Cybersecurity: the brake on autonomous vehicles

GPS for navigation, biometric systems for central locking, Bluetooth, telematics for communication between vehicles, detection and ranging by light waves (LiDAR) to detect obstacles, artificial intelligence (AI) to regulate speed, predictive analysis to determine the battery replacement and several software systems hosted in the cloud… Autonomous vehicle technology is proving to be a veritable goldmine of data and information.

Convenience comes at a price

A report by the European Union Agency for Cybersecurity (ENISA) and the Joint Research Center (JRC) classifies cybersecurity risks in AVs into unintentional and intentional software and hardware vulnerabilities. Intentional threats target electronic control units (ECUs), which include embedded software and computer systems for various modules. The functions of the ECUs range from distance control and parking assistance, to powertrain control and lane departure warning. The CAN (Controller Area Network) bus protocol allows a vehicle’s ECUs and control modules to share data. If it allows the proper functioning of the subsystems, the units and the CAN remain vulnerable to attacks.

Hackers use Bluetooth or USB “carrier” devices and code injection techniques to infiltrate original equipment manufacturers’ (OEM) ECUs, CAN bus and networks. For example, malicious code can be sent to the anti-theft system or the tire pressure gauge. Incorrect commands sent to the CAN bus scramble the sensors, causing autonomous driving to malfunction or stall. Malicious actors can tamper with central file systems to disable the GPS system or, in the worst case, launch a ransomware attack by taking control of the AV and impersonating it on the OEM’s network.

Additionally, suboptimal design of AI systems, inadequate training of ML models, and faulty hardware integration can lead to unintended malfunctions in autonomous vehicles. And the consequences of a cyber-attack are not negligible. Given the vulnerability of smart cars, regulators are encouraging European manufacturers and suppliers to tackle the subject of cybersecurity.

“Safety first”

The notion of “secure by design” must be integrated into autonomous driving technology in order to preserve the life and privacy of users. By integrating advanced cybersecurity measures into product design, manufacturers can mitigate intentional attacks, artificial manipulation of AI systems, and unintended AI and ML vulnerabilities. This approach thus makes it possible to understand the challenges of the data chain and creates an ecosystem to realize the potential of autonomous locomotion. However, adequate safety testing during the design phase is still rare in the automotive industry. Lack of in-house cybersecurity expertise may be one of the reasons for this vulnerability. While software development is not among the core strengths of automakers, a team of data scientists, communication technology experts, AI developers, ML modelers and analysts are needed to deploy connected vehicles.

Leverage the extended enterprise

Collaborating with technology service providers enables OEMs to leverage cross-functional talent to build cyber-resilient AVs. These companies are adopting multi-pronged strategies for comprehensive cybersecurity throughout the product lifecycle and improving the design phase by facilitating reverse engineering. Digital security threat assessment and data risk analysis solutions identify, analyze and remediate vulnerabilities. Likewise, advanced access management protects order files with robust authorization methods for access and modification, while data encryption and anonymization ensure data integrity and confidentiality. Additionally, simulation of attack scenarios validates the algorithms used for risk assessment and mitigation.

Predictive analytics and simulation exercises for security risk assessment allow response teams to quickly detect abnormal vehicle behaviors and miscommunications caused by infected data or AI components, including ‘over -the-air’ (OTA). Regular security checks of on-board AI services thus make it possible to identify program weaknesses or bugs. This speeds up the development of security patches for potential AI risks and emerging threats, as well as their implementation via an OTA update. A repository of fixed security issues serves as a feedback loop for training ML models and upgrading AI systems.

As cars get smarter thanks to built-in connectivity and artificial intelligence, cybersecurity regulations within the European Union will tend to get stricter. It has become imperative that autonomous vehicles be designed not only for fuel efficiency and passenger comfort, but also for passenger safety and privacy.

We want to give thanks to the writer of this short article for this incredible content

Cybersecurity: the brake on autonomous vehicles

Visit our social media profiles as well as other pages related to them