Discussions about autonomous vehicles have now graduated to questions on the need for regulations and equipping systems with vehicle cybersecurity – a relevant concern that needs to be addressed. However, what might be lost in this is the fact that auto cybersecurity has been a necessity for a long while now, ever since the time OEM companies rolled out connected cars in our midst.
Though the concept of auto cybersecurity does sound similar to cybersecurity softwares that are used on regular computers, the stakes resting on the former is immense. For instance, an auto cybersecurity company cannot advertise with claims of stopping 99% of all the attacks on the vehicle – a notion that signals an instant recipe for disaster.
Then again, this does not mean auto cybersecurity distances itself from the cybersecurity softwares that are in use across other domains, but rather denotes that it has a next-to-nothing threshold in terms of failure.
The tools for encryption and authentication, called the foundational security pieces are an example of pieces in the security chain that is relevant across different markets. “These are protocol products which allow secure connections between different entities. These tools are used by people while updating vehicle softwares, protecting systems from installing fake softwares that could stop a vehicle on the road or cause accidents,” said Simon Blake-Wilson, COO of Inside Secure, a software security firm.
Blake-Wilson spoke about how increasing functionalities in a car and bringing in features like autonomous driving and driver-assist could exponentially increase risks associated with cybersecurity. “A lot of functionalities come at a pretty significant risk. And when you think about security, you can choose on having security in your hardware or software,” he said. “Typically, hardware security is more expensive and is used only when security requirements are perceived to be sufficiently severe to justify.”
Though the situation sounds alarming, most of the forms and targets of attack are the ones that are done in research labs, demonstrating what is possible in theory. But with so many potential clinks in the auto cybersecurity armor, it pays to stick to permutations and work out the ways through which the system could fail or be hacked. “Security concerns are not just about accidents, but could be about privacy. Hackers could monitor the location of a lot of people by reading the vehicle’s location and can do a targeted burglary by understanding where they are in any given time,” said Blake-Wilson.
As a future of autonomous driving beckons, it is critical to understand how security systems could envelop vehicles from harm. “In autonomous vehicles, there is an interaction between the vehicle and the cloud, and there clearly is some heavyweight processing in there. Autonomous vehicles have the potential to change the world in dramatic ways, but it is hard to think of an application with more complex securities,” said Blake-Wilson.
“Within the vehicle, you have sensors collecting data and reporting it to a control unit to make decisions on how to drive the vehicle. The control unit does some significant processing, oftentimes ML or AI based that is split between the control unit on the vehicle with an assist from the cloud to help it,” he said.
That being said, technology and cybersecurity are not the only parameters affecting the advent of autonomous vehicles. Regulations and liability around autonomous vehicles are hazy, as governments and law-making bodies are still at a loss on where the blame lies in the event of an accident. Just as liabilities with human-driven vehicles can often be split between concerned parties, there needs to be well thought out legal perspectives that can address such incidents reasonably.
Blake-Wilson also felt strongly about updating legislation to suit the progress of connected and autonomous vehicles, but he remarked that legislation should strike a balance with progress and not be forced down in place too soon, which could hamper development. Proactive legislation could be inappropriate at times, making it better for governments to take the “wait-and-see” approach, which could expedite the arrival of autonomous vehicles on the road.
