Autonomous Vehicles: Here They Come
Over the last few years vehicles certainly have been upgraded. The latest of vehicles on the road, connectedness has been the focus. These allow the user an enhance level of use and enjoyment of the vehicle. The user is able to watch the television, surf the internet, listen to over a hundred different music stations, and other functions specific to the model and year of the vehicle.
The user experience (UX) has been further improved and continues to be refined. This has taken shape with the autonomous vehicle research. The vehicle manufacturers and environment are moving toward this (Yagderel, Gemci, & Aktas, 2015). The autonomous vehicles, in one form or another, has been in use for years (Admin, 2011). In 2011 foreign defense departments were using the autonomous vehicles for security, patrolling parameters, moving equipment, and evacuating casualties. Additional uses for these may also be riot control. This focus has only narrowed over the last few years (LeVine, Zolfghari, & Polack, 2015). This used to be a novelty as seen at the theatre with movies, i.e. Minority Report and I, Robot.
The autonomous vehicle are a consumer benefit. The passenger is able to complete other tasks while in the car. These could be mundane, such as sleeping, reading, or grooming while the car is driving. The passenger could also be productive and work while riding in the vehicle, typing or reading memos or emails, reviewing contracts and other accounts.
As another benefit, the roadway capacity would increase substantially. The vehicles would not have the constraints that human driven vehicles presently do. At this point in time, the human experience limits several aspects of driving vehicles due to the parameters of our physical abilities. For instance there is a limitation as to speed at which we are able to receive data, process this, make a decision based on the data, and implement this. A computer-oriented vehicle engineered to complete these tasks automatically, i.e. the autonomous vehicle, is able to complete this at a much quicker pace due to the equipment and processors. The vehicles also will be in constant communication with its environment with the other vehicles, infrastructure, roadway, and other inputs. As a product of this, the speeds on the expressway would increase and the space between the vehicles would decrease. In effect this would economize the driving function. This trend and movement is not going to change. The autonomous vehicles are going to be part of the environment. For instance, BMW has promised a fully autonomous vehicle by 2021.
It is predicted that vehicles driving by humans will eventually not be allowed on the roads and expressways (Kiss, 2016). Imagine the utopia of no traffic jams, road rage,and traffic accidents becoming a rarity (Paul, 2013). There would be no more driver distractions or fatigue, that could lead to accidents (Khaliz, 2015). This is not outside the realm of reality. With autonomous vehicles being able to operate as such a higher level than humans, a “manually” driven vehicle would be dangerous and a detriment to the traffic flow and increase the number of potential accidents.
The autonomous vehicle has moved from the proof of concept (POC) due to the electronic sensors monitoring traffic (Miller, 2014). There are commercial trucks in Europe actively being tested for delivering service. This is indicative of the trust in the process and the direction vehicles are moving towards.
Although this appears to be an optimal situation and a clear benefit for society, there are still risks involved with the new technology. It is not possible to completely remove the risk of a cyber-attack (Ashiq, 2015). There are simply too many vulnerabilities that are unknown now and that will appear in the future. This is not only a US issue, but this is also being researched in the UK (KPMG, 2015). Although connected vehicles have been engineered for years and driven on the roadway for years, the manufacturers are still working through these issues.
Although this is, in the grand scheme, relatively new specialization, there still has been governance put into place. The entities involved with the autonomous vehicle have a rather pertinent and extensive set of responsibilities.
As this is relatively new, each vehicle manufacturer and vendor could have their own process, standards, and protocols to use specifically for the vehicle and/or the specific piece of equipment. The entities are present to work towards common protocols so each manufacturer does not need to re-engineer any of the processes.
The Institute of Transportation Engineers (ITE) connected Vehicle Program Task Force is one of these entities. This is part of the U.S. Department of Transportation Research and Innovative Technology Administration (RITA) ITS Joint Program. The purpose is to provide insight working through local agencies and persons in the industry. This has advanced the connected vehicle in the recent years (Institute of Transportation Engineers, 2013).
There is also the AASHTO Sub-Committee on Systems Operation and Management. This was organized to connect state’s Department of Transportation and local government. These work together to develop connected vehicles, and research and produce white papers (Institute of Transportation Engineers, 2013).
There are a number of different businesses directly involved with connected and autonomous vehicles. These individually have differing levels of exposure and involvement with the sub-field. These individual businesses may not have been fully enumerated in publications and newspapers in mass, however these entities do provide a valid and important functions. The following are merely a short list and not exhaustive of the businesses involved.
Arada Systems, Inc.
This firm developed wireless systems for the automotive industry initially. This market grew substantially and they began to fly from California to Detroit and Washington, DC quite regularly. The company ended up moving its headquarters to Michigan to they would be proximate and pertinent for the activities involved with the field (Vanhulle, 2016).
Tesla Motors is intrinsically involved with the autonomous vehicle development (Vanhulle, 2016). The team is presently engineering this. Tesla already has the autopilot function in the vehicle. This serves to sense the surroundings with optical recognition, ultrasonic sensor, and radar (Morley, 2016). The autopilot does have semi-autonomous steering, braking, and lane switching (Information Insurance Institute, 2016). Although this is not purely autonomous, the autopilot function is clearly working towards the final solution.
On a side note, although the autopilot is in the vehicles, this is vulnerable to attack. This was explored at the DefCON 2016 (Vaas, 2016). The autopilot function could be breached and made inoperable at rather inopportune times. This attack operates via spoofing the signals being sent back to the vehicle. The feature that allows this to work is the spoofed signal needs to be stronger than the legitimate signal.
Google is well-known to be involved with autonomous vehicles (Vanhulle, 2016; Jensen, 2016) and far along with the connected and autonomous vehicles (CAV) progression (Tannerton, 2014). They have had their vehicles on the track since at least 2013 (Armerding, 2013). THe plan is to have their vehicle on the road 2020 (Dennehy, 2015). Given the present state of the progression, this date may be overly optimistic.
Toyota also is engineering their own semi-autonomous vehicle with a Lexus model (Armerding, 2013) for over three years.
Beginning in 2014 General Motors has been publicly involved with other entities to install 120 miles of technology embedded highway (Levin, 2014). General Motors also recently purchased Cruise Automation to push the autonomous vehicle development (General Motors, 2016).
Apple elected to join the autonomous vehicle wave. Recently this has hit a few speed bumps, as evidenced by dozens of staff members (Thubron, 2016).
Continental announced in 2013 that their focus would be an automated vehicles (Tannert, 2014). The goal for this project is to have a fully autonomous vehicle by 2025. They have contracted with other companies (Cisco, IBM, and others) in working towards a V2X communications (Tannert, 2014).
Delphi’s focus has been engineering towards a less complex version of the vehicle safety systems for the CAV (Tannert, 2014). This may be implemented in certain instances. They have also worked with Mobileye to engineer the basics for the autonomous vehicle (Associated Press, 2016).
Ford plans on a fully autonomous vehicle by 2021. The initial forms may function as shuttles with multiple people and taxi-like services. The plan is for this to have no when, gas pedal, or brake pedal. The test vehicle is a version of this with a Ford Fusion in Mcity, a testing facility designed to used by autonomous vehicles.
No internet connected device, including vehicles, is completely secure (Smith, 2016). The autonomous vehicle platform provides a new sub-field to analyze. These vehicles provide an opportunity for attackers to test the vehicles and fleets for vulnerabilities to exploit. As these are connected and autonomous, this provides an exponentially more significant risk. A vehicle with passengers provides for a potentially dangerous tool if it were to be breached and any manual override disengaged. These security issues have made security professionals wary (Armerding, 2013). The level of security issues are at a entirely new level with these (Lu, 2014).
The autonomous vehicle have many of the same vulnerabilities as the present vehicles that are on the road. The additional risk is due to the vehicle driving itself and any breach not only affecting the single vehicle, but the others also on the road. In this case the vehicle may have no control of the vehicle. The aspect of security has to be integral into the mechanical and computer systems. This cannot be brought into the engineering at the end of the project, but needs to be infused throughout the engineering process and be a priority for the team.
With cyber-security, it is not only the nameplate manufacturer that is responsible for this. All the parties involved in securing the vehicle and its connective-ness are responsible for this, inclusive of the third party vendors providing services and equipment. As another source of opinion, other third parties should be utilized. An example of this would be the participants in bug bounty programs. These researchers have the ability to provide valuable insight into the vehicle’s security. The vehicle manufacturers need to have these third parties involved to research and report these vulnerabilities (Uchill, 2016).
Security Platform Guidance
There are many ways to secure the vehicle. This should not take merely one avenue to achieve this goal. This guidance is used with securing the enterprise with the defense in depth being applied.
Once source of guidance for the CAV is the NIST framework (Vijayan, 2016). This is created and approved by a number of professionals and entities. These party’s input has proven to be invaluable.
There has been a new security protocol created by the students at the University of Arkansas at Little Rock, which focusses on the CAN Bus (IANS, 2016). This provides another source of guidance to consider. This may not be all encompassing but would provide a source of information.
The security does not necessarily need to be merely application related. The security may also be hardware oriented. Researchers have developed a chip that is designed to verify its integrity to check if it had been modified or sabotaged. This checks the computer itself along with any of the hard-coded apps (Help Net Security, 2016). This would also be able to check for malware on the system (Thomson, 2016).
There are a number of risks with connected vehicles. Although the security is the primary risk for the autonomous vehicles, this may be divided into the different types and sources of risk. This has been actively studied (Jenson, 2014).
With a connected vehicle, there may be the general attacks seen with computers. This may include an attacker spoofing a vehicle or attacking the vehicle with a DoS (Lidar, 2016). The vehicles may be a victim of ransomware. The ransomware could infect the vehicle and the attacker could demand a payment to release the vehicle from the ransomware and provide the decryption key (Kiss, 2016). This is not a new attack. With the vehicles becoming more connected and moving towards autonomous vehicles, this will become a greater target. The lack of a robust cybersecurity program has and will allow this, unless the stance changed.
The vehicle may also be a victim of malware. This may take the form of a two stage virus (Fagnan & Kockelman, 2015). This could be dormant for a week, and at a certain point direct the vehicle to speed up to 80 mph and take a sharp right turn. This could also be used to attack a fleet.
The autonomous vehicle will be an integral part of our life in the very near fuutre. The vehicles will provide a benefit for consumers and commercial entities. Along with the benefits there are a number of risks. These may be mitigated with a strong and applied cyber-security program to the engineering of the vehicles.
Admin. (2011, June 28). AMSTAF-autonomous robotic security vehicle. Retrieved from http://defense-update.com/20110628_amsta.html
Ahiq, J.A. (2015, October 25). Security nightmare of driverless cars. Retrieved from http://www.tripwire.com/state-of-security/securty-data-protection/cyber-security/security-nightmare-of-driverless-cars/
Armerding, T. (2013, October 9). The ‘autonomous’, hackable car. Retrieved from http://www.csoonline.com/article/2134044/mobile-security/the--autonomous--hackable-car.html
Associated Press. (2016, August 23). Delphi, mobileye join forces on autonomous car platform. Retrieved from http://crainsdetroit.com/article/20160823/NEW01/160829949/delphi-mobileye-join-forces-on-autonomous-car-platform#utm_medium=email&utm__source=cdb-michmorning&utm_campaign=cdb-michmorning
AFP. (2016, July 23). Connected, self-driven cars pose serious new security challenges. Retrieved from http://www.bangkokpost.com/tech/world-updates/1042609/connected-self-drive-cars-pose-serious-new-security-challenges
Denehy, K. (2015, June 24). Autonomous vehicles face privacy, security and liability issues. Retrieved from http://gpsworld.com/autonomous-vehicles-face-privacy-security-and-liability-issues/
Fagnant, D.J., & Kockelman, K. (2015). Preparing a nation for autonomous vehicles: Opportunities, barriers, and policy recommendations. Research Part A, 77, 167-181. doi:10.1016/j.tra.2015.04.003
Fox-Brewster, T. (2016, August 4). Hackers fool tesla autopilot into making obstacles ‘disappear’--but don’t panic about crashes yet. Retrieved from http://www.forbes.com/sites/thomasbrewster/2016/08/04/tesla-autopilot-hack-crash#23a74adadc93
General Motors. (2016, March 11). GM to acquire cruise automation to accelerate autonomous vehicle development. Retrieved from http://www.gm.com/mol/m-2016-mar-0311-cruise.html
Hengstler, M., Enkel, E., & Duelli, S. (2016). Applied artificial intelligence and trust-The case of autonomous vehicles and medical assistance devices. Technological Forecasting & Social Change, 105, 105-120. doi:http://dx.doi.org/10.1016/j.techfore.2015.12.014
Help Net Security. (2016, July 25). Industry collaborates on automotive cybersecurity best practices. Retrieved from https://www.helpnetsecurity.com/2016/07/25/automotive-cybersecurity-best-practices/
Help Net Security. (2016, August 24). Researchers design a chip that checks for sabotage. Retrieved from https://www.helpnetsecurity.com/2016/08/24/chip-checks-sabotage/
Institute of Transportation Engineers. (2013). Get involved: Connected vehicle and autonomous vehicle task forces and committees. ITE Journal, 83(12), 35.
Insurance Information Institute. (2016, July). Self-driving cars and insurance. Retrieved from http://www.iii.org/issue-update/self-driving-cars-and-insurance
Jensen, M. (2011, August 19). Security questions abound as autonomous vehicles emerge. Retrieved from https://engineering.usu.edu/news/gerdes-vehicles
Khaliz, A. (2015, November 9). Electric and autonomous vehicle security concerns. Retrieved from http://large.stanford.edu/courses/2015/ph240/khaliq1/
Kiss, J. (2016, March 13). Your next car could be hacked: Will autonomous vehicles be worth it. Retrieved from https://www.theguardian.com/technology/2016/mar/13/autonomous-cars-self-driving-hack-mikko-hypponen-sxsw
KPMG. (2015). Connected and autonomous vehicle: What are the risks and the way forward. Retrieved from http://www.kpmg.com/uk/cyber and https://assets.kpmg.com/content/dam/kpmg/pdf/2015/12/connected-and-autonomous-vehicle.com
Krummert, B. (2016, August 14). Forecast: Driverless cars could help sell more drinks. Retrieved from http://restaurant-hospitality.com/consumer-trends/forecast-driverless-cars-could-help-sell-more-drinks?NL=RH-01_555&sfvc4enews=42&c1=article_2&utm_rid=CPG06
Levin, D. (2014, September 9). GM takes public step into driverless car tech. Retrieved from http://fortune.com/2014/09/09/gm-driverless-car/
Levine, S., Zolfaghari, A., & Polak, J. (2015). Autonomous cars: The tension between occupant experience and intersection capacity. Transportation Research Part C, 5z, 1-14. doi:http://dx.doi:10.1016/j.trc.2015.01.002
Lidar. (2016, July 18). Autonomous vehicle security. Retrieved from http://blog.lidarnews.com/autonomous-vehicle-security/
Lu, C. (2014, December 1). Security of autonomous vehicles. Retrieved from http://www.cse.wustl.edu/~jain/cse571-14/ftp/vehicle_security/index.html
McMillan, R. (2016, September 9). Apple shuts some elements of electric self-driving car project, lays off workers. Retrieved from http://www.wsj.com/articles/apple-shuts-some-elements-of-electric-self-driving-car-project-lays-off-workers-1473475712
Miller, D. (2014, October 16). Securing the autonomous vehicle. Retrieved from http://www.scmagazine.com/securing-the-autonomous-vehicle/article/376470/
Miller, D. (2014, October 28). Autonomous vehicles: What are the security risks? Retrieved from https://www.covisint.com/blog/autonomous-vehicles-what-are-the-security-risks/
Morley. (2016, August 4). Hackers fool tesla s’s autopilot to hide and spoof obstacles. Retrieved from http://www.theessential.online/hackers-fool-tesla-ss-autopilot-to-hide-and-spoof-obstacles/
News 18.com. (2016, August 21). New security protocols could save smart cars from hacking. Retrieved from http://www.news18.com/news/tech/new-secuirty-protocol-could-save-smart-cars-from-hacking-1283873.html
Paul. (2013, October 11). When autonomous vehicles crash, is the software liable? Retrieved from https://securityledger.com/2013/10/when-autonomous-vehicles-crash-is-the-software-liable/
Queenan, J. (2016, August 10). When hackers take over self-driving cars. Retrieved from http://www.wsj.com/articles/when-hackers-take-over-self-driving-cars-1470845413
Shaikh, J.R., & Kate, S.M. (2012). ARM7 based smart car security system. International Journal of Engineering Trends and Technology, 31(2), 210-212. Retrieved from http://www.ijettjournal.org/volume3/issue-2/IJETT_V3I2P227.pdf
Smith, J. (2016, July 22). Driving better application security in connected cars. Retrieved from http://www.itportal.com/2016/07/22/driving-better-application-security-in-connected-cars/
Sword, A. (2016, September 14). Volkswagen launches cyber security company for connected car. Retrieved from http://www.cbronline.com/news/cybersecurity/buisness/volkswagen-launches-cyber-security-company-for-connected-cars-500573/
Sun, Y., Xiong, G., Song, W., Gong, J., & Chen, H. (2014). Test and evaluation of autonomous ground vehicles. Advances in Mechanical Engineering, 6. doi:10.1155/2014/681326
Tannert, C. (2014). 10 autonomous driving companies to watch. Retrieved from http://www.fastcompany.com/3024362/innovation-agents/10-autonomous-driving-companies-to-watch
Thompson, I. (2016, August 24). Boffins design security chip to spot hidden hardware trojans in processors. Retrieved from http://www.theregister.co.uk/2016/08/24/new_security_chip_to_spot_hidden_hardware_trojans_in_processors/
Thubron, R. (2016, September 12). Apple reportedly “reboots” autonomous car project, lays off dozens of employees. Retrieved from http://www.techspot.com/news/66289-apple-reportedly-reboots-autonomous-car-project-lays-off.html
Uchill, J. (2016, July 25). Automotive industry promotes security best practices. Retrieved from http://thehill.com/policy/cybersecurity/289030-automotive-industry-promotes-security-bestpractices
Vaas, L. (2016, August 8). Tesla model s’s autopilot can be blended with off-the-shelf hardware. Retrieved from https://nakedsecurity.sophos.com/2016/08/08/telsa-model-ss-autopilot-can-be-blinded-with-off-the-shelf-hardware/?utm_source=Naked+Security+-+Sophos+list&utm_campaign=b023a3bb1e-naked%252Bsecurity…
Van Hulle, L. (2016, July 18). Mobility magnet. Crain’s Detroit Business, 32(29), 3. Retrieved from http://crainsdetroit.com
Vijayan, J. (2016, July 21). Auto industry ISAC releases best practices for connected vehicle cybersecurity. Retrieved http://www.darkreading.com/vulnerabilities--threats/auto-industry-isac-releases-best-practices-for-connected-vehicle-cybersecurity/d/d-id/1326347
Yagderell, E., Gemci, C., & Aktas, A.Z. (2015). A study on cyber-security of autonomous and unmanned vehicles. The Journal of Defense Modeling and Simulation: Applications, Methodology, Technology, 12(4), 369-381. doi:10.1177/1548512915575803
Yan, C., Xu, W., & Liu, J. (2016). Can you trust autonomous vehicles: Contactless attacks against sensors of self-driving vehicles. Retrieved from https://www.documentcloud.org/documents/3004659-DEF-CON-whitepaper-on-Tesla-snesor-jamming-and.html and https://assets.documentcloud.org/documents/3004659/DEF-CON-whitepaper-on-tesla-sensor-jamming-and.pdf