GPS for navigation, biometric systems for central locking, Bluetooth, telematics for vehicle communication, light wave detection and ranging (LiDAR), artificial intelligence (AI) for speed control, several predictive analyzes for determining battery replacement and more. Cloud Hosted System … Autonomous Vehicle Technology is proving to be truly a gold mine in terms of data and information.
The advantage comes at a price
A report by the European Union Agency for Cybersecurity (ENISA) and the Joint Research Center (JRC) classifies the cyber security risks of AVs into unintentional and intentional software and hardware vulnerabilities. Intentional threats target electronic control units (ECUs), which include embedded software and computer systems for various modules. ECU’s range of functions ranges from distance control and parking assistance to powertrain control and lane exit warning. The CAN (Controller Area Network) bus protocol allows a vehicle’s ECUs and control modules to share data. If this allows subsystems to function properly, the unit and CAN remain vulnerable to attack.
Hackers use Bluetooth or USB “carrier” devices and code injection techniques to infiltrate real equipment manufacturers (OEMs) into ECUs, CAN buses and networks. For example, malicious code can be sent to anti-theft systems or tire pressure gauges. Incorrect commands sent to the CAN bus injure the sensors, causing autonomous driving to malfunction or stall. Malicious actors may interfere with the central file system to disable the GPS system or, in the worst case, take control of the AV and launch a ransomware attack disguising the OEM’s network.
In addition, the suboptimal design of AI systems, inadequate training of ML models, and faulty hardware integration can cause unintentional errors in autonomous vehicles. And the consequences of cyber-attacks are not to be ignored. Given the vulnerabilities of smart cars, regulators are urging European manufacturers and suppliers to take up the issue of cyber security.
The concept of “protected by design” needs to be integrated into autonomous driving technology to protect users’ lives and privacy. By integrating advanced cyber security measures into product design, manufacturers can mitigate intentional attacks, artificial manipulation of AI systems, and unintentional AI and ML vulnerabilities. This approach thus makes it possible to understand the challenges of the data chain and create an ecosystem to realize the potential of autonomous motion. However, adequate safety testing at the design stage is still rare in the automotive industry. Lack of internal cyber security skills may be one of the reasons for this weakness. Although software development is not one of the key strengths of automakers, setting up connected vehicles requires a team of data scientists, communications technology experts, AI developers, ML modelers and analysts.
Increased enterprise leverage
Collaborating with technology service providers enables OEMs to harness cross-functional talent to create cyber-resilient AVs. These companies are adopting multi-faceted strategies for comprehensive cyber security throughout the product lifecycle and are improving at the design stage through the benefits of reverse engineering. Digital security threat assessment and data risk analysis solutions identify, analyze and remedy vulnerabilities. Similarly, Advanced Access Management protects order files with powerful authentication methods for access and change, while data encryption and anonymity ensure data integrity and confidentiality. In addition, simulation of attack situations validates the algorithms used for risk assessment and mitigation.
Predictive analysis and simulation exercises for safety risk assessment allow response teams to quickly identify abnormal vehicle behavior and miscommunication caused by infected data or AI components, including ‘over-the-air’ (OTA). Regular security checks of on-board AI services make it possible to detect program vulnerabilities or bugs. This accelerates the development of security patches for potential AI risks and emerging threats, as well as their implementation via an OTA update. A repository of fixed security issues acts as a feedback loop for training the ML model and upgrading the AI system.
As cars become smarter for built-in connectivity and artificial intelligence, cyber security regulations in the European Union become more stringent. It has become imperative that autonomous vehicles be designed not only for fuel efficiency and passenger comfort, but also for passenger safety and privacy.