Connected and Autonomous Vehicles (CAVs) are changing the way we think about mobility, and transforming the digital network infrastructure that supports these vehicles.
Soon, every car will be connected and able to talk to everything around it using Vehicle-to-Everything (V2X) technology, including other cars and smart city infrastructure.
But as with any connected computing device, the advent of CAVs brings with it security threats, as the number of computing and network components both inside and outside a car will dramatically increase—raising the attack surface for criminals to wreak havoc.
The infamous Jeep hack in 2015 is a prime example. Two white-hat hackers were successfully able to hack a Jeep on the motorway—stalling the engine to bring it to a complete stop. Fiat Chrysler recalled 1.4m cars in response, and it resulted in the first legal dispute of its kind.
New threats on the horizon
While the hackers in the Jeep incident didn’t harbour any sinister intentions, others won’t be so kind. As connectivity grows to become the nervous system of our new mobility infrastructure, connecting our cars to base stations and our future smart cities, we will start to see malicious actors spread code with increased virality—much like how biological pathogens spread. For automakers and Original Equipment Manufacturer (OEM) device producers, tracking all the vulnerabilities across the systems running their CAVs is a challenging task.
Firstly, because there are no established standards for vehicle security. The EU only offers recommendations on how auto and OEMs should cope with cybersecurity challenges for autonomous driving. The absence of clear, defined technical requirements for autonomous driving security means getting security right in autonomous cars is tricky.
Automakers and OEMs not only have to consider the security of the firmware and software against the typical threat of cyberattacks, it’s made more complicated by a connected IoT system where one vulnerability could open up the system to even more threats. With a lack of standards and potentially millions of OEM devices connecting with each other, it’s nearly impossible to know exactly where the threat will come from.
Building our defences
While in some industries security breaches only disrupt business operations, for CAVs, breaches can be a matter of life or death. For autonomous vehicles to become a reality, they need to be safe, reliable and resilient enough to earn the public’s trust. Fortunately, the solution lies with the technology that will make autonomous driving a reality in the first place—AI and machine learning.
One project showing AI’s budding potential is the BT Mobius project. Trialled in 2020, the project showed that AI powered epidemiological methods—typically used to model the spread of pathogens—could be deployed to model the spread of malware over V2X communications in CAVs. This is potentially game changing in turning the tide against malicious actors. If deployed across our entire mobility infrastructure, it could function as the immune system for the network, responding to an attack in the same way our white blood cells would respond to infection— using SDN-based security applications to quickly block malicious intruders at the entry point where possible, otherwise change security controls to slow down and limit the spread of the attack or divert them to firewalls before they do more damage to the network.
On the road to autonomous driving
Connectivity is the key force bringing us closer to a future where automation plays a central role in our daily lives, particularly where mobility is concerned. However, as we advance towards that goal, we must keep our eye on the hazards that threaten to throw us off course. Connectivity providers can help automakers and OEMs monitor and protect their connected vehicles from future threats, creating a secure operational environment that will enable them to maintain control over their cars and safeguard the passengers that ride them. AI and machine learning are the indispensable tools that will protect against cyber threats to the mobility networks of today, and tomorrow.