July 13, 2022 | Updated: July 19, 2022
The modern automobile is already enormously complex, with many cars relying on many more lines of code than fighter jets. Cars are enormously complicated and the systems that allow vehicles to operate autonomously will add even more complexity.
That complexity may lead to thorny cybersecurity challenges with real-world consequences. Unlike a classic cyberattack in which data is stolen or ransomware locks down a system, cyberattacks on cars could lead to property damage or injuries.
According to a recent Morning Consult survey, just 9% of U.S. respondents trust autonomous vehicles “a lot.” Opinions are slightly more favorable among younger respondents, and in China, Brazil and South Korea for example. Chief among the concerns: safety.
We asked a few cybersecurity experts to pinpoint some of the biggest cyber-physical challenges when it comes to autonomous vehicles.
MORE SENSORS, NETWORKS, VULNERABILITIES
IEEE Fellow Guoliang Xing sees a mix of communications systems and a complex operating environment as key challenges to autonomous vehicle security:
- Different Tech, Different Standards – “Vehicles are equipped with increasingly diverse connectivities, such as short-range interfaces like Bluetooth, cellular interfaces like 5G as well as vehicle-to-Everything (V2X) and vehicle-to-vehicle (V2V) interfaces. “These wireless technologies work at very different frequencies and follow different standards. How to protect them from cyber and physical attacks in a holistic manner is a major challenge.”
- Increased Surface Area – “More and more control units and sensors on vehicles may become targets of attacks. For instance, the perceptions of millimeter wave radar, camera and LiDAR can be manipulated by roadside objects modified by attackers.
- External Threats – “Threats can come from other cars or roadside infrastructure. Our streets are installed with more and more intelligent infrastructure like smart lampposts, which may present the risk of malicious monitoring and even attacks on the safety of cars and pedestrians. More importantly, such attacks can be launched at a massive scale, posing a major threat to our cities in the future.”
PRIVACY ON THE MOVE
IEEE Member Marcos Simplicio notes that privacy has been an important issue that will be integrated into several global regulations and standards. He says that autonomous vehicles may also need robust identity management systems to anonymize user information.
“The whole idea is that you don’t have to authenticate yourself toward the network using the same key all the time,” Simplicio said. “Along your path, you change identity – how the system sees you, so even the entities that control all the communications, they are not aware of who you are all the time.”
KEEPING SOFTWARE UP-TO-DATE
Consumers are notorious for their inattention to software updates, which often include critical updates to security. It’s why most smartphone companies, device makers and apps push updates to users automatically, rather than relying on consumers to do so proactively. IEEE Senior Member Aiyappan Pillai said that automakers need to take the same approach.
“It is important not to confuse customers with too many choices and options to maintain the software,” Pillai said. “The process must be simple and the expectation with autonomous vehicles, even though it could be unrealistic, is for it to take care of itself.
“Autonomous systems can adapt mechanisms used in the aerospace industry for monitoring engines, something similar to that system should also be set for auto update at rationed and defined times. However safety and security-critical patches shall be pushed instantaneously with new information. Each update shall be applied appropriately, keeping safety and security in focus.”
The IEEE Learning Network has tons of resources to help you advance your career. If you are interested in learning more about the latest in autonomous driving technology, check out this webinar.
What are the technology and security challenges of autonomous vehicles?
Guoliang Xing, IEEE Fellow: “Vehicles are equipped with increasingly diverse connectivities, such as short range interfaces, Bluetooth, cellular interfaces, like 5G, as well as V2X and V2V interface. These wireless technologies work at very different frequencies and follow different standards. How to protect them from cyber and physical attacks in a holistic manner is a major challenge.
Marcos Simplicio, IEEE Member: “It’s actually an important aspect that has been, is being considered by many standards, both in the U.S. and in Europe. The whole idea is that you don’t have to authenticate yourself towards the network using the same key all the time. I mean, along your path, you change your identity, how the system sees you. So, even the entities that control all the communications, they are not aware of who you are all the time. You can be tracked by a small path of your trajectory, but not all the time so the system cannot be abused. For example, to track vehicles or high value targets, or be abused somehow for spying on people.”