Autonomous Vehicles (AVs)
Advances in technology continue on a near daily basis. A strong example of this is Autonomous Vehicles (AVs) and the rate in which they are experiencing rapid growth and acceptance throughout the world. There are several levels of AVs, depending on their degree of autonomy.
The following levels have been created by the Society of Automotive Engineers (SAE) and adopted by the US Department of Transportation:
It is important to consider that these developments have taken place in the automotive sector with large scale crossover into the cybersecurity. This is true for infotainment systems as much as it is for the vehicle itself. The modern-day vehicle resembles a large computer with significant connection capabilities and needs to be secured as such.
Threats to Autonomous Vehicles
Modern vehicles contain Electronic Computing Units (ECUs) to conduct the complex processes required for your driver assist and infotainment functions. This results in up to 100 million lines of code programmed into the ECUs, a significant number when compared to the approximately 25 million lines of code written into the ECUs of a passenger aeroplane. Vehicles contain a myriad of sensors, cameras, radars and Light Detection and Ranging (LIDAR) systems, all of which contain their own vulnerabilities.
Common attack vectors are not unique to vehicles, they are shared throughout the wider cybersecurity industry with all connected systems. From unauthorised software modifications to Denial of Service (DoS) attacks, compromising user privacy and vehicle safety is achievable and has been proven on several occasions:
Owners and organisations need to consider the safety of people in the vehicle and around them but also need to consider the private data that is at risk. The vehicle itself contains data such as the locations visited and as most drivers now use some level of mobile phone connectivity within the vehicle, their personal data is also vulnerable.
Combat the threat
Due to the myriad of third parties involved in vehicle manufacture, a holistic approach to security is very difficult to achieve. Components found within a vehicle may come from different companies or even different countries, each with their own approach to security.
In June 2020 the World Forum for Harmonization of Vehicle Regulations under the United Nations Economic Commission for Europe (UNECE) announced the adoption of frameworks to address the increase and significance of software and connectivity in vehicles. This has provided a basis for new regulations that have enacted cybersecurity requirements for future vehicles in more than 60 countries. Unfortunately, this will not stop malicious actors finding new vulnerabilities in the system throughout the vehicle’s lifespan but it does address the previously mixed approach to security by design.
Owners and organisations can implement small security procedures through their own practice to lower certain risks:
- Adopt strict password procedures (complex and changed regularly)
- Organisations may use network segmentation for connected vehicles in their fleets
- Limit the use of GPS services, use them only when needed
- Educate users on security implications and risks to personal or company data
If you require advice and support, contact Xcina Consulting. We provide our clients with pragmatic advice and guidance to ensure the protection of connected devices. For more information contact us at info@xcinaconsulting.com.
References
Johannes Deichmann, Benjamin Klein, Gundbert Scherf, and Rupert Stuetzle. The Race for Cybersecurity: Protecting the connected car in the new era of new regulation. Available at: Connected car cybersecurity in the era of new regulation | McKinsey
Hugh Shepherd. Cybersecurity in Connected Autonomous Vehicles. Available at: Cybersecurity in Connected Autonomous Vehicles | Cybrary
Autonomous Vehicles and the Threat of Hacking – CPO Magazine
New Cybersecurity Regulations Challenge Automobile Manufacturers | Deloitte | Blog