Securing the Roads of the Future
28 August 2019
The race for market dominance in the vehicle manufacturing industry has resulted in huge advances in technology, with a more recent spotlight focused on autonomous vehicles (AVs). In the pursuit of full autonomy, vehicles are now equipped with a huge array of sensors, computers and control systems, all supported by hundreds of millions of lines of code. AVs are now being tested in controlled environments and the UK Government has plans to introduce driverless buses and taxis to London by 2021. It is hoped the resulting paradigm shift in the automotive landscape will bring about many societal benefits such as a decrease in vehicle collisions and a reduction in emissions caused by excessive braking and acceleration.
This pace and approach to technological change brings about significant security and safety risks to consider. Vehicle manufacturers are driven to be the first to market with new technologies and capabilities, however in many cases, the security of these new features has only been considered as an afterthought.
The number and complexity of modern vehicle systems have greatly increased the available attack surface and there are numerous examples of how they can be exploited. Recently, a team of researchers won an electric car and $35,000 when they managed to display messages on its display through a vulnerability in its web browser. However, hacking into cars is not a new trend, in 2015 two security researchers were able to remotely take control of a Jeep Cherokee travelling at 70mph and force it to stop.
News articles such as these demonstrate the amount of effort being directed at exploiting vulnerabilities in the vehicles themselves. However, comparably less focus has been directed at the wider infrastructure needed to support AVs.
Security risks don’t just exist in the vehicles, but in the roadside infrastructure as well
So why has there been so little press coverage about vulnerabilities in roadside infrastructure? While AVs have been in production for a while, the roadside infrastructure is still in development. This infrastructure is a critical part of the Connected and Autonomous Vehicles (CAV) environment - the umbrella term for vehicles which communicate with each other (V2V) and with a network of roadside infrastructure (V2I) - and is crucial to self driving cars being adopted on the roads.
Implemented properly, road side units (RSUs) will send information to vehicles about the state of the road at their position. This may include traffic information, notifications of accidents and information about roadworks, all from parts of the road that are too far away for the vehicle’s sensors to observe.
Now, imagine a scenario where a threat actor compromises one RSU and forces it to notify vehicles of a closure on all lanes. Autonomous cars could be programmed to move lane when receiving an alert without any human interaction. This could result in a situation where all vehicles on that stretch of road will try to move lanes at the same time, potentially resulting in an unsafe event such as a collision. Use cases such as this highlight why AV OEMs and supply chain manufacturers of the relevant hardware and systems, and the authorities in charge of implementing roadside infrastructure in the UK must consider cyber security at all stages of the development lifecycle, and not as an afterthought.
Suggested steps to embed security into their development process
- Understand the threat and regulator landscapes - Assessing the current threat landscape, who the actors are and what their motives could be is a start. However, the threats, actors and motives now will likely change in years to come, so organisations need to establish an adaptive approach to the development of hardware and systems that enables them to react and respond to changing threat and regulatory landscapes.
- Building resilience into the products - Resilient hardware and systems are designed on the principle that cyber attacks are inevitable but the consequences of cyber risk being realised can be limited. Design principles such as redundancy, independence and segregation are key to ensuring a successful intrusion does not necessarily result in an immediate safety event. In this way, these products can still maintain critical functions whilst undergoing a cyber attack. In the CAV environment this could be achieved by adopting some best practices such as ensuring there is no single point of failure and by building redundancy into critical functions. Once new products have been designed and built they need to be tested to ensure they meet initial specifications and do not have vulnerabilities coded or built in.
- Adopt a DevSecOps approach - DevSecOps is a growing approach in software engineering whereby security practices are integrated into every part of the software or program development process. Security is embedded in the design, testing and management of the program, moving into production without needing to be recalled due to security and/or safety failures. This approach can be applied to the development of systems needed to support critical hardware such as roadside units, on board vehicle units or traffic controllers. Separate subsystems can be built and tested in isolation, then with one another and then as a whole. This way security is involved from the outset.
These are just a few steps that organisations can take to help build hardware and systems in a secure manner. If you want to find out more about security by design, PwC’s Cyber Security team have experience in the security-driven development or you can read our whitepaper on DevSecOps to find out how your company can leverage our expertise in this fast growing area of software development.
Finally, get in touch if you want to find out more about securing disruptive technology or assurance over hardware and systems.