The future of transportation is simultaneously terrific and terrifying, with ‘road transport’ having the most potential for change as a rapidly increasing number of vehicles compete for limited road space. This ‘race for space’ on the roads poses several environmental and ethical conundrums about the future of our highways and the rise of electric and automated cars in the digital age.
Manufacturers are striving to find a solution to the environmental effects of petrol and diesel vehicles, and this has seen significantly more electric cars hit the streets. In fact, the global electric car fleet exceeded 5.1 million, up two million from the previous year and almost doubling the number of new electric car sales. This marks a substantial investment in a more sustainable method of transportation as vehicles are beginning to adapt and move towards the new digital era.
Moving towards a more autonomous future
Autonomous and ‘connected’ vehicles are being hailed as the solution to help improve impending environmental and safety issues, but as more of these automated cars hit the road, so do the potential dangers they bring.
With automation, the slightest malfunction can be deadly. Sadly, it was recently reported that the reason behind Uber’s fatal self-driving vehicle test was due to a software problem that failed to recognise a jaywalking pedestrian. Therefore, as a society we need to ensure that these vehicles operate in a safe and secure way in order to prevent any similar occurrences.
Modern cars are equipped with over 80 central processing units, kilometres of cable, several hundred MB of software and half a dozen in‐vehicle networks. In other words, cars are increasingly transitioning into mobile computers that just so happen to carry you and your family.
When fully ‘self-driving’ cars will become available to the general public (maybe by 2030/2035?), they will require even smarter processing power to cope with the unique scenarios that can occur during a dynamic, totally automated car journey. These scenarios will include longitudinal challenges such as keeping a safe distance from the car in front and lateral challenges such as pedestrians, other vehicles and various objects moving in front of the car. All of this will require split second decisions from reliable software and hardware that can only be achieved if the vehicle has been designed to be both safe and secure.
Recently, the move towards a ‘driverless car’ future reached a milestone with UK tech firm, Oxbotica demonstrating the first autonomous fleet on Britain’s streets in London. The fleet of Ford Mondeos fully fitted with autonomous technology operated on public roads around the former Olympic Park in Stratford with apparent success. This partially government-funded £13.6m programme was another step in demonstrating that autonomous vehicles could potentially operate in real-life situations in a large European city.
The cyber side of autonomous vehicles
This becomes increasingly challenging when considering external actors who may target these vehicles. If hackers could influence decision-making to bias a particular outcome there could be catastrophic effects. Where previously the artificial intelligence system may choose the ‘less bad’ answer, it could be altered to became more destructive. If this hacking is subtle, such an attack may not be recognised until a lot of statistical data has been assessed – probably far too late.
Writing secure software is immensely difficult. The millions of lines of code in an autonomous vehicle will surely contain unforeseen bugs, as demonstrated by Uber’s failed test-drive, that will need to be patched and managed over a car’s lifetime. In the near future manufacturers will be expected to comply with regulations such as ISO/SAE 21434, which ensures that OEMs and suppliers follow due diligence, implementing cybersecurity engineering across the lifetime of a vehicle. As we transition through the stages of vehicle automation, each new level could demand an increase in computing power, software and hardware. With this, cybersecurity risks will increase as the attack surface area expands.
The rise of intelligent transportation systems
Furthering the whole autonomous driving experience, Intelligent Transport Systems (ITS) are being developed and rolled out in order to improve the efficiency of road use, enhance safety and ensure the comfort of drivers and their passengers. ITS will make use of the emerging Internet of Vehicles (IoV) – a constantly moving network made up of the Internet of Things-enabled (IoT) cars – along with roadside sensors and data collectors. As well as delivering inter-vehicle connectivity, the IoV will help integrate information to maintain traffic flow, enable more effective fleet management and, importantly, provide accident avoidance.
There are many potential applications for ITS in smart cities, including cooperative awareness, safe lane changing, safe intersection crossing, optimal traffic signal control, emergency warning notifications, and smart parking allocation. However, while the potential for ITS is huge, so is the possibility that these systems could be subject to a cyber-related attack, like a denial of service (DoS) exploit, where an ITS service is eavesdropped on, tampered with or otherwise rendered unavailable.
The motivation for these attacks varies considerably depending on who launches them. From experimental “script kiddie” hobbyists, through to nation states intent on disrupting traffic flows, the rationales range from pure vandalism to creating disorder and providing a diversion for other attacks. The use of such tools by agenda-driven protest groups is also becoming highly likely.
In October 2013, reports emerged of a cyberattack that caused a 20-minute shutdown of an Israeli toll road tunnel. This was followed by an eight-hour shutdown the next day, causing traffic congestion.
Hacking electronic road signs is often seen as a prank, made simpler due to poor physical security and how easily the displayed information can be changed. When traffic is carelessly re-routed, it can cause congestion and traffic jams. Unfortunately, not all prank messages are humorous, and some can be offensive. They can distract drivers and potentially cause an accident.
Vehicle OEMs, in particular, need to understand the inherent cybersecurity risk in their futuristic products and technologies. They must ensure products are safe and secure by design. Producers should not wait for regulators to force them to consider the digital security in what they’re creating. These concerns should be a built into the fabric of future automotive design and development not just an afterthought. After all motor vehicle cannot be considered safe if it is not secure.
Nigel Stanley, CTO, TUV Rheinland