Don’t Ask Consumers to Pay for Cyber-Security, Says Ford

Cyber-security companies are lining up to service automakers in the years leading up to autonomous deployment.

They’re busy preparing a wide spectrum of solutions that are all but guaranteed to add to the cost of the vehicle and, in turn, increase the price consumers pay. Yet, Mike Westra, in-vehicle cyber-security technical manager at Ford, disagrees with the notion that consumers should pay more. Likening cyber-security to the many safety features that have been added to modern automobiles, he expects automakers to take care of this issue.

“There have been a lot of start-ups that have said, ‘Hey, you’ll just charge folks extra for cyber-security  and people will willingly pay for it,’” said Westra. “I think part of where we’ve challenged that is, no, it’s really the same as safety. You don’t charge consumers more for safety or security – it should be part of the base vehicle. I don’t think charging folks extra for cyber-security is going to be a realistic option for OEMs.”

Westra doesn’t anticipate a security model that looks anything like the consumer device world, where Norton, McAfee and others annoy users with endless subscription notifications. “You’re not going to have a Windows model where everybody is running Windows in their automobile,” he said. “I don’t think people would want that necessarily either. That’s why I think security is going to fall on the automakers and, in discussions with the Department of Transportation and NHTSA, they pretty much had that same position, where it’s very similar to functional safety and they view cyber-security as part of the automaker’s responsibility.”

Disruption, not destruction

The worst possible automotive hack theories take the lion’s share of headlines, roundtable discussions and conference presentations but that might not represent the future carmakers and fleet managers will face. In reality, malicious threat actors are likely to be after a quick buck and that may not have anything to do with harming the vehicle or its occupants.

“What you’ve seen with ransomware is that they tended to target organizations where they want a larger pay-out, whether it be a school system or hospital,” said Westra, explaining that it wouldn’t take much to interfere with a fleet. “It doesn’t even have to be the physical vehicle. It could be their fleet telematics or their users’ ability to use their cellphone to deliver the vehicle. Anyway to disrupt their day-to-day operations or business could, in theory, be used for ransomware.”

One area that could be a cause for concern is still in its infancy: teleoperation. Ford tested the concept with golf carts but Westra wasn’t terribly impressed by the results. “It worked okay on a college campus but I’m still very skeptical, even in the magic world of 5G, that the latency and the handoff and everything else, would make that a functionally safe alternative,” said Westra. He added that the concept might work if it is limited to minor adjustments, such as repositioning a vehicle when pulling up to a curb to pick up passengers.

“If you’re literally going to have somebody driving down the road remotely, I think there’s a lot of thinking, both on the security and functional safety side, in terms of, ‘How do you ensure that the cellular network has the redundancy to make that a reasonable choice?’ I don’t know that it really exists in its current incarnation.”

Avoiding the dealer update

Westra acknowledged the frustration that consumers have with the current recall system, where even something as simple as a software update could mean a time-consuming trip to the dealer. It’s a problem that over-the-air updates are expected to mitigate but what about the long-term needs of driverless cars?

He said current AV test vehicles are being updated on a near daily basis. Updates include map data and road information, as well as construction zone details. With more updates comes new risks – the same risks that plague tech devices when new, imperfect software is released to an unsuspecting public.

“For consumer-driven vehicles, I could certainly predict that you would see bi-annual, or whatever the case would be, new updates,” said Westra, indicating that frequent updates won’t be a problem drivers will have to worry about anytime soon. “For an autonomous vehicle there are a lot of open questions. What will the ownership or insurance model even look like? Will end consumers own them because of maintenance and calibration and how will that even work?”

He added that we will enter a different reality when fully autonomous vehicles arrive but frequent updates could still be necessary for vehicles achieving Level 2 or Level 3 capability. In those instances, the driver would still be very involved in the experience, so the goal would be to encourage users to turn on automatic updates without forcing them to do so.