To their champions, autonomous vehicles herald a revolution on the roads – but safety and security worries are mounting

Part of a technology risks series supported by
AIG

Car

For many, it still seems a step too far. But manufacturers are convinced that once we all get used to the idea of driverless vehicles, they will become commonplace and that reconfiguring our relationship with cars – moving us from driver to passenger – will make our roads safer, more efficient and more relaxing.

Intelligent automobiles also offer innovative comforts, enabling passengers to synch their smartphones and enable various useful features, from traffic alerts to media streaming.

For manufacturers, the possibility of live data from the vehicles offers significant advantages in terms of monitoring performance and maintenance issues.

But nothing comes free and concerns are already mounting. For example, what happens to all the data being generated? Users might consent to their insurer having access, but what about the risk of being hacked? Could this compromise security or privacy?

Many in the industry are convinced that these issues can be addressed, citing the successes autonomous vehicles (AVs) are already having in industry.

Dr Peter Harrop, chairman of market research and business intelligence firm IDTechEx, says: “Autonomous vehicles that are well established in relatively controlled environments – such as under water, in the upper atmosphere and in nuclear power stations – offer well understood parameters and history.

“At the other extreme, the intended autonomous cars weaving between driven vehicles, pedestrians and police on foot directing traffic have many unknowns and unquantifiable hazards.

“In between come multicopters following sportsmen to video them and similar applications and search-andrescue robots in disaster scenes that can cause accidents.”

Pace of change

In response, the automobile industry must do all it can to mitigate such threats during design and manufacture – and then communicate that to customers. Security and, in particular, digital security, has to be a top priority, forming an integral part of the design, production, supply chain, sales, warranty and maintenance process.

Manufacturers face real challenges in doing this, not least the rapid pace of change. Functionality and affordability will no doubt improve through experience, but the speed at which developments occur works against the constraints imposed by proper testing and pre-release checks and balances.

“What use is a five-year test on a radar when a lidar replaces it?” asks Christopher Poulin, a research strategist with IBM’s X-Force security research group. “What to do with long-term tests on a battery when it is replaced by one of the new lithium-ion capacitors? All this vast number of new innovations can bring initial lack of reliability and predictability with them, yet if anything has to be superlatively reliable and predictable, it is the autonomous vehicle operating near people.”

As these vehicles become more popular, transport networks will become more crowded, adding to safety and security challenges.

“AVs are particularly lethal if flying over a crowd of people or navigating a crowded road with pedestrians crossing,” says Poulin.

“Connected vehicles are intended to be designed and built with security as a foundational requirement. However, vehicles are no longer islands of electromechanical engineering; rather, they are components of a larger system of systems, which integrates the vehicle, roads, manufacturer and consumer to provide a safe, secure transportation experience.

“Much as they expect anti-lock brakes, airbags and seatbelts as standard features rather than aftermarket or retrofitted options, today’s consumers demand digital security that is delivered unobtrusively with the vehicle. This realisation will drive new revenues for forward-looking suppliers and manufacturers, as well as decreased costs for consumers and original equipment manufacturers.

“Those that can deliver the safety and convenience features consumers desire while also assuring their safety and security stand to leverage the true power of the connected vehicle.”

Networks

However, getting to grips fully with emerging risk demands looking beyond the car to its interactions with the surrounding world.

“The connected car ecosystem should be viewed as a ‘network of networks’ or a ‘system of systems’,” says

Mark Brown, executive director of cyber security and resilience at EY. “It is only one more link in a much wider and complex network.

“When taking this point of view, we see the need to shift the emphasis from the connected car as a clearly defined system [to] the network itself… Security then defends those interactions and is no longer limited to the car as a thing.”

In addition, because the connected car ‘lives’ in the network, security extends beyond closing doors and encrypting data. “Security means managing shared data and a more complex network of participants,” says Brown.

“Opening the onboard network to the internet means that legacy networks and applications become exposed and the ‘attack surface’ increases as the business model expands to new areas, partners and user types.

The target of protection, the object of security, becomes the network of networks, not the individual car. “All cyber security measures and technologies need to be aligned with this goal in mind,” says Brown. “Security requirements must be addressed at the application or channel level.

“When considering connected car initiatives, businesses need to establish a solid legal understanding of data ownership and data protection policies. Only on that basis will it be possible to design agile and secure services that will enhance business operations.

“Connecting to multiple trusted and untrusted networks requires a new trust model, but closing the trust gap between the manufacturer and the car owner and between the manufacturer and commercial partners means balancing risk and trust considerations to create a win-win situation for everyone.”