Connected and autonomous vehicles: where is the industry headed and what is the role of cybersecurity on this journey?
New technologies such as Artificial Intelligence and its subset, Machine Learning, Computer Vision, IoT, Cloud Technologies, Smart Robotics and Mobility are fostering innovation in the connected and autonomous vehicles industry.
We are experiencing increasing momentum, with a compound annual growth rate (CAGR) expected to be higher than 15% over the next four years.
The key benefits pursued are improvements in driving security and overall safety (through driving assistance, crash avoidance systems and overall reduced human error), higher vehicle reliability with devices fitted with onboard diagnostic systems (OBD), better human-machine integration using speech recognition and operational improvements including reduced traffic congestion, optimized freight flow and traffic control, overall improved mobility, etc.
These possibilities are not only important for the automotive industry itself but also for surrounding industries like insurance (usage-based insurance (UBI)), transportation, transportation infrastructure, logistics, engineers and other professionals.
In the particular case of insurance, new services will show up such as automated emergency callout, theft tracking, and breakdown data. This will obviously improve the vehicle telematics as well as help reduce insurance frauds.
Major risks associated with connected and autonomous vehicles
Nevertheless, although the possibilities coming from the integration of devices with vehicles seem to be unlimited, new threats and vulnerabilities arise.
We find not only the risk of traditional cyber-attacks on the information and running of the vehicle, but also to a new breed of attacks around such things as ransomware, IoT attacks, DDoS (connected vehicles drafted into Botnet Armies) and vehicle theft.
Due to their connected nature, there are also security risks to the networks they are connected to, whether they be the financial networks that process payments, roadside sensor networks, electricity infrastructure or traffic control features.
The traditional industry approach for software development activities by first securing product quality and safety with less focus on cybersecurity, represents too high a risk and will require important cultural and procedural changes.
Software development being a fairly new activity for automotive companies, it is currently mainly focused on ensuring secure product quality and thus passengers safety. Companies are now following the Automotive SPICE initiative aimed at enhancing quality as well as controlling processes and norms such as ISO 26262 related to functional safety of vehicles on the road.
Since most automotive manufacturers do not allow for over-the-air (OTA) update of their vehicles’ software, any identified bug also requires the retrieval of the vehicle.
Potential solutions to mitigate cybersecurity risks
Connected and autonomous vehicles depend on an array of electronics, sensors, and computer systems. They require strong cybersecurity to ensure these systems work as intended and are built to mitigate safety risks.
To ensure a comprehensive cybersecurity environment a multi-layered approach is required that leverages existing cybersecurity frameworks and encourages industry to adopt best practices that improve the security posture of their vehicles.
Moreover, a multi-faceted approach to cybersecurity by focusing on a vehicle’s entry points, both wireless and wired, which could be potentially vulnerable to a cyberattack is essential.
A layered approach to vehicle cybersecurity reduces the possibility of a successful vehicle cyber-attack, and mitigates the potential consequences of a successful intrusion. A comprehensive and systematic approach to developing layered cybersecurity protections for vehicles includes the following:
- A risk-based prioritized identification and protection process for critical vehicle systems.
- Timely detection and rapid response to potential vehicle cybersecurity incidents.
- Architectures, methods, and measures that design-in cybersecurity and cyber resiliency, facilitating rapid recovery from incidents when they occur.
- Methods for effective intelligence and information sharing across the industry to facilitate quick adoption of industry-wide lessons learned.
- Creation of standards that articulate best practices.
One of the primary concerns that will require attention is that of pricing.
Without robust, fool-proof cybersecurity for autonomous vehicles, systems, and infrastructure at an affordable cost, a viable, mass market for these vehicles simply won’t come into being.
Consumers may be reluctant to bear premium costs associated with embedded connectivity.
Another important challenge is standardization. The lack of a unified protocol across regions will drive up costs, complexity and interoperability.
Where is the industry headed?
As we have seen there are major applications for autonomous and connected cars, some of them with important value for our society such as improving transportation for senior citizens and reducing car accidents. But there are still very important challenges that need to be addressed too.
Emerging technologies don’t always follow the same path to becoming mainstream. How we address the cybersecurity challenge might heavily impact the success of connected and, in particular, autonomous cars.
Other external factors like smart cities and the role of regulators across important jurisdictions like the US, Europe and China will have also an important role in this process.
Finally, it is important to highlight that a specialized cybersecurity industry with bespoke solutions for the automotive sector is being created now and the way it manages to address the quickly evolving threats will without doubt play a part in determining the success of the connected and autonomous car.