Fundamental cybersecurity weaknesses in all the technologies involved in autonomous vehicles need addressing NOW before naked ambitions lead to destruction.

In the growing global crisis recognized as climate change, automobile manufacturers are facing a new challenge: consumers are demanding more fuel-efficient vehicles, a reduction in traffic, and fewer accidents.

Automakers, innovators, and planners are responding in turn. Electric vehicles, which make up roughly 1% of the consumer fleet now, are expected to grow to 100% of the new consumer market in the West, by 2030.

Mobility companies are looking for better options for ride sharing; and innovators are working with cities to find new and clever ways to offer flexible, reliable, and safe means to travel. So, what is the problem? Unprecedented cybersecurity threats leading to physical harm on the road!

Jeff Davis, Senior Director, IVY Ecosystem, BlackBerry

We let Jeff Davis, Senior Director, IVY Ecosystem, BlackBerry, explain …

Mining vehicular data

Every bit of the autonomous vehicle world is built on a complex system of silicon and software. The average automobile coming off the line right now has more lines of code than most fighter jets!

More cars are now connected, working off the Cloud, and they are segmented into make, model, and year specific architectures. This is where public planners need to be forward-looking and ensure that the integrated systems that will make up the next generation of transportation protect the lives and the privacy of the people it serves.

According to KPMG’s 2020 Autonomous Vehicles Readiness Index, autonomous vehicles will be revolutionary; however, it is not their autonomy that makes them valuable: it is the metrics they provide. Terabytes of data generated in their day-to-day operations can be analyzed and applied, on a larger scale, to make smart cities safer and more efficient.

Despite the clear benefits, there are also huge safety risks when it comes to putting autonomous vehicles on the road. Given the sheer number of moving parts as this technology interacts with the environment, traditional approaches to on-road risk management may become futile. 

Interoperability challenges security

Connected transportation technology will increasingly require effective cybersecurity. As the software in a car grows, so too does the attack surface, which makes it more vulnerable to cyberattacks. Experts estimate that quantum computers that can subvert modern cryptography are only a decade away, underscoring the need for automakers today to integrate security principles that can defend against such groundbreaking threats.

Imagine an attack in which the integrity of distance measurements is affected, or that prevents the vehicle from activating the brakes to avoid collision. An attack on environmental sensors could disrupt the detection of inclement weather and halt consequent safeguards. Each of these scenarios would result in serious ramifications for passengers and pedestrians.

Fortunately, it is becoming more widely understood that safety and security are substantially intertwined. In other words: there is no safety without security.

When it comes to keeping autonomous vehicles secure, the industry certainly cannot make the same mistakes the technology and software industries have made in the past. It will not be acceptable to ship autonomous vehicle software riddled with vulnerabilities, requiring constant updates and layers of third-party tools such as firewalls, intrusion detection systems and other defenses. The stakes are simply too high.

Building secure autonomous vehicles will require millions of lines of code to be developed securely by design. This software will need to be maintained securely and interoperate with the owner’s devices and other existing smart infrastructure. Adding to the chaos is the democratization of software across the application layer and throughout the Internet of Things, which can put strain on a system that will most likely go unnoticed by human operators until there is an unwanted outcome.

Nextgen solution: machine learning

In securing autonomous vehicles, context will be critical in managing the chaos. Fortunately, vast amounts of data are generated from the smart connectivity that can provide the contextual clues we need to identify and ameliorate threats. But only if we have tools capable of teasing them out. 

This is precisely the kind of processing that machine learning (ML) excels in. By acquiring a broad understanding of the activity surrounding the assets under their control, ML-driven solutions make it possible for analysts to discern the relationship between events widely dispersed in time and across disparate hosts, users and networks. Properly applied, ML can provide the context we need to reduce the risks of a breach while significantly increasing the ‘cost of attack’.

The level of dependency we have on the vehicles and the amount of time we spend moving around in them has created a potential market for new ideas and innovative solutions, such as autonomous driving. The application of ML to enhance security and safety outcomes offers us a chance to protect and improve our future. 

It is imperative that professionals across the mobility sector have an understanding of ML beyond buzzwords, its capabilities and limitations, and what an appropriate secure smart vehicle solution looks like.

The future of automated, on-demand mobility looks promising as trials continue and improvements are made. While enhancing the ever-more complex IoT infrastructure that is the backbone of the autonomous vehicle revolution, fundamental security measures must be kept in focus simultaneously.