Recently the US congress released an updated version of the bipartisan draft of a new autonomous vehicle bill (unfortunately now halted by the COVID-19 crisis), and interestingly, cybersecurity is emphasised in the new parts of the bill. How come? May it be related to the heading of this text?

No doubt, most consumers are familiar with the term cybersecurity and that it is related to their interactions with information technology. Also, most consumers are familiar with some of the different types of external attacks that the cybersecurity is exposed to, for example, Phishing, Denial of Service or Identity theft attacks.

Looking further at industrial, infrastructure or institutions, cybersecurity related awareness is even stronger. Great care and a lot of effort is taken to protect their computer systems from external attacks and for many of the most critical systems (for example nuclear power plants) the cybersecurity is an issue for the Department of Homeland Security. Then, should the automotive cybersecurity likewise be an issue for the security of the nation?

One may think that automobiles have been operating for quite some time now. For more than one hundred years actually and with no such concerns. So ok, they have become more computerized lately, but, an issue for the homeland security, really?! And even so. If a cyber-attack is performed on one individual infotainment system of a to a certain extent autonomous vehicle, the safety issue would be considered as quite local, right? That’s not really national, huh!?

I hear you. But consider this. More and more will modern cars get their software updates through over-the-air platforms, which indeed is a useful capability to fix software related functionalities for automobiles. But it also opens the door for remote cyber-attacks. “Hackers Remotely Kill a Jeep on the Highway—With Me in It”, by Andy Greenberg, confirms this door opening. Though, still a local security issue.

But what if a cyber-attack is performed through the over-the-air platform, where a buggy software update is uploaded to millions of cars simultaneously making a fleet of autonomous cars or trucks into an army of adversarial robots? Then we are talking about an issue for the homeland security, something that was highlighted by Israeli experts recently. However, from their perspective there is a difference in the threat landscape between Europe and US on the one hand and Israel on the other. “Hacking there may well be a ransomware attack, for example seizing control of 10,000 cars belonging to a rental company and asking for a ransom to release them. But the situation is different in Israel. We are in a country in which hackers are trying to attack our water infrastructure, shut down ports and seize control of security facilities to terrorize the public. To be honest it is surprising that they have so far not tried to cause accidents in military cars. It’s unclear whether this is a result of their lack of technological capacity or just luck.”. 

Written by Joakim Rosell