The British Government’s investigation into driverless cars has just come to a close. One of the key aims was to provide guidance to motorists about autonomous vehicle safety, but their work missed out one key area: cyber security. The current approach to this serious issue is outdated and not fit for cars of the future.
Autonomous vehicles will revolutionize our roads and the way we think about car ownership. We can already see the first shoots of this revolution in Pittsburgh, where Uber introduced a fleet of self-driving cars last month. The company’s plan for a ubiquitous, inexpensive autonomous fleet means that car ownership may soon become obsolete. That time may not be far away. Moody’s has estimated that fully autonomous or driverless cars could be a common option on U.S. vehicles by about 2030 and is likely to be standard on all new vehicles by 2035 – paving the way for publicly shared vehicles.
Just like the evolving ownership market, vehicles themselves are changing. Soon they will be more like computers with wheels, than vehicles carrying computers. Cellular inputs, autonomous navigation systems and a growing myriad of other endpoints are increasing the number of vulnerabilities that can be exploited. The more connected cars become, the more vulnerable they become. So as the cars change, so must the method of protection – and the auto-tech industry is failing to keep up. They are using outdated models that cannot provide the flexible bulwark required in this threat landscape.
After the incident with Chrysler, where professional hackers remotely disabled a jeep on the highway, people were asked to either take their car to a dealer for an update, or update it themselves using a USB – meaning there was no guarantee that all of the affected vehicles received the necessary security patch. This ‘DIY’ model, a complex supply chain which means that the manufacturer doesn’t necessarily own the software, along with a general reluctance to share information with security experts is not safe or sustainable.
If protection doesn’t evolve, the repercussions for consumers could be severe: vehicle theft; invasions of privacy; and serious injury are all possible risks – not to mention the potential commercial and reputational damage that could be inflicted upon manufacturers if security is not up to scratch.
The Chrysler recall highlights why traditional models of protection will not work with the cars of tomorrow. Once a flaw in the software is found, the whole line must be individually updated. In the age when car ownership is obsolete, the auto-tech industry must consider a rapid detection and response model, one which allows constant visibility and control of large networks – in their case, their fleets. This will allow outdated safety measures to be fixed within a quick timeframe – one which doesn’t cripple a critical piece of infrastructure.
This must be the solution adopted by the industry before shared, driverless cars become a critical and mainstream part of our transportation network. To protect themselves and their customers, auto-tech companies must fix this flaw in their cyber defenses.
Like what you see? Click here and sign up to receive the latest Tanium news and learn about our upcoming events.