Why automotive cybersecurity needs to go beyond IT-based security
The automotive industry is certain that it can produce IT-enabled, self-driving cars that will all but eliminate the tens of thousands of accidental deaths that happen every year. But the majority of Americans are in no rush to trust their family’s safety to automobiles that can be hacked.
“We know and the public knows that we can design systems that function far better than human drivers,” said Harry Lightsey, executive director of emerging technologies policy at General Motors. “But we face a very apprehensive public.”
Lightsey, who spoke during a D.C. CyberWeek panel session Oct. 18 on the future of automotive cybersecurity, acknowledged that part of the challenge facing the industry is the lack of a standard baseline for assessing automotive cybersecurity as it applies to vehicle safety.
“There is no baseline … in cybersecurity [testing for autonomous vehicles]. And there’s no point in trying to pursue that” when the pace of threats and vulnerabilities will force any such baseline will shift and change on almost a weekly basis, Lightsey acknowledged.
Jackie Glassman, the co-head of the Automotive & Transportation Practice at King and Spalding and a former acting administrator of the National Highway Traffic Safety Administration, agreed that the industry is moving so fast that most of the existing safety regulations don’t apply to what many would like to see become a nationwide self-driving ecosystem.
“Technology has outpaced the regulations,” Glassman said. “Most of our regulations in car safety are written around mechanical devices — around cars the way they used to be. Those regulations don’t translate very well to the new structure.”
Just what is that new structure? First, although the terms are often used interchangeable, self-driving cars are not the same as connected cars. Many Americans currently enjoy the benefits of owning a connected car, one equipped with internet access for entertainment systems, vehicle health reporting, GPS services and even in-car apps.
Self-driving cars, on the other hand, are outfitted with an army of sensors, artificial intelligence and significant computing power that will require a vast IT-enabled road and transportation infrastructure to ensure safety and reliability. All of the panelists at the D.C. CyberWeek event acknowledged it’s a tall order.
But Moshe Shlisel, CEO of Guardknox Cyber Technologies, thinks he has some of the most challenging technological aspects of self-driving car safety and security figured out. The company’s “communication lockdown” approach is the same cybersecurity approach used by the Israeli Air Force to secure the F-35 and F-16 fighter jets.
“The car can be connected, but the protection should be deterministic,” Shlisel said. “We are using a methodology that we have implemented in fighter jets…it’s a completely different approach that is based on security systems that are not continuously connected to the internet to obtain signatures,” he said. “Most other automotive security firms are focusing on IT-based security methodologies, such as encryption. But you can hack a car below the encryption systems. The heads-up display unit that you have today can be penetrated from the outside.”
The modern connected vehicle can have up to 10 different networks, 30 million lines of code, and between 100 to 150 automotive computers all communicating using various protocols. The automotive security challenge is to orchestrate network connectivity among the networks, as well as in-between the vehicle and the external environment in the most secure manner possible in order to ensure the safety of the vehicle as a whole.
The company’s lockdown method is completely agnostic to attacks, enforcing authorized communications. In addition, it focuses on consolidating the number of processors and systems so that there is room for redundancy — a critical component in airline safety.
“Every mission critical system [in airplanes] has three backups. Yes, the price point is completely different, but what we are working on right now is a completely different architecture that will provide full redundancy for every system in the vehicle,” Shlisel said. The redundancy and resilience challenge seem to be the key obstacles to overcome before self-driving car technology is accepted by the public.
“If you look at the number of fatalities from car accidents in the U.S., it’s comparable to one Boeing 787 crash every week,” said Shlisel. “That’s the math. Nobody would fly if those were the fatality statistics. How many of you would buy a [self-driving] car that works only 98 percent of the time? Which means you hit the brake and the car identifies that action as an anomaly, which means you’re not going to stop. For safety, IT security is not sufficient.”