Constant Security Upgrades a Fact of Driverless Life, Says BlackBerry

Cyber-security has become a key topic at virtually every auto industry event with many discussing worst-case scenarios for what would happen if a vehicle were to be overtaken.

There are environmental elements outside the vehicle that could pose an equal threat, especially as cities become smarter and more connected. Jim Alfred, general manager and vice-president of BlackBerry’s Certicom product group, thinks the solution will be to limit the applications that can interact with traffic control systems.

If it’s controlled via wi-fi, for example, that could pose a greater threat if the wi-fi connection is not strongly secured. By limiting access, and by authenticating the communications on the backend, potential problems are much less likely to occur. “In that realm it’s a little bit more straightforward – how you secure it – because your requirements aren’t growing leaps and bounds as they are in the automotive side of the world,” said Alfred. “That’s not to say you don’t have challenges and potential exposure. Someone might figure out how to hack into your network and how to inject signals into the control point. I think it’s more of an enterprise security scenario, where the same kind approach is going to be taken to a lot of smart city infrastructures.”

Staying up-to-date

Alfred expects automakers or fleet managers to take responsibility for maintaining vehicle security, particularly with the advent of over-the-air (OTA) updates. He sees it as both a tool for security and for updating vehicle functions that adds value to the end user. He anticipates that carmakers will be less interested in doing likewise for smart cities, even if the technologies work to their benefit.

“Infrastructure is clearly not their problem,” said Alfred. “Infrastructure is clearly a shared, common piece of the road that is going to have to be cared for by governments and cities. If IT departments can’t deal with the new technology, it might be a network management company that takes care of the suite of equipment that the city or roadway needs to manage. I think that’s a fairly logical solution.”

Price is a critical factor – automakers and governments may not be interested in using an OTA platform if the costs remain high. Alfred doesn’t think this will be an issue, however, because there are a growing number of companies entering the space. With so much competition, the price will eventually reach an affordable level.

Driving in the Wild West

Smartphones have made it easy for passengers to ignore where their taxi, Uber or Lyft is driving. Passengers may be equally distracted in an autonomous vehicle, which could be problematic as the car passes through and into different environments.

Imagine AVs venturing away from smart, highly connected cities and into territories where they may not have access to the same networks and features. Or, perhaps even worse, what if there is a distinct divide between cities that are secured versus those with weaker security? Will passengers even be aware as the vehicle takes them to their destination? “Will the car have a warning light that says, ‘You’re entering the Wild West zone,’ where they don’t have good security or patches?” Alfred questioned. “I would say ‘No’ unless there was a dashboard published by the city and infrastructure provider.”

Alfred isn’t sure any city would be willing to admit their level of security because it could pave the way to potential lawsuits, particularly if a vehicle is hacked within the city limits. “I don’t think they would publish a dashboard that would let an autonomous vehicle know they’re not running at the proper patch level,” he said. “If they can do that, the obvious question would be: why wouldn’t you patch it?” To counter this, Alfred thinks automakers might simply choose to turn off their cars’ infrastructure features in certain environments until they reach a higher level of connectivity or security.

Risky repairs

One of the biggest risks of autonomous vehicles could involve what happens once the car is left with a mechanic. How can you honestly trust any of the new components being used? Also, what about those who gain access to your vehicle – can you trust them?

As automakers build out their vehicle architectures, Alfred said it is important to look at the new kinds of communications that will be allowed in their automobiles. “The guy doing vehicle repair – can he get at the system in any way?” he questioned. “What about someone who has physical access? If not, can he somehow get remote access and take over something? How do you mitigate the risks of that?”

Those risks will, inevitably, change the way vehicle components are produced and distributed. It won’t be enough for a repair shop or even a dealer to simply claim their parts are safe – they are going to have to prove it.

Leave a comment

Your email address will not be published. Required fields are marked *