Argo AI, owned by Ford and Volkswagen, is a self-driving technology platform company which recently have released their safety report presenting a high-level summary of their safety activities. Mainly the report is built on Argo’s three top-level safety claims (as well as samples of sub-claims), being:
- The AV is acceptably safe during autonomous operations.
- Argo AI’s continuous improvement process ensures the proactive and continued advancement of safety.
- Argo AI fosters a safety culture throughout the entire safety lifecycle.
In the report there is a section dedicated to cybersecurity where the company’s approach to how to handle data, laws, regulations, and guidelines, are presented. The report also underlines that their approach to cybersecurity is guided by “The Five Functions of the Cybersecurity Framework – NIST” developed by the U.S. National Institute of Standards and Technology (NIST), namely: identify, protect, detect, respond, and recover. Which they apply to all aspects of corporate cybersecurity and product cybersecurity.
For corporate cybersecurity: efforts focusing on operational infrastructure are being applied, where programming code, workplace, employees, and corporate data are intended to be secured.
For product cybersecurity: the vehicle cybersecurity is part of a secure development lifecycle including:
- Security in design through identification of threats and analysed attack surfaces
- Security in implementation and verification to ensure that code has not been altered or corrupted
- Security in deployment and maintenance to ensure the authenticity and integrity of updates and changes.
For data privacy: public key infrastructure and onboard cryptographic devices are deployed to protect the vehicle from any unauthorized deployment of code or data. Also, all gathered personal related data are encrypted and cloud providers are also leveraged to store data encrypted.
According to the report Argo AI adheres to different relevant national and international standards and certification. Both for their US and Germany located headquarters, as well as for their product security lifecycle activities.
Argo also serves as a member of the Advisory Board for the Auto-ISAC. (AutoSec newsletter wrote about Auto-ISAC a few weeks ago, w06.)
Well, there is of course an aspect of a marketing purpose by Argo AI releasing such a report. Nevertheless, the mindset of aforementioned cybersecurity awareness is probably something that more businesses could consider.
Written by Joakim Rosell