Andrew Martin (left), professor of systems security at Oxford University in the UK, is an expert in ‘trusted computing technologies’, particularly in cloud, mobile, and embedded applications –embodied in the concept of the Internet of Things. Here, he gives his expert opinion on potential security issues in the field of autonomous vehicles – flagging areas, such as freight, that transportation authorities should be ready to protect from cyber attack.
What are your main concerns about cyber security in autonomous vehicles?
Most people probably think of security breaches comprimising safety: but I doubt these are in principle any worse for autonomous vehicles than for existing vehicles, which have lately been shown to be remotely hackable and controllable. That situation is a big mess, and it’s not going away anytime soon.
Autonomous vehicles may make the hacking a little bit easier: but the only significant new concern there is from hobbyists and back-street operations trying to ‘optimise’ or ‘tune’ the self-driving capability, and screwing it up in the process.
I think the bigger concern is one of hijack: autonomous delivery vehicles (and large trucks) make a very valuable target. Direct them to the wrong location, and you get the cargo. For very niche contexts, the same may apply to cars and kidnapping, but that’s a lot less of a concern in general, I’d guess.
Would is possible/desirable to introduce data monitoring to spot any anomalies?
Maybe. But intrusion detection is not the best-advanced of technologies today. It’s a sticking-plaster solution at best. It may have a place in vehicles, because the network traffic should be fairly regularized. The last think you want is a monitoring solution that blocks an “emergency stop” command because it’s not seen it before…
Upon what are you currently working, which is related to the security of autonomous vehicles, and what has been the result so far?
I’m interested in lots of contexts (at the moment, outside the specifics of autonomous vehicles) in how you get guarantees that the right/expected software is running, and hasn’t been replaced by rogue/bad software. The more connected things get, the more important it will be to be able to update their software regularly: but monthly service recalls look impractical, and do you want your car to update itself overnight at home?
The big question: There has been much talk about the cyber security of vehicles in use, but what about further up the supply chain? Could, for example, a component supplier have its own manufacturing processes hacked into altering its configurations slightly to build in flaws, which would only show up, say, months after the component has been installed, or giving false test readings? Is such commercial, or more malign, sabotage possible?
The supply chain issues are huge: not least because of the current regulatory regime which requires allowing a certain amount of competition. You can connect devices large and small to your vehicle from diverse places: who knows what they will do to the vehicle’s network? Vehicle manufacturers and tier one suppliers may have little idea about the software baked into the components they use. Again, this applies to existing vehicles: autonomous vehicles make it only slightly worse.
Can autonomous vehicles ever be entirely electronically secure and what is the best method of either achieving or approaching this?
They’ll be as secure as we’re willing to pay for — and experience says we’re not willing to pay much. Diminishing returns set in as you improve the security, too: keeping out the determined attacker is really very expensive. Home computers haven’t achieved it, and they are much easier to replace and update, on a much shorter timescale, and they probably have better economies of scale than vehicles. This analogy isn’t great: a better one might be with smartphones, because there’s a lot of diversity in the market, but relatively little security problem, at least in Western countries. But these get replaced after two years. The vehicle has to last a decade or more.
What are the chances of back-up (hot standby) electronic systems in autonomous vehicles?
Again, will anyone be willing to pay? Completely independent duplication of systems would be hugely expensive: without it, the independence of the fall-back system will be an illusion in some cases.
What are your vision and expectations?
On the one hand, I think there are a lot of knotty problems here that we are rushing forward into without due care: on the other the cyber security risks (especially the safety risks arising from attackers) from this new technology actually appear to be relatively small. I’d be looking for a careful, realistic, comprehensive risk analysis (covering everything from systems design, through supply chains, to expected patterns of deployment/use) before spending too much or making overly burdensome regulation.