Autonomous vehicles are becoming more advanced year after year indicating that our roads could be fully automated sooner than many people imagined. However, the biggest question in most users’ minds remains: Is cybersecurity ready for driverless cars? As much as tech and auto companies are giving their all to guarantee the safety of autonomy, most industry stakeholders are still skeptical about the prospects of full autonomy.
Challenges and Solutions
Studies have shown that over 50% of the American population doesn’t trust the cybersecurity infrastructure that driverless cars currently use. Most of this skepticism arises from the distrust people have in machines; giving up control to a machine is a big ask for many people and it is understandable. First, people compare autonomous cars to moving computers, and with the rising cases of cybercrime; it would be naïve to not be concerned about passenger safety. The allowable margin of error when it comes to driverless cars must be extremely thin because people’s lives are at stake, unlike with computers where only data gets stolen.
Secondly, to guarantee safety, auto manufacturers must come up with foolproof, flexible cybersecurity measures that can outsmart the ever-evolving cyber threats. The truth, however, is that not many cybersecurity measures have been able to at the very least outsmart the dynamism of cyber-attacks. It appears like attackers are always a step ahead of everybody else. How carmakers will address this challenge remains to be seen.
What solutions are driverless cars’ manufacturers offering?
The obvious solution would be to invest in a VPN such as ExpressVPN. What is a VPN? It is a virtual private network that blocks intruders from accessing and/or stealing data from a network. Judging from the success VPNs have had in thwarting cybercrimes, it is fair to say that car manufacturers that will set up VPN for their cars will have taken a huge step towards guaranteeing passenger safety.
Another common solution that’s being fronted is adversarial machine learning. Carmakers are testing the possibility of boosting driverless vehicles’ cybersecurity through machine learning. They hope that cars can learn patterns and tricks that attackers use so that they can identify and thwart potential threats before they happen. This proactive approach seems to be working for now, but no conclusions can be made yet because attackers aren’t actively targeting these vehicles.
Carmakers will only know for sure if the approach is reliable once AVs are fully commercialized and there are real cybersecurity threats to neutralize. All they can do for now is keep conducting internal security testing, particularly “white hat” hacking tactics. This involves security specialists infiltrating the AVs’ cybersecurity system to expose potential vulnerabilities so that they can be fixed beforehand.
Auto manufacturers are also looking into the possibilities of building detection and prevention software into their driverless cars so that the cars can detect threats and block out attackers from accessing important data.
If this works, human operators will be able to monitor cars from remote locations and respond fast in case of an intrusion. However, such internal protocols might not be feasible in the long run; they will create exploitable security gaps as carmakers cannot be trusted to regulate themselves. Security experts fear that as soon as the cars hit the roads and replace human drivers, some companies will relax their security muscles and forget about consumers’ safety concerns altogether.
There needs to be a regulator or a set of standards that carmakers and their partners must abide by.
Needed Cybersecurity Standards
The standards of AV’s cybersecurity will soon be set by the International Organization for Standardization in collaboration with SAE International. The two reputable standardization firms hope to come up with international safety standards that will guarantee passenger security on a global scale. Carmakers will then be working within the framework provided by IOS and SAE. The framework is centered on three firm pillars:
- A strong cybersecurity plan.
- An adaptable cybersecurity infrastructure that has the ability to keep up with changing threat landscape.
- A cybersecurity management system that is binding for all car manufacturers.
If the three pillars are prioritized in the entire manufacturing process- from design, engineering, to production, it will be safe to argue that the cybersecurity measures will be adequate for a driverless future. The pillars have to be prioritized for post-manufacturing processes such as repair and maintenance. But then, all industry stakeholders have to agree on the set security standards before they take effect.
The potential for growth that driverless cars have is undeniable. We all will eventually agree to hand over the keys to machines and enjoy the convenience that comes with being driven around. However, as for now, car manufacturers have their job cut out in winning over people who are too afraid to ride in a fully autonomous vehicle.