Cyber Security for Cars

There are many accidents that humans cannot avoid. Lidar, the Light Detection and Ranging system is a remote sensing method that uses light in the form of a pulsed laser to measure ranges or distances, and used in autonomous driving cars, is currently at level 3 and therefore not that much better than human drivers. Autonomous driving will get better. How? When? The 2020ies are a coming soon.

Taken from 2025 AD: In January 2014, the SAE - the Society of automotive engineers - classified the future of the automobile. They developed a harmonized system to describe six degrees of automated driving: from zero automation to full automation. It has since become one of the most widely used systems of classification. This overview summarizes the common aspects of the original classifications:

Lawmakers have been urged to consider the time it takes a driver to take back control from automated systems after new research revealed a significant gap in reaction times.

The latest Venturer report by AXA and Burges Salmon found delays of up to three seconds between a vehicle deactivating its autonomous mode and a driver taking back control.

Autonomous driving is at a developing stage but will help safe driving. Till then we should compare apples with apples; not apples with pears. Uber & Tesla are currently level 3 in terms of autonomous driving.

As for Audi & Volkswagen, along with Infineon, Bosch, ESCRYPT, Itemis, Mixed Mode, SCHUTZWERK, the University of Ulm, the Technical Universities of Braunschweig and Munich, the Free University of Berlin, the Karlsruhe University of Applied Sciences, and the Fraunhofer Institutes AISEC and IEM, they are all participating in an effort to develop new ways and means to protect self-driving cars from cyberattacks. Volkswagen’s CEO Dr. Herbert Diess said, “By the end of 2022, we will have invested more than €34 billion: in electromobility, autonomous driving, new mobility services and the digitalization of our products and the entire company.”

For me, the case for autonomous driving is that it creates plenty of business opportunities, and frees up time - suddenly you don’t need a driver, you have time to do something else: like sort out your kids’ homework during that commute, sort out groceries. Advertising platforms will have a field day!

But yes, there are some areas of concern, for example, who is liable for the handover period between self-driving systems and suggests that staged handover systems may be needed to ensure a safe transfer of control, especially at higher speeds?

One of the main conclusions in the report is that while legislators need to take into consideration the handover period while determining new regulation, it’s still important to highlight the capability of drivers and avoid stifling the appeal of the technology by unfairly penalising them.

While there’s clearly much to understand about the safety and security of autonomous and cooperative automated driving (AD), connected cars remain in development – and will become a viable proposition in the not-too-distant future.

What is a Connected Car?

Let’s clarify that the presence of devices in an automobile that connect the devices to other devices within the car/vehicles and or devices, networks and services outside the car including other cars, home, office or other apps makes the car connected. With wifi, cars can now warn drivers of accidents, of traffic, collisions and other safety alerts like snowy, slippery roads.

Many threats and vulnerabilities exist; and more will likely emerge as the technology progresses. It’s worth noting that today’s vehicles increasingly feature automated driver assistance technologies – such as forward collision warning, automatic emergency braking, and vehicle safety communications. But vehicle cybersecurity has been an overlooked area of research in the development of driverless vehicles. While this is an ongoing multi-industry discussion, let’s look at some of the pertinent issues.

Threats to Vehicle Cybersecurity

Technology is about trust.

Advanced driver assistance technologies depend on an array of electronics, sensors, and computer systems. Connected and automated vehicles are ‘cyber-physical systems’, with components in the real and virtual worlds.

Connected Cars & Malware Systems

As with anything online, these systems are vulnerable to those that regularly disrupt computer networks, like data thieves (of personal and financial information); spoofers (who present incorrect information to a vehicle); and denial-of-service attacks (that shut down computers and cars). In addition, hackers could take control over or shut-down a vehicle; criminals could ransom a vehicle or its passengers, and thieves who direct a self-driving car to relocate itself.

Many cars use controller area network (CAN) communicates with a vehicle’s electronic control unit (ECU), which operates many subsystems such as antilock brakes, airbags, transmission, audio system, doors, and many other parts—including the engine. Modern cars also use Diagnostic Version 2 port that used to diagnose problems with Mechanics and this could be abused by CAN traffic and intercepted from the OBD port which can be plugged into a car as a backdoor for external commands, controlling services such as the Wi-Fi connection and unlock the door.

The result?

Headlights disabled at night, airbag deployed at whim, rear wheel wheellock & skidding.

Applied to vehicles, cybersecurity is vital. Systems and components that govern safety must be protected from harmful attacks, unauthorized access, damage, or anything else that might interfere with safety functions. To cite one example, vulnerabilities in automated parking: mechanical attacks disabling the range sensors in park-assist or remote parking in order to require additional maintenance.

• In 2016, hackers proved the Nissan Leaf could be hacked from anywhere in the world via mobile app and web browser.
• In 2015, cybersecurity researchers demonstrated a remote attack on a Jeep Cherokee, sending it off the road.
• Also in 2015, hackers exploited a vulnerability in BMW's ConnectedDrive technology to unlock the cars.
• In 2016, hackers remotely unlocked Volkswagens.

There are additional security threats to the wide-ranging networks that will connect with autonomous vehicles: the financial networks that process tolls and parking payments, the roadway sensors, cameras and traffic signals, the electricity grid — and even our personal home networks. How does the AD industry deal with such multifarious potential safety and security issues?

Developing Collaborative Processes for AD

To secure products across the supply chain, the automotive sector must develop new ways to collaborate. Products can be secure only if they are designed with security in mind. High-quality components—from software to hardware—must implement the design. Original Equipment Manufacturers (OEMs) need to create and enforce stringent guidelines to minimize and software-security gaps and also enable easier modifying or patching systems.

A secure design, however, doesn’t guarantee security over time. To be effective, solutions must be implemented consistently. This requires increased collaboration between product-security teams and corporate IT-security teams. This is why over-the-air (OTA) updates—currently available for some cars — are obviously essential for connected systems.

OTA updates help OEMs rapidly counter attacks and eliminate specific vulnerabilities before attackers exploit them. However, this isn’t cheap: implementing support for OTA updates is pretty complex and costly, both for vehicles and the back-end infrastructure. Responsibility for implementation will lie with manufacturers.

So we return to the need for creating strict and effective regulatory guidelines – as well as beneficial multi-sector alliances to deal with regulators and to share intelligence on threats and vulnerabilities. Some automotive companies are already creating alliances; other OEMs and suppliers should consider joining them.

The Race for Regulation

Customer safety should be automakers’ foremost concern, meaning connected cars will get constant oversight and protection. OEMs, Tier 1s, regulatory bodies, insurance companies, technology companies, telecommunications organizations affected by the new attack landscape are working to strengthen cybersecurity. At Schweizer World, we’re doing our part to help revolutionise the automotive industry from Singapore, which we believe is at the forefront of automotive innovation.

In recent years, government agencies have begun producing reports and guidelines such as the Cyber Security and Resilience of Smart Cars by ENISA (the EU Cybersecurity Agency) and the Federal Guidance for improving Motor Vehicle Cybersecurity and NHTSA and Vehicle Cybersecurity and Automated Driving Systems (ADS): A Vision for Safety 2.0 in the US. In the UK, lawmakers have published their Key Principles of Vehicle Cyber Security for Connected and Automated Vehicles.

National governments are also acting on the emerging public safety implications of vehicle cybersecurity. For example, in 2017 US regulators passed bills like the 2015 Spy Car Act and the Security and Privacy in Your Car Study Act, focused on vehicle cybersecurity. US authorities have also passed the SELF DRIVE Act and the AV START Act, which make cybersecurity a necessary component of any automated driving system.

However, the industry’s best efforts will only succeed if car drivers understand the importance of cybersecurity, make efforts to maintain it, and take measures to avoid threats. There’s much work to be done & interesting challenges and opportunities lie ahead of us.