Paving the Way for Safe and Secure Self-Driving Cars

More than 60 percent of consumers are interested in replacing their vehicles with completely self-driving cars, according to the Self-Driving Vehicles: Consumer Sentiments report by the Consumer Technology Association (CTA)™, and more widespread acceptance hinges on ensuring that self-driving cars are safe and secure.

“Fear of autonomous vehicles getting confused by unexpected situations, safety concerns around equipment and systems failures, and vehicle and system security are top concerns around using fully automated vehicles,” said Mike Ramsey, research director at Gartner.

Automakers, tech companies, and state and local agencies are keenly aware of these consumer concerns and are taking steps to implement safeguards and thorough testing plans.

Securing Self-Driving Cars

When considering security for self-driving cars, there are two types of attacks these smart, connected vehicles are susceptible to, which are outlined in the Automotive Technology Roadmap: The Road to Autonomy report by the Consumer Technology Association (CTA)™:

  • Logical attacks are when the vehicle is accessed remotely. Similar to a computer hack, logical attacks can be thwarted by the same type of security: “internet security with strong cryptography software, secure protocols, secure boot and authentication, and support by isolation/acceleration hardware.”
  • Physical attacks are when the vehicle itself is targeted. Beyond standard car security features, self-driving cars need to be protected against reverse engineering and fault injection with “dedicated hardware providing a high level of tamper-resistance.”

Security attacks on self-driving cars can not only affect the physical safety of the car and its driver; they can also put at risk user data. Self-driving cartechnology is predicated on storing and analyzing vast amounts of data, either locally within the vehicle or in a data center, to enable vehicle guidance, traffic management, sensor data and more.

The auto industry takes cybersecurity seriously and has created a sharing and analysis center  to foster collaboration and share threats and a best practices guidance for privacy protections.

To address the security threats, cybersecurity companies are among the companies that have formed partnerships with traditional vehicle manufacturers and suppliers. For example, in April 2017, Argus Cyber Security (a CTA member company) discovered a security vulnerability with the Drivelog Connector dongle by Bosch (also a CTA member company). Argus researchers were able to take control of a moving car from a standard Bluetooth device, exposing a vulnerability in the dongle.

Because of incidents such as these, the United Kingdom released in August 2017 guidelines for cybersecurity in vehicles.

“Whether we’re turning cars into Wi-Fi-connected hotspots or equipping them with millions of lines of code to create fully autonomous vehicles, cars are more vulnerable than ever to hacking and data theft,” reads the introduction of The Key Principles of Vehicle Cyber Security for Connected and Automated Vehicles.

“It’s essential that all parties involved in the manufacturing supply chain, from designers and engineers, to retailers and senior level executives, are provided with a consistent set of guidelines that support this global industry.” 

Regulating the Rollout of Self-Driving Cars

Ram Vasuvedan of MCity talks at SXSW 2017 Innovation Policy Day

To ensure that self-driving car testing is safe and that self-driving cars can be rolled out across the world, consistency is the key — because cars are inherently mobile and functions can’t change when the vehicle crosses a state or country border.

On Sept. 12, 2017, the National Highway Traffic Safety Administration released an updated federal automated vehicles policy report that provides

  • Voluntary guidance for the industry for 12 priority safety design elements relating to self-driving vehicles.
  • Best practices for state legislation relating to integrating self-driving cars, with a focus on removing current legal barriers, such as “one hand on the wheel”-type laws, and discouraging states from mandating the voluntary guidance.
  • Suggestions for consumer education by both industry and the government.

Also in September 2017, the U.S. House of Representatives unanimously passed a proposal to accelerate the testing and deployment of self-driving cars. The legislation “would allow automakers to obtain exemptions to deploy up to 25,000 vehicles without meeting existing auto safety standards in the first year,” Reuters reported. The number of exemptions would increase to 100,000 vehicles annually in the next three years.

Until a comprehensive federal policy for self-driving cars is in place, states will continue to fill the gap with legislation on the local level. Twenty-one states have passed legislation relating to self-driving cars, and three states have used executive orders to regulate the technology. The number of states introducing legislation has been increasing each year, and each state’s laws and guidelines have different purposes, definitions and priorities.

"The growing patchwork of legislation and rules across the country is a significant barrier to testing the full potential of self-driving vehicles,” says Gary Shapiro, president and CEO of the Consumer Technology Association (CTA). “We appreciate the leadership of the House … in establishing a clear direction about the proper roles of state and federal governments in regulating self-driving cars.”    

For the self-driving industry, consistency on roadways is essential to testing and deployment, and the patchwork of regulations puts the brakes on innovation.