In a V2X World Street Furniture Poses Cyber-Security Risks

Cyber-security has become a hot topic following several incidents that proved existing, barely-connected vehicles are not 100% safe.

It has amplified the concerns for how automobiles will be protected when they are fully connected and even more so when they are autonomous.

This problem is not limited to the cars themselves, however. Jennifer Tisdale, director of connected mobility and infrastructure at Grimm, a cyber-security research and engineering firm, is more concerned about the security of the environment in which the vehicles operate. “We’re spending a great deal of time and effort to create smart cities,” said Tisdale. “Urban planning is starting to evolve with technology integration, whether it’s connected roadways, signage, etc. Anything that has embedded code is going to open up a new risk. As we start to talk about V2I or V2X, we have to look at who’s monitoring the infrastructure.”

Tisdale has confidence in the auto industry and how it is handling security during the research and development phase. She’s looking to the US Department of Transportation, as well as National Highway and Transportation Safety Administration (NHTSA) and the Federal Communications Commission, to get involved in this conversation sooner than later. “Everything with connected infrastructure is probably going to have a satellite-connected component to it,” she said. “We certainly need to have all other industries paying attention to this as well. This is not just an automotive problem anymore.”

Not all cyber threats are focused on machine disruption. Malicious threat actors could be looking to unearth personally identifiable information that’s being stored within a car or mobility app. Tisdale believes that consumers should always be in control of that info, even if the choices are limited to ‘accept and purchase’ or ‘decline and drive something else.’ “Feedback is going to drive what the industry does,” said Tisdale. “Nobody is going to implement technology if you’re not going to buy it. As consumers we need to be very outspoken for what we are and aren’t willing to trade away for convenience.”

Easy hacks

When discussing cyber-security, Tisdale acknowledged that some of the questions will remain unanswered for the time being but she noted the dangers of allowing hackers to flourish in the interim. Vulnerabilities, no matter how small or seemingly insignificant, should not be ignored.

“If I’m the hacker, I would want to look at the easiest way into the vehicle,” she said. “How can I most easily gain access into the network? Oftentimes that is going to be the environment – the connected streetlights, the connected signage. Those sensors are going to communicate with the vehicle to say, ‘Hey, you’re veering.’ It would be a much easier process for me to hack into the road signage than the vehicle itself.”

She added that while she does not want these risk factors to scare people, they do need to be recognized if we’re going to have smarter, more convenient city developments. “We’re certainly going to have to be diligent as a community to make sure we are paying attention to security forever,” said Tisdale. “This isn’t ‘one box gets checked’ and we’re good. This is going to be the new vehicle maintenance. The same is true for infrastructure and it’s going to be more than putting a padlock on a box that’s on your streetlight. For roadway connectivity, they’re going to have to be more proactive than that. Certainly, the best safeguard is to be prepared, to have an incident response plan in the event it does get breached and be diligent with the surveying and monitoring of the equipment.”

Mechanical error

Attaining customer acceptance could be difficult when considering the high expectations that consumers will have for connected and self-driving vehicles. It may not be enough for them to simply avoid most accidents.

“As a consumer I think we’re far more forgiving of human error than we are of mechanical error,” said Tisdale. “We always want to point the finger and say we’re going to sue this company or somebody has to be liable. I’m not saying that’s wrong but it’s human nature. We expect our machines to be error-proof and so any time there is a fatality, it’s going to set the progression of this back significantly.”

Tisdale dismissed the notion that autonomous vehicles should avoid regulation to prevent them from being over regulated. “Otherwise it’s pure chaos,” she warned. “We have to have the parameters fixed and we have to look to our friends in Washington, D.C. for that type of guidance. There is a reason to have redundancy in testing and extra security measures. If you don’t you are now at risk for all of these other incidents – fatalities, accidents and glitches in the software code. You want to iron out as much of that as possible in advance and continue to do so throughout the lifecycle of the vehicle.”

Leave a comment

Your email address will not be published. Required fields are marked *