Can driverless vehicles be cyber secure?

21 April 2017

As vehicles become more complex and require connection to external networks in order to transmit data, the opportunity for security breaches becomes more apparent. While the benefits of driverless technology are clear, they require almost constant connection to data services through 5G networks. Experts are fearful that ′hackers’ could override security systems to gain entry, or even take over a vehicle on the move.

Already we have seen instances of cybersecurity breaches requiring manufacturers to issue digital patches. In 2015, BMW initiated what it called its first ever ′cyber recall’ when it uploaded a fix for a security-related problem to vehicles when they connected to the BMW Group Server. In the same year, automotive security researcher Charlie Miller remotely hacked into a Jeep Cherokee via its internet connection during a controlled experiment, taking over control and being able to turn the steering wheel and affect braking remotely.

Miller comments: ′They [vehicle manufacturers] need to get people to trust the vehicles, not just that they’re going to get them to the right place and safely, but that they don’t have to worry about the cybersecurity threat, as well. So it’s pretty important to them for their users to trust, and a part of that is to make sure the security is done right.’

Maik Boeres, head of future mobility at BMW AG, recently spoke about security surrounding vehicle data at the SMMT Connected conference in London. He said: ′We have 8.5 million connected cars out there, and they have no safety and security incidents right now, showing that we take security and privacy seriously. There is a lot of data that will be generated with automated vehicles. Manufacturers in both the German and European associations have created what we call the ′OEM extended vehicle back-end’, which we are all implementing, and this means we take the data from the vehicle, store it on a secure web-based server and give it to selected parties. It is up to us to look after that cloud of data, so we need to install and maintain secure systems on the transfer line. It is then up to the manufacturer to keep that security updated and therefore liability falls to us too.’

Sevvy Palmer, head of data analysis branch at the Centre for Connected and Autonomous Vehicles added: ′We have to get this [security around transmitted data] right to secure consumer trust, otherwise we will struggle to get a return on investment in this technology if people do not want to use it. We have to be clearer in our mind as to what risks are before we enter into an agreement with the consumer.’ The question of trust in autonomous vehicles is also raising its head in the USA, where a recent JD Power Tech Choice Study revealed growing scepticism among consumers about the safety of driverless vehicles, especially with older drivers. However, it is impossible to accurately predict how popular such vehicles will be before consumers have had a chance to test them, in much the same way as asking how useful a camera would be on a phone before such a device was launched. This was evident in the survey’s findings, as those who had experienced Tesla’s Autopilot system were twice as likely to embrace the technology.

With trust needing to be built, security from hacking and also that of data is a key component of the uptake in driverless cars, one that vehicle manufacturers are already exploring to ensure that when the technology does begin to roll out in the public domain, it will do so safely.