Autonomous Vehicles – The Cyber Risk

28 July 2016
Autonomous Vehicles – The Cyber Risk

Amethyst’s Mark Chown discusses the increasing opportunity for attacks

 

Research and investment into vehicle autonomy continues to advance at pace.  It will not be long before such technology pervades domestic, commercial and military use.  It is suggested that by 2025 the global intelligent mobility market will be worth £900 billion, and by 2030 in the UK alone the social and economic benefits could save over 2,500 lives and be worth around £51 billion[1].  Vehicle autonomy is going to profoundly change the transportation sector and will undoubtedly improve efficiency, safety and reliability.  However, this technological advancement and its success is not without risk, the cyber threat is significant and will have to be addressed.

Not long ago the concept of a fully autonomous vehicle may have been considered an interesting research area but certainly not a mainstream reality.  That reality has arrived far quicker than most might have anticipated.  There are currently many examples of autonomous vehicle solutions being developed, trialled and now used for commercial, domestic and military purposes.  One prominent area of development is that of driverless cars, which if manufacturers can address the many technical and safety issues, has the potential to be a hugely lucrative marketplace. In fact, according to the Society of Motor Manufacturers and Traders, over half of all cars sold in the UK now include a degree of autonomy as an optional or standard safety feature; i.e. collision avoidance and emergency braking which no longer demand driver intervention. 

Vehicle autonomy also offers an attractive proposition for the military, particularly in hostile air, sea and land environments.  At this year’s Farnborough International Air Show, the UK and US confirmed[2] a joint programme involving a series of trials using unmanned air and ground systems, starting in 2017, with an autonomous truck convoy demonstration.

The opportunities for autonomous vehicles are wide and diverse and range from the Starship Technologies robot that is starting trials to deliver meals, groceries and parcels to households[3], to work being undertaken by Rolls Royce, under Finland’s Advanced Autonomous Warterborne Applications (AAWA) Initiative, to develop the specifications for the next generation of remote controlled and autonomous ships[4].

Cyber Considerations/Risks

The potential operational and financial benefits of using autonomous vehicles is beyond dispute, however, achieving these benefits is dependent on safe, secure and reliable vehicle operation.  There have already been many well publicised safety and security issues associated with autonomous vehicle systems.  Examples include hackers reportedly being able to take control of a vehicle after gaining access through its entertainment system and attacks against ship navigation systems by adjusting the course of a ship or making them invisible to other maritime vessels.  A recent fatal road accident involving a Tesla vehicle, reportedly being used in auto pilot mode, demonstrates the grave consequences of failure, which although not caused by a security issue, does highlight the risk.

The impact associated with a successful cyber-attack or a simple failure of a vehicle’s autonomous systems will be dependent upon its role and the environment it is operating in.  For instance, hacking into a meal delivery vehicle might result in a single disgruntled customer, whereas the remote hijacking of an autonomously piloted super-tanker could have major financial and safety implications.  One study suggested that a significant cyber-related disruption at the Long Beach or Los Angeles container ports could impact 20% of the maritime transportation system in the US, removing about US$1bn a day from its economy for the duration of the attack[5].

A cyber-attack could be conducted by anyone with the motivation and skills to do so.  The most likely are criminals for financial gain, extremists or terrorists to spread fear, state-actors as part of an asymmetric attack against another nation state, competitors for obvious reasons or those simply motivated to demonstrate their hacking ability and skills.

Assessing the Risks of Autonomy

The risks, including cyber risks, associated with the use of autonomous vehicles will be dependent upon a range of factors including; (1) the vehicle’s level of automation, (2) the vehicle’s autonomous capabilities, (3) role variables (task and environment) and (4) system vulnerabilities.   The specific level of autonomy is a risk consideration that must feature prominently when assessing all types of risk and Thomas Sheridan has developed a scale which provides ten levels of automation.  Risk analysts could adopt the classifications as an aid when considering the relevance of autonomy in a cyber risk assessment.

Automation

Level

Description

High

 

 

 

 

 

 

 

 

Low

10

The computer decides everything, acts autonomously, ignoring the human.

9

Informs the human only if it, the computer, decides to.

8

Informs the human only if asked, or

7

Executes automatically, then necessarily informs the human, and

6

Allows the human a restricted time to veto before automatic execution, or

5

Executes the suggestion if the human approves, or

4

Suggests one alternative

3

Narrows the selection down to a few, or

2

The computer offers a complete set of decision/action alternatives, or

1

The computer offers no assistance; human must take all decisions and actions.

 

The Cyber Risk

The operation of Autonomous vehicles is dependent upon an array of sensors, on-board processing systems and communication protocols e.g. RADAR, LIDAR, GPS, Ethernet, Wi-Fi and GSM.  Such an array of technologies presents a large attack surface on a roaming platform which may be operating far from human oversight or control.  As such, autonomous vehicles present a holistic security challenge not just to those designing the system but also for those responsible for maintaining it throughout its operational life.  So what are the are the most likely cyber risks?

  • Overriding the autonomous systems and taking control of the vehicle navigation or control systems to alter its course or execute unauthorised mission tasks

  • Deliberately or accidentally infecting the car with malware or overriding on-board security and safety systems making it unsafe to operate

  • Accessing sensitive information stored in the cars system, e.g. route history

At present a vehicles computerised units tend to be isolated and therefore at less risk.  As vehicles become more connected, particularly to remote management and controls system, there will be increasing opportunity for attackers to intercept and subvert communications for their own purposes.

The Cyber Response

So what can we do to address these risks?  Two foundational security activities, frequently cited by cyber professionals that should both be executed in all technology projects, are ever more important in the autonomous vehicle domain.  The first priority is to make sure that security is considered and integrated into the entire development process, and secondly, security design must be based on a sound and comprehensive risk assessment. 

The risk assessment should include the traditional elements of risk analysis (i.e. impact, likelihood, vulnerabilities) but also ensure that the autonomous risk variables mentioned above (level of autonomy, operating environment, mission scenarios) are considered.  Only then can an effective and appropriate security response be designed.  Security in this context is inextricably linked to safety and as such must be regarded as a core solution requirement alongside the primary operating needs, with cyber professionals engaged early on in the requirements definition process and throughout the vehicle lifecycle. 

Effective risk assessment will help to identify the level of security assurance to be achieved for a platform undertaking specific missions and in defined operating environments which may allow a scalable approach to security design delivering cost-savings and performance benefits.  Security architects will need to develop robust solutions that will be able to defend against all known attacks and their designs will need to evolve to keep pace with the threat over the longer-term. 

Simple solutions will also be needed to deploy platform updates to high risk systems, particularly where safety is a priority.  In the case of domestic vehicles, any patching process will need to be more efficient than the current manufacturer recall process although any solution used to deploy them will need to ensure that it does not itself introduce additional system vulnerabilities that could be deliberately exploited.

Failure to incorporate effective cyber risk management activities throughout the design, development and maintenance of the vehicle programme will place manufacturers at a competitive disadvantage when their solutions are either found to be vulnerable at a stage where the development of retrospective security solutions will have an excessive impact or where security controls are over-applied degrading the operational utility of the system.

Summary

The development and delivery of safe and secure autonomous vehicles is a challenge for manufacturer’s and is likely to be realised more quickly in some sectors than others (e.g. Defence).  Security, which vehicle safety is dependent on, cannot be a low priority activity and must be regarded as a core operational requirement.  As such, one would hope that manufacturers will fully engage with the cyber security profession at the start of their programmes; cyber professionals should seize this opportunity and at last join the party early – but be sure to go prepared!

 


[1] https://www.gov.uk/government/news/driverless-cars-technology-receives-20-million-boost.

[2] https://www.gov.uk/government/news/uk-and-us-look-to-robotics-help-for-last-mile

[3] http://www.bbc.co.uk/news/business-36733460

[4] http://www.rolls-royce.com/~/media/Files/R/Rolls-Royce/documents/customers/marine/ship-intel/aawa-whitepaper-210616.pdf

[5] http://blog.willis.com/2015/09/smart-ships-vulnerable-to-cyber-attacks/

Contact us for more information


<< Back to Latest News items