Security Challenges for Connected 
and Autonomous Vehicles

Complimentary report
Driverless vehicles are no longer the stuff of science fiction fantasy. However, that doesn’t mean they will be catching green lights any time soon
At the turn of the century, the idea that roads may one day be full of vehicles that drive themselves, would have been dismissed as mere science fiction. No longer.
 
In the past decade, the technology behind ‘autonomous’ vehicles has advanced significantly, and trials of ‘driverless cars’ have been underway for several years. So much so, that governments across the world are already in discussions with manufacturers and regulators about how and when they may be legally permitted on public roads.
 
However, as the area receives more focus, more questions arise, including how to solve complex problems in human factors, insurance, regulation, infrastructure, security, and above all others, safety.
 
 

Here are five issues putting the brakes on Connected and Autonomous Vehicles (CAVs) – at least for the time being:


 

Connected vehicles ecosystems icon 1) Supporting ecosystems required

To operate safely, CAVs need roadside infrastructure – devices that will replace fixed gantry signs and signals delivering in-vehicle information; cellular service providers of 5G communication to the vehicles; and back office systems for infotainment. Security needs not only to support the vehicle but also across an entire ecosystem such that there is a common baseline of trust between vehicles, related devices and supporting infrastructure. Read the full report.
 
 

Connected vehicles data vulnerability icon 2) Ongoing data vulnerabilities

Connected and Autonomous technologies both depend upon the generation and analysis of massive volumes of data. This explosion of new technology, connectivity and data results in a significant expansion of the attack surface – in a digital world, the technology can potentially be manipulated to gain access, both locally and remotely. Read the full report. Read the full report.
 
 

Connected vehicles CAV Complexity icon 3) CAV Complexity

Today’s modern car is effectively an Internet of Things ecosystem of its own. It is a system of interconnected sub-systems, and it has been predicted that by 2025 one vehicle alone is likely to contain over 600 million Lines of Code – more than a Boeing 787 (6.5 million), or Facebook (62 million). This complexity introduces a vast attack surface for an attacker to select from. Read the full report.
 
 

Connected Vehicles Mechanical Mishaps icon 4) Mechanical mishaps

When it comes to engineering the modern vehicle, Engine Control Units (ECUs) are produced by a diverse supply chain and supplied as black boxes to the manufacturer. Detecting issues is only going to become more difficult as more technology is deployed. Yet even in 2020, 300 vulnerabilities were found in over 40 ECUs developed by Tier-1 companies and original equipment manufacturers. Read the full report.
 
 

Connected vehicles Attack Vectors icon 5) Increased attack vectors

An attack vector is the path that an attacker takes to gain access to its target and they now have a range of options when seeking to compromise and gain control or influence over a CAV. To take two examples, most vehicles now come with embedded SIMs, which means they are publicly addressable from anywhere in the world. Similarly, some vehicle manufacturers have already deployed local Wi-Fi hotspots for passengers - a soft target for attackers. Read the full report.
 
 
To achieve the perceived safety, environmental and economic benefits of CAVs, industry needs to carefully balance the race to market with security assurance. Although the technology is now significantly advanced, these challenges must be more fully understood and addressed before a future for vehicles without drivers can be fully realised.


Download the full report to further explore the technology and security issues facing autonomous driving:

 
 
 

About the author
Emyr Thomas is an Operational Technology Lead Consultant, BAE Systems Applied Intelligence
emyr.thomas@baesystems.com

 
 

Further reading

  • All roads lead to IT. Victoria Higgin has her pedal to the metal. The CIO of Highways England tells Mivy James about growing an IT function, digital literacy and life connecting communities up down the country
  • Catching the new technology train. Thomas Bennett may have spent his career focusing on cyber security but he remains an optimist at heart – and a passionate fan of technological advances. He tells Nadia Doughty about his life as the security business development manager of Norway’s Telenor Group
  • Robots in disguise. Swarm robots need not be the stuff of nightmares, says Tom Longstaff. In fact, they offer huge potential to the public good
  • The human heart of technological change. Are computers really poised to assume total control over humanity in the years to come? Chris Bull says that for all the bewildering power of computers, the human element remains key to achieving longer term transformations
  • The drive for Digital Transformation. Digital transformation is not a destination, but a journey, and one that can require you to traverse some challenging terrain. Here, Sandy Boxall and Rob Clifford explain why only the careful orchestration of people, process, technology and culture will get you moving in the right direction