Is Self-Driving Technology a Collision Course With IT Security?
Americans love cars. Building, repairing, crashing — and driving — are all part of iconic American culture. But according to 24/7 Wall St., there’s some good news for the self-driving technology market: A recent survey found that more than 60 percent of respondents said they are “somewhat or very positive” about autonomous cars. Meanwhile, as noted by Inhabitat, the federal government has now laid out its first set of automatic automobile guidelines in an effort to “regulate the self-driving car industry without suffocating innovators moving the technology forward.”
As a result, consumers should expect driverless vehicles on the road sooner rather than later, but beyond passenger safety, there’s a potential collision course here: Can computer-aided cars navigate the need for solid IT security?
Occupant safety remains a problem. As noted by The Next Web, a Google self-driving Lexus was recently damaged when another vehicle ran a red light. While the other driver was at fault, the optics still aren’t great for autonomous autos. And that’s not all: Computer Weekly notes that in May 2016 a driver was killed when neither he nor the autopilot of his Tesla noticed a white truck crossing the road. Travelers looking to tap Uber’s new self-driving service were required to sign a waiver that, according to Gizmodo, absolved the company of liability for “death, serious injury, and/or property loss.”
Bottom line? Although hands-free handling is getting better, it still struggles in urban areas, especially when the unexpected occurs.
It’s no surprise, then, that as companies look to raise the profile of urban self-driving tech, more industry-focused highway and worksite-based autonomous vehicles are enjoying significant gains. According to Business Insider, for example, the Google-led Otto truck initiative already has 50,000 pound semi trucks on the road with human drivers only along in case of emergency. The Center for Technology Innovation at Brookings notes that commercial trucking is on a path to “quick adoption of autonomous vehicles.”
Securing the Future
Based on current industry trends, government interest and changing consumer attitudes, it’s not hard to predict the trajectory of self-driving technology: Industry first, then cabs and buses, then individual vehicles. But solving for safety isn’t the only challenge here: As noted by Technology Review, hackers have had no trouble breaching vehicle network security to take control of a car’s engine, breaks or, according to Engadget, steering wheel. Why? Because autonomous vehicles are on the IoT spectrum — connected devices which so far put speed-to-market ahead of network security, in turn opening big gaps for interested attackers.
Consider this: According to Computerworld, Microsoft plans to connect the new Renault-Nissan self-driving vehicle through the cloud. No matter the individual security of each layer here, this is a multi-stage path — from the car, to the manufacturer’s network to cloud provider, which may farm out some tasks to other apps or services. The result? A host of entry points for hackers.
So how do car companies and tech providers ensure a secure future for self-driving cars? Two things: standardization and information-sharing. Whether government regulated or privately developed, InfoSec standards for autonomous vehicles are essential; they provide a minimum benchmark that companies must hit before releasing their products into the wild and pave the way for vehicle-specific security products. Information sharing is just as critical. While the car manufacturing industry is notorious for keeping spec and tech data close to the chest, this simply won’t work in a self-driving world. Even with drivers still able to take control as needed, hacks remove valuable response time and open the door to serious crashes and massive legal challenges. Better bet? Share threat and network data to smooth the road for everyone.
Self-driving cars are coming, but their IT security isn’t up to speed. Expect a rocky road until companies slow down, draft standards and start sharing.