Cyber Security In Autonomous Cars

By Praveen Joseph Vackayil

Have some place to go? Book an Uber. Within minutes, your ride is ready, waiting to pick you up. The only catch? The driver is missing!
Welcome to the future of mobility. Self driving cars are already a reality, thanks to Elon Musk’s visions, and it is only a matter of time before they become more in the mainstream and within the reach of commuting masses. Social media snippets of people dozing off at the wheel, leaving the onerous task of ‘driving’ to their Tesla are already commonplace, and are a strong indicator of times to come.

How Do Self-driving Cars Work?

Self-driving cars are one of the most popular implementations of the Internet of Things and Deep Learning, one of the subsets of Artificial Intelligence. Put in very simple terms, a variety of sensors, ranging from radars, cameras, GPS, etc rapidly scan the vehicle’s surroundings, take it in as raw inputs and break it down into unique components. The deep learning algorithm, implemented over a neural network, is capable of distinguishing and categorising these components based on their ‘features’ and assign them with a unique ‘label’ such as road sign – Stop, road sign – No Entry, or Other Vehicles – Car, Other Vehicles – Truck, people, random objects, etc.
By uniquely identifying its environment, the vehicle is able to adjust its response such as accelerate, brake, maintain speed within the prescribed limit, make turns or change lanes. All the above tasks are executed seamlessly with little or no human involvement.

While much of the above may sound like science fiction to some, companies like Google and Tesla Motors have already implemented business models based on the technology. Their autonomous vehicles are without doubt a huge disruptor to the auto sector and are perceived as a threat to the continued prosperity of the established auto-behemoths of the world.

Cyber Security In Autonomous Vehicles

What started off a few decades ago as a quest to protect Government and corporate data and communications has today evolved into a field that is nothing less than a protector of human life. Cyber Security is today a boardroom priority for organisations, irrespective of size, scale or sector.

With the advent of IoT implementations such as autonomous vehicles, the grip that technology holds over a person’s life has exponentially tightened. Cyber professionals are warning us against a future where attacks against persons no longer need to target the persons themselves. They only need to target the technologies that support those persons – technologies such as a self driving vehicle that the person is travelling in. This means, for instance, that a skilled hacker can be hired to compromise a self-driving car and cause its brakes to fail when the targeted person is traveling at 120 kmph. How can manufacturers secure their vehicles from such threats?
Cyber Security in a self-driving car is a vast subject in itself. Broadly, however, it must be (i) inherent (ii) holistic and (iii) measurable.

Inherent:Inherent security implies security that is well thought out and deeply etched into and across a system right from the drawing board stage itself where the system is being designed. This will allow for security tenets such as default deny-all, secure management of user permissions in line with the principles of need to know and least privileges, alignment with secure application development standards, etc. to be seamless integrated across the entire lifecycle of the system.elf. The manufacturer will be responsible for co-ordinating with his suppliers to ensure timely software updates, patches and bug fixes are released to the end-users as needed.

Holistic: A challenge in the IoT ecosystem of a self driving car is the greatly heterogeneous nature of the ‘things’ or components that go into making the car. Each component comes with different specifications, functionalities, configurations and therefore, security requirements. The challenge of the car manufacturer is to unify these components by developing a baseline security standard that cuts across and provides for a minimum level of security that is holistic across the entire vehicle, its supporting systems and the environment itself.
Measurable: The term ‘Measurable’ refers to the ability to compare and repeat a security implementation irrespective of the systems in consideration. Unfortunately, we do not have a universal, vendor neutral information security standard for the IoT today. It is up to the car manufacturers to develop vendor-specific security standards that can be used to evaluate, benchmark and improve the security levels of their vehicles.
Praveen Joseph is a Cyber Security Consultant and Trainer at Ingram Micro, Dubai. He develops and delivers Cyber Security solutions for the end-customers in the META region. His consultancy profession has taken him across various sectors such as Government, Financial, Insurance, E-commerce, Logistics, Telecom, Tech Services, etc. Praveen is also an acclaimed trainer and an international speaker and has traveled the world delivering keynotes and talks at several Cyber Security conferences.
NB: Picture of the car is representational.

Leave a Reply

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.