Updated: Dec 13, 2022
Graham Jarvis assesses the cyber-security risks of emerging autonomous technology.
All the major automakers are currently developing autonomous technologies and solutions for their future autonomous vehicles. These technologies introduce new cyber-security vulnerabilities, and some of which require creative assessment techniques to effectively ensure that they are safe from cyber-attacks that could lead to control of a vehicle being taken over by a criminal acting remotely to either steal it, to extort money from their owners; or to use it with malicious intent to cause death or injury.
A paper published by the Institution of Engineering and Technology, Cyber-security: An IET/KTN Thought Leadership Review of Risk Perspectives for Connected Vehicles adds several other “cyber-threat motives and targets” to the equation. These include denials of service attacks, fraud and deception, targeted data theft, freight and goods theft, politically motivated ‘hacktivism’, vehicle immobilization, premises security and burglary too unoccupied businesses and homes, industrial espionage, sabotage and terrorism to a very long list of potential cyber-threats and motives for attacking connected and autonomous vehicles.
New technologies and solutions often come with their own benefits, but with them several vulnerabilities often emerge. “As connectivity evolves, and as software and hardware systems become more complex, the chances of vulnerability grow exponentially,” claims Sam Lauzon, automotive cyber-security software developer, Transportation Research Institute at the University of Michigan. He adds that there isn’t a system on Earth that, “has ever been truly 100% free from vulnerability or flaws, and vehicles are no different”.
“Consider the smart phone security updates occurring monthly – a smartphone isn’t generally responsible for a person’s safety but a vehicle is and the public now demands a vehicle to be ten to hundreds of times more complex with features that aren’t statistically proven to be safe (like Tesla’s Autopilot).”
He notes that it took over 50 years for vehicles to made reasonably safe. That evolution of the automobile began in 1908 with the Model T Ford. Even in 1965 a book claimed that cars were, he says, “unsafe at any speed”. So, given the amount of time, money and energy it has taken to improve the safety of traditional motor vehicles, people shouldn’t fall into the trap of thinking that modern technology is perfect. However, this is the premise that automotive manufacturers are going to use to sell their connected and autonomous vehicles.
Assess as a whole
David Trossell, CEO and CTO of data acceleration company Bridgeworks adds: “Many of the electronic systems for cars come from specialist product providers, and many have their own cyber-security penetrating tests and detection mechanisms built into their products.” However, the vehicle manufacturers are now integrating a wide array of differing systems and so he advises that they should be tested within the vehicle as a whole system.
The problem is that, with over the air connectivity, a vulnerability in one system could permit an attack to spread to other systems within the vehicle. “Now when we add sensors that are used to survey outside of the vehicle this opens up more possibilities for attack,” he explains. “Many technologies are being used in multiple environments to reduce design and manufacturing time, which leads to a carry-over of issues and concerns from one field to another. (i.e. the problems of your smartphone software are being ported to your car’s infotainment system),” says Lauzon.
Subsequently, assessing the cyber-security risk to the latest technologies is fast becoming a “a cross-domain and multi-discipline task which requires incredible flexibility and creativity to stay ahead of the curve,” he reveals. He adds that, “normal electronics engineering tools, such as spectrum analysis and oscilloscopes are utilised” to identify the wireless characteristics of the radar, LiDAR and ultrasonic sensors of the vehicle. He adds that newer software-defined radio techniques are also taking hold.
Mahbubul Alam, CTO/CMO, Movimento Group, says that it’s not enough to take enterprise IT security, add some modifications and then adapt it to an IoT environment. He stresses that vehicles need better and stronger security than that can offer. So, in his opinion, a new approach is required:
“We need a different approach to address these ever-growing security risks. Something that is safe today, may not be safe tomorrow. We need a foundation of technologies that provides much more inherent security, transparency and immutability. We must ensure that the operational architecture is not one of command and control between the vehicle and the cloud. If the cloud is compromised, the car should still be safe. Or vice-versa, if the car is compromised, the cloud should still be secured.” He thinks this new approach should involve distributed ledger technologies because he claims they will “create inherently secured blocks across the network”.
The Mcity and University of Michigan whitepaper, Assessing Risk: Identifying and Analyzing Cyber-security Threats To Automated Vehicles, underlines the need to understand the vulnerabilities affecting with the vehicles. It also proposes the Mcity Threat Identification Model, which reviews threat agents, potentially vulnerable components of autonomous driving applications – from sensors to GPS systems and databases, and an assessment of the attack methods used by following the STRIDE (Spoof identity, Tampering with data, Repudiation, Information disclosure, Denial of service and Election of privilege) classifications developed by Microsoft.
The analysis also looks at the motivations for any potential or actual cyber-attack upon a vehicle, and at the impact it has or may have on the stakeholders. This loss may be financial, or about a loss of privacy and safety. Loss could also be defined as an injury or as death too.
Lauzon adds: “Specific attack tools to specifically manipulate newer types of vehicle sensors don’t really exist in the commercial space. Many of the tools being tested are common, every-day instruments like laser pointers, mirrors and even cardboard cut-outs. When considering attacks originating from the general public, as these local sensor attacks are likely to originate, cost is a huge factor. Nation state actors are unlikely to attempt local vehicle manipulation for any type of large scale attack, simply due to logistical limitations.”
He also finds that autonomous vehicles are very sensitive to sensor manipulation, and even a machine learning algorithm isn’t needed to be trained in “an adversarial way to learn incorrect or inefficient data.” That’s because he says there is currently an inability to accurately identify the decision-making process artificial intelligence (AI) takes, and so “an AI machine learning algorithm can never be 100% safe from a theoretical modeling standpoint.”
The decision-making process may in fact change at any given time – whenever AI learns new information. He concludes that this means that any “safety attestation would have to be performed at every iteration and all of the probabilities [would need to be] tested”. He also claims that this problem intensifies when “malicious individuals are feeding it incorrect data”.
Required: unique solutions
Roger C. Lanctot, director of automotive connected mobility at Strategy Analytics, argues that fundamental architectures need to change to allow hack detection and this requires the automotive environment for unique solutions to address the issues affecting it of low bandwidth, limited memory, low power operating, and of a non-centralized operating environment. Beyond this, there is a consensus that multi-layered cyber-security defense and testing approach is needed to assess the cyber-risks and to protect each and every connected and autonomous vehicle.