Ensuring cybersecurity is vital for a driverless future

Written by Erik Silfversten and Nathan Ryan on 9 February 2018 in Opinion
Opinion

Erik Silfversten and Nathan Ryan of RAND Europe discuss why built-in cybersecurity is as important a safety concern as any for manufacturers and legislators involved in the autonomous-vehicle space

The UK government aims to address cyberscurity concerns surrounding driverless cars, such as this prototype Nissan Leaf travelling around London, before they become a feature of UK roads  Credit: Philip Toscano/PA Archive/PA Images

High-profile accidents involving autonomous vehicles (AVs) have led to recent discussions about the physical safety of people. In 2016, there was a fatality of a US man using the Tesla Autopilot system. The first crash of Google’s self-driving vehicles also occurred in 2016, when it changed lanes and put itself in the path of an oncoming bus. 

However, it could be argued that consumers and manufacturers should be equally, if not more, concerned about the potential cybersecurity vulnerabilities in AVs. In July 2017, Tesla CEO Elon Musk warned the biggest concern for AVs is “someone achieving a fleet-wide hack”.  

In this regard, the UK government’s Department for Transport (DfT) is ahead of the curve. In August 2017, it issued new cybersecurity principles to the automotive sector to raise the standards of cybersecurity practices of AV manufacturers. The unprecedented move by the UK government signals that cybersecurity involving AVs is as much a transport issue as a critical national infrastructure matter. 

The principles aim to address cybersecurity concerns before autonomous vehicles come onto UK roads. In November 2017, UK chancellor Phillip Hammond said this could happen as early as 2021. 


Related content


DfT’s eight principles cover a broad range of cybersecurity concerns, from technical solutions, such as securely patching and updating software, to people and processes, such as organisational accountability at board level and assessing third-party risk on the supply-chain.

The level of effort and technical sophistication across the principles vary. For example, providing product aftercare and incident response to ensure the AV systems are secure, designing the AV system to be resilient to attacks and respond appropriately when its defences fail, and ensuring the secure storage and transmission of data, could all pose challenges to companies that are not familiar with digital technologies. 

Large technology companies that already have their own AV pilots, such as Google and Apple, will be more familiar with these principles and may have a slight advantage over traditional automotive companies. That being said, the cybersecurity principles do offer timely guidance for other companies looking to develop their own line of AVs before the technology becomes more widespread.

The publication of the cybersecurity principles signals a shift in UK policymaking, away from reactionary and problem-driven policy, and towards an attempt to shape and influence the development of AVs prior to their uptake. It is also an example of the UK government attempting to keep pace with rapid technological change, which can often accelerate ahead before meaningful policy decisions take place.

Overall, the cybersecurity principles should be seen as incremental steps to guide manufacturers and encourage safe and secure innovations around AVs. Cybersecurity, combined with measures around physical safety, could help drive the UK and the automotive car industry towards a safe and secure driverless future.

 

About the author

Erik Silfversten and Nathan Ryan are both analysts at the not-for-profit research organisation RAND Europe. Both work on cybersecurity and cyber defence policy research. This piece is based on analysis that originally appeared on Observatory for a Connected Society.

Share this page

Tags

Categories

CONTRIBUTIONS FROM READERS

Please login to post a comment or register for a free account.

Related Articles

The three public sector technology trends that will define 2019
27 December 2018

PublicTechnology editor Sam Trendall picks out the topics and trends that will dominate the year ahead, and revisits the predictions of a year ago to see any of them came to pass

The biggest stories of 2018 – part one
28 December 2018

We take a look back at the major developments that shaped the first half of the year

 

Related Sponsored Articles

Why BT UniCORN Framework – Join the partnership to cut costs and create opportunities
11 February 2019

Whether you need mobile devices or fibre optics, cloud services or switchboard systems, with UniCORN you'll have more purchasing power and unlock benefits you wouldn't get alone

Why BT London ICT Framework – sole provider for a pan-London procurement framework for ICT services
4 February 2019

BT understand the public sector in the capital. Frameworks offer a single, simplified way to get the ICT products and services you need

BT Customer Experience Centres: How our infrastructure and intelligence can transform your organisation
21 January 2019

BT always talks about helping its customers be there in the moments that matter. And that’s the idea at the core of their new Customer Experience Centres. Experience BT solutions first-hand and...