29 March 2019

Why AV Safety and Cybersecurity Need to Be Pursued in Tandem

by Marjory S. Blumenthal

Safety and cybersecurity are generally pursued by separate teams within AV companies—leaving them in silos that exacerbate the significant challenges of each, and ignore the fact that they both fundamentally protect drivers and passengers from harm.

Why it matters: As cars become increasingly complex, modifying one aspect of the technology could create an unexpected vulnerability in another feature, making it crucial to develop safety and cybersecurity as integrated systems.

Safety: We know that traditional vehicles are safe because they conform to industry standards, regulations and engineering best practices. This can cover airbag systems at one end of the spectrum, and ADAS emergency braking features at the other.
AV standards have yet to be created, so AVs can't demonstrate compliance the way traditional vehicles do. A standardized framework, which could involve simulations or real life driving tests, is needed to measure how safe AVs are.


Cybersecurity: Concerns about vulnerabilities in vehicle electronics predate modern AVs, yet even as connected vehicle technology and automated driving features become more popular there is no international standard governing vehicle cybersecurity.
The International Organization for Standardization is currently working on cybersecurity standards for vehicles.

A joint approach to standards could optimize safety and cybersecurity and reduce overall risks to AV operation. Vulnerabilities already evidenced at low levels of automation point to the multitude of threats highly automated vehicles could face, especially where their systems intersect.
Cyberattacks can take many routes (PDF) into a car, including bluetooth-enabled systems and cellular radio. Adding network-based features and software will likely add vulnerability.
Traffic signs can be misread by AVs (PDF) in dangerous ways, and hackers could intentionally make a vehicle misinterpret a stop sign, for example—an attack that would compromise cybersecurity and safety features simultaneously.

The bottom line: The teams developing these systems should be collaborating on this challenge. Improving public trust in AVs, which remains low, will require delivering on promises in both of these critical areas.

Marjory S. Blumenthal is a senior policy researcher at the nonprofit, nonpartisan RAND Corporation.

This commentary originally appeared on Axios on March 20, 2019. Commentary gives RAND researchers a platform to convey insights based on their professional expertise and often on their peer-reviewed research and analysis.

No comments: