A safer, risk-free driving experience is becoming amplified as the world shifts gears towards an autonomous, connected reality.

Pre-empting the unforeseeable

The premise of a safer, risk-free driving experience is becoming amplified as the world shifts gears towards an autonomous, connected reality. But therein exists a growing need to pre-empt cyber threats before they occur by having a true understanding of what a connected mobility network means.

With the Internet of Things (IoT) allowing the world to become more connected, an obvious concern is the hacking of vehicles and data due to the vast amount of information and processing needed to operate and deploy fleets of autonomous vehicles. SMART and autonomous vehicles also have more digital points to be attacked compared to current vehicles, and threat actors don’t necessarily need physical access to a vehicle to be successful.

This predicament is nothing new. Chrysler previously had to recall 1.4 million vehicles after two hackers gained remote control of a Jeep via the internet taking over the vehicle’s dashboard, steering, brakes and transmission. A team of hackers also managed to take remote control of a Tesla Model S from 12 miles away. These flaws have raised concerns that hackers could shut down vehicle safety measures, or potentially control a vehicle to be used in attacks. Not only would this lower the cost to the attacker; this could have a larger impact if the traditional security measures such as hostile vehicle mitigation have been removed. Unlike traditional failed attacks where evidence is often left, an unsuccessful hack may not be detected meaning that attackers could make multiple attempts before being detected.

Another risk is that cyber criminals could also track people’s movements. Growing concerns around the data collected from apps on smartphones will only be magnified as vehicles become more connected. If not mitigated in advance, threat actors could potentially know the music you listen to, your location, fuel usage, or preferred charging locations at a minimum – valuable information which could be sold and exploited.

In addition to accelerating current risks, autonomous vehicles could also introduce new risks, and companies that operate fleets of vehicles could be essentially ‘locked out’ for ransom as seen with the destructive capabilities of WannaCry ransomware. Although this could be mitigated through cybersecurity, a key question remains: Will humans ever trust technology enough to not have a human override?

History proves that humans are imperfect; human drivers are imperfect.

At the driving wheel

Often, the most widely perceived issue at the centre of risk aversion is the human factor. Whether acting with malicious intent or simply causing accidents, history proves that humans are imperfect; human drivers are imperfect. We are vulnerable to an array of physical and mental factors which can impair our judgement, slow our response times, and lead to poor decision making.

Advancements in technology have already seen driver aids that can help prevent vehicle accidents. These include features such as autonomous emergency breaking, lane keep assist, and driver condition monitors. Whilst some mitigation measures can be put in place to counter some of these human related risks, there is strong consensus that limiting human input even more will benefit security related to vehicle threats.

The human touch

If for whatever reason human input remains an option to control vehicles, then traditional vehicle security controls such as hostile vehicle mitigation will need to remain in the urban environment to prevent vehicles being used in traditional or non-traditional attacks. If current threats remain, and additional ones are introduced as by-products of the mobility revolution, then security challenges will become more complex.

Whilst the number of attacks may be reduced due to the increased level of capability required to gain access to the vehicle’s controls, the likelihood of them will still exist. This means future security programs need to be approached holistically to ensure that potential risks are identified and mitigated.

This puts a greater emphasis on the need for security planning in urban environments to be integrated within the wider area and city transport systems. While the mobility revolution will certainly introduce new security challenges and the industry will need to evolve, the fundamentals of security planning cannot be forgotten in the digital age if we are to tackle these invisibles threats head-on.

 

If current threats remain, and additional ones are introduced as by-products of the mobility revolution, then security challenges will become more complex