Driverless vehicles and digital trust
Driverless cars put our lives rather than our data at risk and cyber-security should therefore be a crucial component in design, to deliver trust, says James Knotwell
Driverless vehicles and digital trust
Many have said that driverless vehicles will become commonplace ten years from now. This week, the UK Government announced it would publish a code of practice in the spring, giving testing of autonomous cars permission to go ahead.
Perhaps ten years is a conservative prediction?
While we all teeter on the cusp of this transport revolution, isn't it the time to ask how cyber-security will play a defining role? This huge leap forward in digital innovation presents the ideal opportunity to re-think the entire process of securing automated devices. At the moment, security is not design, it is afterthought. An apt example of this is the recent BMW security vulnerability which was discovered in its Connected Drive system. The vulnerability allowed researchers to imitate servers and send remote unlocking instructions to open and close doors and windows. It's safe to say the industry has yet to get to grips with security threats posed by connectivity.
Today, we communicate commands to our cars using a mobile app; it's therefore safe to assume that driverless vehicles will rely on extensive automation. In the very near future, could it be the case that, using nothing more than a laptop or a phone, someone steals a car by conveniently having it drive to a location of their choice? Could cyber-criminals upload malware to a car, causing it to crash? Could terrorists pinpoint and hijack a car? Put bluntly (and scarily), could a cyber-attack actually threaten someone's life, as opposed to their data?
The aims of vehicle security and safety are to prevent theft, physical tampering and above all – to minimise the occurrence and consequences of car accidents.
However, with driverless vehicles we need to seriously consider the idea of digital tampering. To date, car criminals have proved incredibly adaptable and creative at staying ahead of manufacturers' security measures. The automobile criminal of the future won't be a thug with a slim jim, it will be a hacker with a computer. Manufacturers must change the way they think about security - considering the multiple aspects digital design required to make a driverless car and the associated cyber-risk. Identifying and authenticating individuals who are authorised to issue commands, as well as interpreting the integrity of commands given by voice will all play a key role in safety and security.
It will take a remarkable amount of trust to allow a driverless car to transport you at high speed on public roads. It's hardly surprising that research undertaken by Virgin last year suggested that 43 percent of us wouldn't feel comfortable with driverless cars on the road, let alone being in one! But then again, you might not have felt too comfortable if you were told to bank on your mobile phone ten years ago.
It would only take ONE publicised incident to diminish digital trust in driverless cars, which would set this burgeoning technology back years.
If our cars are going to become interconnected computing devices carrying the most precious of cargo of all, it is crucial that car manufacturers change the way they think and work. Furthermore, regulators and government must come down hard to ensure the manufacturing industry embeds security into the heart of these devices.
It appears to be a race to deliver driverless cars. Let's race towards innovation with robust security, with digital trust.
Contributed by James Knotwell, senior technical consultant, Information Risk Management (IRM) Plc
Also see today's news item on driverless cars.