Old Fashioned Trust Still Biggest Challenge to Connected Autonomous Vehicles

Thales says, globally, there will be 75 million vehicles with autonomous capabilities by 2035.

However, to reassure the users of the vehicles, as well as to increase uptake of connected and autonomous vehicles, along with efficient connectivity has to come stringent cyber-security. Trust is key to their development, including in how the data from the vehicles is processes, analyzed and used. The company also claims that a revolution is underway in the automotive market. It believes it’s an unprecedented one that involves technological, societal, and competitive change to the extent that the traditional car is becoming a truly connected object. With this connectivity the car or any other connected vehicle type is “gradually offering new functionalities such as the possibility to alert the driver to danger, detect drowsiness or connect a smartphone to the onboard computer”.

This connectivity and interconnectivity involve “the real-time exchange of data between the vehicle, the user and their environment opens up a whole new world of services”. The interconnectivity comes in the guise of the vehicle-to-everything (V2X) infrastructure, whereby the vehicles and infrastructure such as traffic lights communicate with each other as part of a system of advanced assisted driving solutions, shared mobility, autonomous driving, and the fast-growing electric vehicle (EV) ecosystem.

For now, the focus isn’t so much on autonomous vehicles – despite the increasing connectivity of vehicles. Thales says autonomous capabilities of vehicles are at level 1 or 2, maximum. A spokesperson from Thales adds: “As this connectivity already exists, major challenges must be overcome before we see full autonomous vehicles on our roads. These include securely integrating advanced diagnostic platforms, open Internet protocols, entertainment systems, Electronic Control Units for vital functions, remote warning systems, connected surveillance systems and ensuring that strongly protected keys authenticate each and every onboard system.”

Cyber-security: inevitable and vital

Thales views cyber-security and data protection as being both inevitable and vital. The benefits of connected and autonomous vehicles nevertheless include the development and introduction of new services, which can include telematics, and the installation and updating of firmware-over-the-air (FOTA), or infotainment and e-Call services. The firm finds that “the customer acceptance towards in-car connectivity is very high as it’s allowing more convenience and facilitating user-experience”.

Speaking about trust, Evgeniya Ponomareva, senior business development manager, KasperskyOS team warns: “From the moment when the vehicles become connected, we face cyber-security issues. IT systems and technologies can influence both the safety and the cyber-security of the vehicles. We have to be very careful when we develop new systems and implement new features because we have to keep in mind that the exploitation of these technologies by cyber-criminals could cause harm to drivers and passengers.”

She adds that if a hacker were to penetrate a vehicle’s IT systems, a car engine could be turned off or absolute control could take of the car remotely. For this reason, she stresses: “The role of cyber-security technologies is becoming more and more important.” This requires the stringent application and development of cyber-security standards and regulations such as UN Regulation 155, ISO21434, and ISO26262, which are standards for safety and cyber-security engineering.

Ponomareva goes on to explain: “The new cyber-security regulation requires the OEMs and suppliers to analyse and manage cyber-security risks of the ecosystem. In particular, for the ADAS system you should understand the connections with other systems, such as cameras, lidars, mobile apps, vehicle infotainment or telematics systems. You have to develop your system in a way it becomes secure-by-design. You should implement cyber-security into the systems from the very beginning. Then you should provide safe and secure updates over the air for electronic control units (ECUs).”

That said, given the importance of cyber-security, is its development and that of connectivity a revolution or an evolution; and what are the risks of not getting it right? Thales views vehicle connectivity as an evolution for car manufacturer rather than a revolution. Vehicles such as cars are fast becoming ‘software on wheels’, which the firm believes is a real revolution in design, conception, manufacturing and maintenance approaches.

The challenge of connected cars

Thales says the challenge of connected cars is twofold: maintaining high-quality connectivity in all circumstances and ensuring data protection and the security of critical systems while defending infrastructure against intrusions. Its spokesperson adds: “There are significant and growing security risks as each point of connection become a potential portal for hacking that can threaten vehicle safety, driver and passenger privacy, and data integrity. Over the past decade, the number of automotive cyber-security incidents has increased dramatically.”

This demands better cyber-security, which is no longer a ‘nice-to-have’ as it is essential to vehicle safety, data security and data protection compliance. With safety being top-of-mind, a priority for car manufacturers and suppliers are working hard to achieve seamless connected vehicle security. “Cyber-security and data protection are both inevitable and vital to avoid serious hacking issues, like remote control of vehicle at distance, blocking fleet against ransomware, robbing cars using digital mechanism like relay attacks, etc.,” say the firm’s spokesperson.

Ponomareva argues that if automakers and suppliers are compliant with the latest cyber-security regulations and standards, and implement the latest cyber-security technologies, consumers are more likely to trust them. She adds: “For fully autonomous vehicles it’s also vital to apply cyber-security measure to V2X systems as they are part of the ecosystem, delivering vital information to the driver through the infotainment system (such as alerts about speed limits, etc.). V2X systems can also distribute information and communicate with other vehicles, road infrastructure, pedestrians, networks. So, protecting the system and communications becomes the essential task for the manufacturers and all suppliers.”

Enabling consumer trust

So, how should the connected and autonomous vehicle ecosystems ensure that they can enable consumer trust with connectivity and security? Thales argues that trust is a matter of brand imaging, and so it is in the interests of carmakers and Tier 1 suppliers “to inspire confidence and trust in their connected car offerings if they are to penetrate this promising and growing market”.

This requires them to master the available technologies “to design connected cars to leverage advanced security systems and lifecycle management solutions that will enable them to meet the requirements of the future”. The company adds that the automotive industry is aligned to create a framework to guide “a best-in class cyber-security implementation” and claims that UNECE WP29 and ISO 21434 regulations on car cyber-security “are paving the way to establish the first ever harmonized security performance and audit requirements for car manufacturers”.

The goals are to manage vehicle cyber risks; secure vehicles by design to mitigate risks along the value chain; detect and respond to security incidents across vehicle fleet; provide safe and secure software updates and to ensure vehicle safety is not compromised by introducing a legal basis for OTA updates to onboard vehicle software. The spokesperson concludes by suggesting the challenge for the automotive industry is to provide optimal security for the connected vehicle, while complying with future regulations and standards. By doing so they will enable trust in the connected and autonomous vehicle, regardless of whether it is an actual revolution or not.

Leave a comment

Your email address will not be published. Required fields are marked *