Getting vehicle security basics right to build trust

Andrew Wall | 21 Oct 2016 | Comments

Manufacturers are pushing ahead at pace with autonomous vehicles while technology appears to run ahead of human trust. So what part can security play in building this?

Ford recently announced plans to develop high-volume, highly autonomous driverless vehicles, aiming to achieve SAE International’s level 4, enabling high system control of vehicles. News headlines over the last few years have highlighted the potential dangers to autonomous vehicles from cyber-attack or system failure. Major manufacturers have all reported issues and the well-tested Google car had its first crash in 2016 after several years of use. Experience tells us control software, and its decision-making logic, is not infallible. While incidents are rare, the potential remains for them to be catastrophic.

Automation at the levels envisaged by manufacturers is bordering on both the common place and science fiction. To me the SAE International levels are an Isaac Asimov-like ‘six laws of driving automation’; from no automation (level zero) through to full automation (level six) with various modes and capabilities being engaged across the driving range. For levels three to six, an increasingly bewildering range of technologies that make up vehicle systems could equate to the robotic ‘positronic brain’ in Asimov’s robots – the heart of autonomous decision-making for vehicle control, monitoring and performance.

Reading between the lines, no doubt Asimov’s robots were very heavily tested and the positronic brains put through their paces. It feels like the same may not be said for autonomous vehicles.

In technology terms alone, interconnectedness abounds both within and without the vehicle and the attack surface is staggering: infotainment systems, wireless sensors, diagnostic ports, infrared control, USB, Bluetooth, keyless entry and telematics services with in-car applications. Each of these systems is potentially complicated by various levels of product maturity and multivendor system solutions that in turn engage with other elements of a digital ecosystem.

While the core components in themselves may be robust, it is the link to other components outside the core elements that offer potential areas of weakness and vulnerability to cyber-attack from increasingly challenging threats. Should an attack or system failure occur, the impact is huge in terms of vehicle passengers and the manufacturer’s reputation. Securing these linkages across a diverse vendor base is a huge challenge. This patchwork build structure inevitably leads to weaknesses, many of which will be very familiar to veteran security hands:

  • Poor, or non-existent, product hardening including simple passwords or open communications
  • Lack of encryption across the vehicle network and through the telematics system
  • Poor segregation between components across the vehicle network.

These are security’s ‘grapes’, ripe for picking, followed by mayhem in the pressing shed. There is so much more that the manufacturers could do but at the moment they appear to choose not to.

While technology advances, bigger, more human-centric questions are raised. Trust is critical. Humans must believe that these autonomous systems will operate properly if the industry has a successful future. After all, just who would get into one if the destination could be changed and the doors locked to stop escape! Providing real assurance that a vehicle is safe and secure is paramount.

Also, its decision-making heart must also be able to make the same value judgements that humans make every day. Can it make decisions between life and death? What logic applies then? What humans do by reaction, wisdom or feeling needs replicating. We must have full confidence in the systems if we are to use them on our roads.

Just how do we provide this assurance? How happy do people need to be to give up their control?

The industry is confident it can overcome these challenges, but from a security perspective the way forward does not seem so assured. With a multitude of manufacturers and vendors each developing products in isolation or exclusive partnerships, this fragmentation hides potential vulnerabilities between systems and implementations. Over the last couple of years we’ve started to see some emerging security approaches beyond ISO 26262 but these don’t feel enough. Both the SAE and the IET have active groups exploring these issues so the problem is being worked on.

With all this new technology about, security needs to step back a bit and perhaps remember the 80-20 rule: As a starting point, implementing the 20% most important controls will likely manage 80% of the security risk. This basic approach can take security forward with a bit more pace – taking an overall look at vehicle cyber security through a framework model focused at increasing protection, resilience, awareness and confidence in the systems.

At the very least manufacturers and vendors could be prompted to assess the overall maturity of their cyber security within the operational systems of vehicles, the modules they plug in and how they then interact, including the information captured and its subsequent flow. These assessments can be used as a baseline to demonstrate what is being performed well, what security gaps exist and how these can be reduced to increase the overall security posture.

Taking things further through more regular reviews and updates of systems that include patching on the move, improvements in general and good housekeeping all go a long way to getting the 80-20 right and taking most vulnerabilities out of circulation. This can only lead to better human assurance that really builds confidence in these vehicles.