When Apollo 11 landed on the moon in 1969, the 70-pound Apollo Guidance Computers in the LEM and command module each contained less than 4 KB of RAM and another 72 KB of ROM. A brand-new SUV, by contrast, contains several computers — among them an ECU, GPS, driver assist aids, an infotainment system — before we even account for owners’ smartphones “talking” to one or more systems. Each of these leverages far more memory and processing power than a space mission, just to get you to the mall and back.
Automakers see opportunity in this, and they are right to. Modern developments in driver assist aids, vehicle autonomy, and connectivity are revolutionizing the industry, after all. However, there are those outside the industry who also sense opportunity, and their motives aren’t nearly as benign as yours — which underscores the importance of cybersecurity in self-driving cars.
Automotive Cybersecurity: Why Due Diligence Matters
Up to this point, the only known hacks of self-driving cars have been at the hands of those seeking to improve automotive security. However, car companies, designers, engineers, and developers do not have the luxury of assuming it will remain so. While the technology may still be in its infancy, we can look at the not-so-distant past for indications of what will happen if stakeholders are lax about cybersecurity.
We should accept as axiomatic that anything connected to a network can be hacked, and that eventually, someone will attempt to do so. With items as diverse as ATMs, baby monitors, and smart homes falling victim to hacks in recent years, we would be foolish not to. The risks are already present as technology advances and over-the-air updates become more common. Furthermore, as app ecosystems and smartphone mirroring contribute to connected vehicles’ sense of digital sprawl, it’s clear that vulnerabilities can arise from unexpected places. Safety is a manifold concern, encompassing occupant well-being but also being on the lookout for other forms of malfeasance, such as ensuring that applications cannot be exploited to steal drivers’ financial data or personally identifying information.
Even though the automotive industry is notoriously competitive, there’s reason to believe that if autonomous vehicles perform well, a rising tide will lift all boats. But if they fail, it’s equally easy to see how one manufacturer’s shortcomings can tarnish the best efforts of multiple companies — whether they share in the blame or not. And regardless of where you are in the supply chain, what would be the impact on your company’s bottom line if public perception in the safety of their vehicles, whether or not it’s well-founded, suddenly shifted? It’s important to anticipate and address cybersecurity issues in advance, as this will be in the best interests of the industry and drivers alike.
Finally, there’s the regulatory landscape, which is hardly a forgiving place in the best of times. In addition to the existing patchwork of automotive regulations that exists worldwide, leveraging data in the service of mobility brings data and privacy laws into play, forcing the industry to reckon with CISPA, the GDPR, and more. In addition to consumer expectations for physical safety, there’s an added emphasis on data protection. If the industry isn’t diligent in regulating itself (and showing its work), there’s no shortage of governments, regulatory bodies, and consumer groups poised to make life difficult. That pressure will only mount if there are well-publicized hacks or data breaches involving self-driving vehicles.
Vehicle Cybersecurity Solutions
Up to this point, we’ve talked about problems. That’s important, but since the American Center for Mobility is interested in moving things forward, it’s also vital to discuss and develop solutions, which occasionally finds us addressing problems that don’t yet exist.
So, what comes next? To begin with, physical infrastructure needs to be hardened against attack. We also must acknowledge that consumers demand nothing less than forward progress, with more and better features; those features need to be “hardened” to provide multiple layers of security against a multitude of threats. In addition to in-car systems — ECUs, infotainment, in-car Wi-Fi hotspots, and 5G among them — security must also encompass other aspects of the vehicle lifecycle, from supply chain to manufacturer, and from dealer to driver, so that each can play their part.
Finally, we can never assume we’ve done enough; cybersecurity is an ongoing struggle that unfolds on a battlefield that we cannot always see, and one whose parameters are always shifting. We must realize, therefore, that our efforts cannot stop, and must always be refined, improved, and validated by extensive testing.