Cybersecurity for autonomous vehicles and intelligent transportation systems

Self-driving cars are no longer confined to the realms of science fiction and fantasy. Today, thanks to companies like Tesla, connected and autonomous vehicles (CAV) and intelligent transportation systems are gearing up to transform the automotive industry.

The Autonomous Vehicle Industry Association (AVIA) states automated vehicles will dramatically improve road safety. Spanning passenger vehicles, lorries, and zero-occupancy delivery vehicles, other reported benefits will include:

• reduced emissions
• easier deliveries
• billions in related economic growth
• creation of thousands of jobs
• more efficient supply chains
• reduced congestion
• increased mobility and reduced dependencies for older people and those with disabilities.

AVs rely on technologies including artificial intelligence, machine learning, robotics, sensors, processors, actuators, and complex algorithms. Listed as levels 4 and 5 on the SAE Levels of Driving Automation scale, they are distinct from ‘driver-assist’ vehicles. Instead, they perform the entire driving task. While this brings with it many benefits, it also creates unique vehicle cybersecurity risks.

What cybersecurity issues are associated with autonomous vehicles?

Connected cars and vehicles depend on complex technological and infrastructural ecosystems and control units to function effectively. As a result, cybersecurity challenges extend from the vehicles themselves to all components used within their supporting, connected infrastructure to related Internet of Things (IoT) devices. This, in turn, increases the number and variety of attack surfaces – from cyberattacks to software and hardware defects to accidental defects introduced by tech providers.

Successful attacks can impact the decision-making systems of autonomous road vehicles, from controlling braking and acceleration, to disabling safety mechanisms such as airbags and door locks. Forced access and malicious code can affect control panels, maintenance, repair and operations (MRO) programmes, and GPS software.

Some of the most common cybersecurity threats and issues – which can damage mechanical and information technology systems – linked to self-driving vehicles include:

• V2V and V2I communications. Vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) rely on secure methods of communication to prevent eavesdropping or spoofing attacks.
• privacy of personal data. Huge data sets are required to support autonomous driving technologies. The volume of data generation and analysis – including sensor data and geographical location data – increases the likelihood of security vulnerabilities and compromised passenger information.
• human-machine interface (HMI). HMI attacks work to deceive passengers and manipulate their perceptions of the CAV’s decisions and behaviour.
• remote hacking. Hackers can access vehicle systems remotely as well as locally. This poses a critical threat to the vehicle’s functions and on-board systems (alongside its data).
• software vulnerabilities. AVs rely on all types of complex software to enhance capability, performance, and self-driving experience.
• over-the-air (OTA) software updates. Wireless ‘over-the-air’ delivery of software, firmware and data enables vehicle operating systems to function. However, if not properly secured, this can introduce destructive, malicious software.
• regulation and compliance. Manufacturers of automated vehicles must ensure that their products comply with legal cybersecurity standards and regulations – such as ISO 21434 and UN WP.29.

Cyberattacks such as these pose serious problems for passengers and original equipment manufacturers (OEMs) alike. As well as the injury and death these attacks could cause, there can be severe consequences for information security, personal safety, and financial and reputational damage. Because of this, cybersecurity must be a top priority for vehicle manufacturers and supply chain partners.  

How can we protect autonomous cars from cyberattacks?

Ensuring CAVs are safe from automotive cybersecurity threats is an ongoing process – and one which will need to evolve in line with the changing, increasingly sophisticated methods used by hackers and threat actors. So, how can autonomous motor vehicles be safeguarded from threats designed to exploit autonomous driving?

Robust strategies, techniques and practices must be built into every element of CAV technology, infrastructure and security management systems:

• Secure software and firmware – that is regularly patched and updated
• Network and system security – featuring components such as anti-malware systems, firewalls, encryption, access control and authentication protocols, and real-time intrusion detection
• Secure data communication – that ensures any data transmitted between the vehicle and IoT devices and systems is impenetrable
• Security assessments – such as penetration testing that helps to identify security vulnerabilities.

There are also other methods that could help to protect autonomous vehicles and the wider transportation sector. The IEEE (Institute of Electrical and Electronics Engineers) state that: “the tamper-resistant nature of blockchain makes it ideal for protecting AVs and their passengers.” Its secure data log means sensitive information would be better protected, and it could also be helpful in determining injury and accident liability (which is also a CAV-related concern).

What is the ICAO cybersecurity framework?

The International Civil Aviation Organization (ICAO) cybersecurity framework provides structured guidelines and principles to identify, assess, and mitigate cyber risks in the aviation industry. It aims to ensure the safety and resilience of critical aviation technologies from cyber threats and attacks, with a specific focus on systems and data. The framework highlights the need for relevant stakeholders – such as governments, tech organisations and policymakers – to work together in the interests of protecting aviation systems.

How does the framework relate to connected vehicles? Both aviation and ground transportation share a number of cybersecurity best practices, and the lessons learned in one can help to increase the integrity and resilience of the other.

Learn how cybersecurity helps protect against critical IT infrastructure vulnerabilities

Equip yourself with expertise in the tools and techniques used to help organisations protect their IT infrastructure with Abertay University’s online MSc Computer Science with Cybersecurity programme.

If you’re looking to develop in-demand threat mitigation skills – with relevance that spans all industries – our master’s-level computer science degree is the answer. Alongside specialist knowledge of cybersecurity, your flexible studies will cover a wide range of information technology fundamentals: web development, emerging technologies, databases, computer structures and algorithms, networking, and more. Plus, you’ll learn in a highly flexible way that suits you, with 100% of learning taking place online and at your own pace.