Are we ready for the cybersecurity challenges of self-driving cars?
Before long, our cars might drive us. It’s a cool idea–but are we ready for the cybersecurity problems that entails?
As we’ve brought more of our lives online, the looming threat of cybercrime has grown ever more prominent, as has the risk that human error will see sensitive data fall into the wrong hands. Today, it seems like it’s impossible to even turn on the news without hearing about a new cyberattack, a new type of ransomware, a recently-uncovered data breach, or some black hat cyberespionage incident. And the bad news is that it’s going to get worse before it gets better.
See, we’re on the verge of what may be the biggest technological revolution in human history. A development that will change the way our cities our designed, the way we drive, and even the way we design our networks. I’m speaking, of course, about self-driving cars.
While it will still be at least a decade before we see consumer-ready autonomous vehicles on the streets, companies like Google and BlackBerry have made enormous headway in testing and securing this new technology. It’s likely that within our lifetime, we’ll see the tech hitting the road. Before it does, however, there are a few major roadblocks we’re going to have to move past first.
For one, autonomous vehicles cannot currently read body language or accurately predict human drivers. Someone driving in LA rush hour could do any number of random things that a human driver might predict and react to, but an AI driver might not understand. Not only that, an understanding of pedestrian body language is critical for a self-driving car to be road-safe – otherwise, it will be unable to determine if and when someone at a crosswalk might step out onto the road.
“There are many situations that autonomous cars are still pretty far from knowing how to handle,” said Shlomo Zilberstein, a computer science professor at the University of Massachusetts Amherst, in an interview with Popular Mechanics. “Some of the biggest hurdles standing in the way of both fully-autonomous cars and semi-autonomous cars are simple things that motorists take for granted. Eye contact, [for example], is a very significant thing.”
These challenges will be overcome with time. Of that, I have no doubt. A far greater (and arguably more pressing) problem lies with cybersecurity.
Consider what might happen if someone were to successfully hack a self-driving car. That isn’t like breaking into a bank account to steal money or a factory to steal intellectual property; a hacker could easily turn a self-driving car into a devastating road-bound missile. Think of the damage they could cause – it’s a scary thought, isn’t it?
While it is worth mentioning that autonomous cars are unintentionally more secure than human-controlled vehicles, that doesn’t mean there aren’t risks. They even made a movie about it. Outlandish though it was, there’s a grain of truth there, behind the glitz and glamour of Hollywood.
Self-driving cars aren’t the only thing that is being brought online, either. They are just one part of what many envision as the city of the future – a ‘smart’ metropolis where everything from street lamps to traffic lights to the power grid is connected. We need to make those systems near-impenetrable.
Because if we don’t, cyberattacks could cause more than financial damage – they could end lives.
To achieve this, we need to work together. We need to stop looking at cybersecurity as something that only needs to be handled on a business-by-business basis, and view it as something that rightly impacts us all. Beyond that, there needs to be a few areas of focus.
Vendor accountability. Self-driving cars and other IoT devices need to be hardened against intrusion – and there needs to be legislation that holds vendors responsible if they are not. And speaking of legislation…
Updated road safety laws. Road safety and vehicular cybersecurity go hand-in-hand. Lawmakers and businesses both need to work together to figure out how to regulate autonomous vehicles, and what safety standards are reasonable to apply.
A more comprehensive code review process. There are millions of lines of code in modern connected cars – and there are even more in fully-autonomous ones. Given the sheer volume of programming necessary for even a single self-driving vehicle to hit the road, errors are inevitable. As such, we need an ironclad (preferably at least partially automated) review process to ensure we aren’t releasing vehicles to the public that are laden with dangerous vulnerabilities.
Consumer education. We need to demonstrate to people why cybersecurity is important, and their role in protecting their systems, networks, and vehicles from attackers. If a hacker cannot break into the car itself, they might instead target the driver’s smartphone, or a nearby house or building.
Systems isolation. Critical systems within an autonomous car must operate in isolation from one another, while still working together to create a consistent, coherent driving experience. This is likely the challenge that will be solved first, as we’ve already seen this to an extent with modern connected cars.
Over the air encryption. One of the biggest cybersecurity issues with autonomous vehicles is update delivery. We need to ensure that patches and security releases can be downloaded remotely, and that those remote downloads are as strongly-encrypted as possible.
Awareness of evolving threat models. As artificial intelligence becomes more prominent in the business world, so too will it catch on in the underworld. Before long, we will see an arms race between cybersecurity-geared AIs and rogue AIs under the control of hackers. That might sound like something out of science fiction, but it’s our future – and it’s one that vehicle manufacturers, vendors, and drivers must all be aware of.
Eventually, self-driving cars will become a common sight on the road. It probably won’t be tomorrow. It probably won’t be two or five or even ten years from today. But it will happen – and when it does, we need to ensure we’re ready for the wave of vulnerabilities those vehicles and their associated infrastructure brings with them.
Because with connected cars, it isn’t just data we’re protecting. It’s cities. It’s infrastructure. It’s people.