What needs to be done to overcome cybersecurity challenges?
It’s no doubt a question on the minds of many. Can autonomous vehicles really be trusted?
As technology continues to evolve and vehicle connectivity becomes more and more advanced, the potential risk from a cybersecurity perspective becomes exponentially greater.
To help answer that question and more, TU Automotive in conjunction with Wards Auto hosted a webinar entitled: Can we Trust Autonomous Cars?
The panel discussion assembled leading minds on the subject, Dr. Rasmus Adler, from the Fraunhofer Institute for Experimental Software Engineering and Dr. Florian Bauman from Dell Technologies. Moderating the session was Steve Bell from Ward’s Intelligence.
More vulnerable
Bell introduced the session and outlined the fact that as vehicles have become more complex and incorporate more advanced technology and greater connectivity, they are also more vulnerable to threats than ever before, whether those are physical, via connectivity or through hacking the software supply chain.
In fact, the issue has become so serious that regulations, including the recent UNECE WP. 29 directive, which went into force this year, zooms in on the responsibility of OEM to not only protect the vehicle and its occupants but also for development, pre and post-production as well as over-the-air software updates during its lifetime in service.
This becomes a more pressing concern as we see the number of connected vehicles on the roads grow in number.
Two key factors
Dr. Florian Bauman, concurred and noted that currently the automotive industry is driven by two major aspects, simplification and electrification.
Most vehicles today, although they employ a plethora of different electronic control units (ECUs) in most cases they are decentralized and not connected, with most aspects of the car still being hardware-defined.
That is changing as technology moves to a more centralized system where all ECUs and aspects of vehicle operational control are linked not only to each other but also to the surrounding environment such as service centres, parking garages, fuel filling stations.
Additionally, the adoption of over-the-air software updates, where consumers will not only be able to have their vehicle receive updates for its overall operation, but for adding on-demand features, such as heated or cooled seats, or autonomous driving capability, for a set price.
And when you look at the concept of having “smart” connected cities and “smart” connected vehicles that are constantly communicating with each other, the risk to vehicle and infrastructure operation posed by cyberattacks is actually quite terrifying.
Balance needed
Dr. Rasmus Adler added that in a connected world, there needs to be a balance between protecting data and sharing it.
“You have to be willing to share it,” he said, “but only for specific purposes.”
Adler noted that this concept is at present, particularly challenging for the automotive industry since OEMs aren’t generally involved that much in cybersecurity engineering.
Bauman said that in many cases, OEMs are trying to reach end-to-end solutions and develop proprietary code snippets, yet this has to be balanced with open source methodology.
If such a scenario can be achieved, it will allow the automotive industry to create safer functionality long-term.
Adler said that given the pace of change the industry is experiencing, with new startups and contenders challenging legacy OEMs, he actually sees the biggest risk, not in terms of cybersecurity but the business itself.
He stressed the need for collaboration within the industry at all levels to mitigate this risk exposure, “because competition is not effective enough to solve it.”
Standardized approach
In terms of autonomous driving technology, Adler explained that a standardized approach, where there is a collaboration among multiple OEMs stands the best chance of being successful, one where levels of security are collectively agreed upon; so reliability is increased and cybersecurity risk mitigated.
Bell noted that without some kind of “trust” framework, the whole concept of AV technology will likely never work properly and could simply wither and die.
While the panellists acknowledged that regulations are coming related to cybersecurity but it will likely be very generic.
This implies that security controls must be put in place but the challenge then becomes, how do OEMs and other key transportation stakeholders involved with the ecosystem actually put it to work.
Ultimately, the panel concluded that if any form of true autonomous technology and interconnectivity is to succeed in the transportation sector, it will have to rely on an open, cross-industry collaborative framework.