An annotation in one of Henry Ford’s notebooks triumphs that “the horse is done!” A century and a digital revolution later, we are not so far off from saying the same about the human pilot.
Looking back, the challenges faced by Ford’s Model T were mostly mechanical. Regulations in the 1920s governed such things as ‘the use of bells, horns and gongs’; ‘the making of unnecessary exhaust noise’; ‘the emission of noxious gas, smoke or steam’.
(As the owner of a cherished MGF all these issues sound very familiar.)
In contrast to that era, the modern automotive age prioritises computing power, placing networked digital systems at the centre of the car-manufacturing process. As a result of this increase in connectivity, cyber challenges that once were the realm of the digital economy are now a feature of the automotive sector.
Data on wheels
A ‘smart’ vehicle works through a complex combination of sensors and software designed to map surroundings and send that information, with instructions, to other parts of the vehicle with limited human assistance. The number of electronic control units in a high-end connected vehicle could be as many as 100, incorporating more lines of code than a fighter jet. Some of these control units will relate to critical functions such as crash-avoidance, braking, acceleration and steering. It is critical that they operate at very high speed, be highly available, be very resistant to failure, and be supported by “fall back”.
In addition, such software will be running on an internal network that will also connect to the internet. External connectivity allows for important information flows to other cars and networks (for example Tesla’s fleet-learning network), and also provides access for external connection and management of functions (for example for infotainment systems), or for over-the-air software updates to be applied from a central point.
So what are the risks?
You might recall those adverts they used to air before cinema screenings as a warning for potential digital criminals. The ones that started ominously “you wouldn’t steal a car…”.
It goes without saying that some digital pirates would relish the opportunity to commandeer a physical vehicle, and the connected car and the move towards increased automation could provide hackers with the opportunity to do just that.
There are major concerns that smart car systems could allow an external hacker to exploit weaknesses in parts of the car’s electronic systems to influence them and even assume control. Such an action could directly affect the safety of pedestrians, other road users, and individuals inside the car, undermining trust in the industry’s ability to progress safely down the connected, autonomous route, and so halting the progress rate of important technology. The more connections, the more potential for weaknesses, particularly where connections are being made to third-party devices or poorly protected cloud services.
Accessing the data within the car (or when it is in transmission) could be valuable to a cyber attacker too. Such data could include information regarding the car itself, and real-time information regarding its surroundings, navigation and location, as well as private information about the driver and passengers – which might include data from personal health devices and biometric data (connected to the car to enhance road safety, or just to use it as part of a Local Area Network). Access to this data could result in a breach of privacy to the individuals concerned, as well as potentially having the result of adjusting, damaging, “locking up” or removing the key data that makes connected cars tick.
And locking someone out of their data is a growing threat. Ransomware – a particular type of malware able to assume control of a system and deny access to important files and data unless a ransom is paid – has grabbed headlines recently. Multiple systems suffered a high-profile lock-down in May 2017 via the ‘WannaCry’ malware, causing havoc (particularly within the health sector). If such malware infects a car, a car owner could find themselves in the uncomfortable position of having to pay a ransom to take back control of their own car from a cyber attacker mid-journey.
One thing that we can be certain of is that, like other cyber-crimes, if the opportunity is there then threat actors will seek to exploit it.
So what can be done?
Once we understand the threat landscape the key question then becomes: how can we secure a connected autonomous vehicle from cyber attacks? In a complex supply chain, responsibility for cyber security for each part of a connected set of ‘things’ can be difficult to pin down.
The most immediate solutions will be in the design stages. Embedding security into the design of each hardware and software component will be an essential step. Various initiatives are in the works:
- Fast, low-level security measures that are built into the design of microchips, as well as measures that are incorporated into firmware and software.
- The development of real-time detection measures – to continuously monitor the state of play of the vehicle’s connected systems and ensure any unusual activity is flagged and prevented.
- The development of trusted vehicle-to-vehicle communications systems.
- The development of firmware updates to ensure a vehicle’s software security can be maintained, through over the air transmission or physical updating.
In addition, certain policy proposals are worth flagging:
- The European Union Agency for Network and Information Security has set out the key challenges and recommendations for cyber security and resilience of smart cars. In particular, ENISA notes that cybersecurity depends on holistic protection of all systems involved, as well as individual car components and aftermarket products. Of particular importance are proposals for the development of mandatory staged requirements for security and privacy in ‘Internet of Things’ devices that are incorporated into connected cars.
- The Declaration of Amsterdam, signed in April last year, sets out the agreed steps necessary for the development of self-driving technology in the EU. In particular the Declaration notes that common trust models and certification policies should be developed to prevent risks and support cybersecurity, whilst ensuring safe and interoperable deployment of connected technology.
- A UK bill - the Automated and Electric Vehicles Bill – is currently being considered by Parliament and aims ‘to put the UK at the forefront of automated vehicle ownership and use’. The new Bill allows recovery from motorists for interfering with a vehicle’s systems, or for failing to install security-critical updates to an autonomous vehicle. These measures follows hot on the wheels of what was formerly the Vehicle Technology & Aviation Bill. Interestingly, the previous Bill sought to create an offence of shining or directing a laser at a vehicle, which is a means of compromising the security and safety of a smart vehicle’s systems. It will be interesting to see whether this gets resurrected in some form, and what new changes will be brought in.
Ultimately it remains to be seen what will come of these proposals. In the same way that the technology powering Ford’s motor vehicles improved more rapidly than the roads on which they were driven, the current pace of technological change is likely to be ahead of legislators’ ability to create sound security policies. The key will therefore be with manufacturers and engineers embedding security by design into the construction process.
What other issues might affect how we approach cyber risks?
The presence of cyber threats to automated vehicles should not be underestimated, and the right skills will be required to understand and mitigate these threats. Our previous article on the automotive sector highlighted a skills shortage in the engineering sector. This is compounded by the skills shortage within the cyber security sector - recently highlighted in the UK government’s National Cyber Security Strategy for 2016-2021. The solution, according to the Strategy, is the creation of a vibrant cyber security sector and supporting skills base that can keep pace and get ahead of the changing threats.
Not just this, but end-user awareness of cyber security is relatively low. For any cyber system to be properly secured, it is essential to avoid end-user human errors that render it vulnerable to attacks. The end user is a crucial aspect of a cyber security chain, and so increasing user awareness remains a priority - the human is not done yet.