automotive industry will need to pay close attention to security issues to alleviate fears.

Leave a Reply

%d bloggers like this: