Recently NRMA stated Australia’s relationship with the car will change dramatically within the decade. The 86-page report identified various levels of government as the instigators of change implementation, rather than the automotive industry.
Grant Cameron, Automotive Sector Leader at Deloitte, said the paper cited the government needs to be an instigator of:
- Developing a holistic mobility policy for the future
- Finalising legislation for trials of autonomous vehicles
- Government should invite OEMs to run citizen-focused autonomous vehicle trials
- Local governments should promote car sharing
- Federal Government should abolish Luxury Car Tax as the tax provides a disincentive to buying certain electric vehicles.
“The automotive sector will see a lot of change in coming years,” Mr Cameron said.
“Most say different mobility and ownership models will be made available by technology fuelled by society’s will to find solutions for fast paced urban environments, future cities and social conscious generations who interact with the ‘now economy’.”
A Deloitte summary, titled The future of mobility, says that as the future of mobility offers potential growth and new sources of value creation, it presents new types of risk.
“The very innovations that aim to enhance the way we move from place to place entail first-order cybersecurity challenges. And the dangers that promptly come to mind – such as hacked autonomous vehicles crashing – only begin to scratch the surface; indeed, they may not even represent the most likely or high-stakes threats.
“Shared vehicles could hold data from hundreds of unique users, making them a ripe target for digital thieves. Connected and increasingly autonomous vehicles may provide new opportunities for malicious ransomware. And as mobility managers take the hassle out of travel by managing end-to-end trip planning, they could gain an increasingly holistic view of people’s lives, including where they go, when, and for what purpose, accumulating data and raising the stakes even further.”
According to Deloitte, the path forward should incorporate a comprehensive approach to cybersecurity that makes connected vehicles and the associated ecosystems secure, vigilant, and resilient.
“This likely involves a radical change to how organisations address cybersecurity:
Secure. Establish risk-focused controls around the most sensitive assets, balancing the need to reduce risk while also enabling productivity, business growth and cost optimisation.
Vigilant. Develop monitoring solutions focused on critical business processes. By integrating threat data, IT data and business data, companies can equip themselves with context-rich alerts to help prioritise incident handling and streamline incident investigation.
Resilient. Rapidly adapt and respond to internal or external changes – opportunities, demands, disruptions, or threats – and continue operations with limited impact to the business.”
Mr Cameron said cyber risk poses perhaps the greatest threat to the future of mobility, and data governance, privacy and protection will likely be of paramount importance as individuals and organisations move to make it a reality.
“Just as collision warning systems and anti-lock brakes haven’t eliminated all road mishaps, a world of shared and autonomous vehicles can never be risk-free. A key challenge for players in the mobility ecosystem lies in making the degree of risk acceptable to both consumers and regulators. As automakers, technology companies, governments and others place bets on how and when the future of mobility may unfold, those moves could be for naught without a broad understanding of the myriad cyber threats likely to emerge – and a concrete plan to address them.”
Other industries are also dealing with cybersecurity issues, and players in the mobility ecosystem can look to others for similar solutions, although the specific implementation of those solutions would need to be carefully shaped to fit the auto industry’s unique needs.
What steps companies take also likely depend on which ecosystem roles they intend to play. In The future of mobility, Deloitte envisioned four co-existing future states of mobility: some quite similar to today’s landscape and others that posit more ambitious vehicle sharing and autonomous driving possibilities.
Each of the four future states of mobility brings a unique set of data-related risks and, consequently, a unique set of challenges and required solutions.
Future State 1: This is the most conservative vision of the future, in which vehicles would remain individually owned and operated, much as most are today.
“Yet even here, vehicles are expected to become increasingly connected and data-centric (creation, consumption, analysis, etc) and to employ advanced driver-assist technologies (stopping short of full autonomy). As vehicle designs advance, their security capabilities should evolve too. Enhanced security features will likely be based on in-vehicle technology and features already present in today’s cars. This enhanced security would need to secure current technology and features while continuing to evolve to protect the incremental changes we expect providers to develop in Future State 1.
“As with smartphone development today, it is likely that hardware and software vendors will collaborate in the design and production of future vehicles and other mobility infrastructure. Consider a hypothetical software developer partnering with a V2X device manufacturer that ships and configures devices that enable connected infrastructure. When the developer’s lead engineer leaves the company, he takes with him critical trade secrets and knowledge of a back door into the root of the V2X system. Perhaps because of discontent with his former employer, he leaks information about the security bypass, making vulnerable hundreds of thousands of installed and active devices. The attacks could begin as irksome pranks but soon escalate: targeting one city, hackers could manipulate information to tell traffic apps and rideshare vehicles that there is construction on every street, causing accidents and delays in emergency service response. Next, they could remotely quadruple the amperage of electric vehicle charging stations and begin starting fires.
“Of course, companies work to maintain safeguards against single bad actors causing such widespread harm, but plenty can sneak through. In a recent survey conducted by the Manufacturers Alliance for Productivity and Innovation and Deloitte, manufacturing executives traced 42 per cent of cyber incidents to insider threats’.”
Future State 2: With the rise of the ‘sharing economy’ and the growth of ridesharing and carsharing companies, a second potential future state sees the possibility of continued expansion of shared mobility, even as vehicles remain human-controlled.
“We see glimpses of this future state today, providing a window into the potential cybersecurity challenges, but accelerating adoption could dramatically increase the scope, magnitude and complexity of these threats. With the proliferation of social media, ridesharing and other mobile applications, access to a consumer’s smart device can expose her to additional risks,” the Deloitte report says.
“In particular, protecting the personal information of both drivers and riders becomes a high priority. Some nefarious parties would find this information valuable, and ridesharing and carsharing companies present an attractive target. Payment systems can expose credit and banking information to potential theft. Navigation and location information can compromise customer privacy, requiring providers to keep on-board communications secure.”
As automotive companies and technology firms consider expanding their services to include shared mobility, they should consider the unique risks and cyber threats that accompany this business model.
“Just as flight data recorders collect information about what happens in a cockpit, connected vehicles absorb details about what their owners and passengers do once they climb in. But vehicle-based technology can also compile and analyse data to generate less obvious insights: For instance, devices can be taught to differentiate between a set of users based solely on brake pedal input. In-depth data collection will likely become increasingly common with shared vehicles, as customers come to expect seamless integration with the rest of their digital lives. Many parties eagerly await unrestricted access to these data, including standard players such as data brokers and insurance carriers, but pairings are forming to monetise the data in new ways. Some rideshare providers already offer the ability to sync a passenger’s streaming audio service with the vehicle while she rides.
“Now, imagine a scrapper picking over parts in a junkyard. She skips the fenders, doors and air bags. The real money could be in the CPU modules – not for use in repairs or as replacements but, rather, for their data. Each module might contain a wealth of valuable information – for instance, a data recorder from a rideshare vehicle may well contain a list of the previous owners’ linked smart devices, with addresses and ID numbers, along with a full history of everywhere the donor vehicle went in the year before the accident that wrecked it, as well as hundreds of account numbers and logs that can be used to link passengers to phone numbers, addresses and payment histories. A good set of data might fetch a much higher price online than individual resale of replacement parts.”
Tomorrow’s vehicles are expected to know much about their owners and users – and for many this is a growing concern. Would the manufacturer of the vehicle own those data? What about the person who bought, borrowed, or is simply a passenger in that vehicle? How might our legal systems consistently define ownership? What would happen when the vehicle crosses boundaries of jurisdiction? How would a police agency handle logs from a connected vehicle involved in an accident? At the end of their lives, who would be responsible for wiping clean obsolete data recorders?
Many companies that issue electronic devices to their employees have wiping procedures for laptops and mobile devices upon end of lease or separation, which includes encryption, factory resets or other data erasure procedures. In one survey, more than half of respondents indicated their company had a formal secure IT asset disposition policy. Similar procedures could be adopted upon change of ownership or at the end of a vehicle’s useful life.
Future State 3: The adoption of personally owned, fully self-driving cars. While much of the core autonomous functionality may be self-contained within the vehicle (making it relatively less vulnerable to attackers), self-driving vehicles would need to communicate with the outside world through sensors, vehicle-to-everything (V2X) capabilities, GPS software and other systems.
“As with Future State 1, when working as intended these connected cars may have the potential to help improve the passenger experience, but they also likely open up new vulnerabilities. Last year security researchers were able to use a flaw found in an OEM-provided application to run down an electric vehicle’s battery, potentially stranding the vehicle owner. While this flaw was addressed, this example highlights an escalating threat landscape caused by increased connectivity. And in an autonomous vehicle, where the car’s systems would be fully in control of the vehicle, the potential damage caused by an intrusion or flaw could be fatal.”
While runaway autonomous cars might capture the imagination, the possibility of more conventional threats looms just as large. Today many automakers install software-related recalls and patches in person, one car at a time, at the dealership. It can be challenging to get car owners to respond to these service requirements, especially when the vehicle seems to be operating normally.
With far more onboard software needing regular security and navigational updates, autonomous vehicles in the new mobility ecosystem will likely have dedicated communication lines back to the manufacturer for instant transmission of software-related recalls and patches. Updates to vehicle systems would be handled in a similar way as with smart devices and computers today, with patches downloaded wirelessly and applied when the device in question is not being used.
“With each new connected feature creating a new attack surface, how to maintain security?” Deloitte asks.
“Automakers and software developers can learn from the approach that content delivery services have taken to prevent tampering. Satellite and cable media providers address this by including digital relays, fault recorders, equipment diagnostic packages, automation equipment, computers, programmable logic controllers, and communication interfaces.
“But this process has been uneven and often ad hoc. Content providers are limited by the capabilities of end users’ technology. In the past, devices such as satellite receivers were barely able to authenticate subscribers over the air without compromising the content’s quality, just as vehicle networks today strain to secure communications between modules in a given vehicle. Security was layered on incrementally as the receivers became more powerful, but content thieves and disruptors were able to use the same technology in the receivers to circumvent security.
“A similar process will likely play out in the connected and autonomous vehicle space unless automotive technology suppliers take steps to implement the lessons learned from secure content providers in other sectors. Secure content delivery today is encrypted and authenticated at both ends, with rotating security keys that are impractical to crack within the designated response window. Access to the automated systems that facilitate these actions are often limited and routinely checked for exploits and remote tampering.”
Autonomous vehicle developers currently protect their prototypes from these issues by having a human operator who takes control in the case of failure or fault, but this approach is not expected to be extended to consumer-owned vehicles. In particular, the Department of Transportation Automated Vehicles guidelines specify that, “fallback strategies should take into account that . . . human drivers may be inattentive, under the influence of alcohol or other substances, drowsy, or physically impaired in some other manner.”
Additionally, autonomous vehicles may operate in a mode where no human driver is present to take over in the case of failure – for example, if a self-driving car ‘delivers’ itself to the shop for maintenance. The policy does not specify how autonomous vehicles should behave in these circumstances, and autonomous vehicle developers and researchers will have to work to ensure they develop a safe approach.
For some consumers, putting their safety into the hands of an automated vehicle would require a new level of trust in the security, integrity and functionality of vehicle and infrastructure technologies. Autonomous cars are expected to have numerous on-board attack vectors, including radar, cameras, GPS, ultrasonic sensors, V2X and other networking capabilities, not to mention the related infrastructure components and technologies on which these sensors may depend. The architectural and operational (think monitoring, vulnerability management, security operations, etc) requirements for fully automated vehicles are considerably higher than for partially automated or assisted driving vehicles. Stout vehicle technology to support cybersecurity and individual privacy must be a primary concern.
Future State 4: Finally, an increase in car- and ridesharing and the maturation of vehicle automation could converge at a point of ‘accessible autonomy’, in which many individuals can reach destinations by simply requesting rides from nearby autonomous fleets. This future state is most likely to begin with urban commuters in large cities but could quickly spread as capabilities and consumer willingness expands. The adoption of these technologies could spur the emergence of an integrated intermodal mobility ecosystem that offers safer, cleaner, cheaper, and more convenient transportation.
This future state includes the same security vulnerabilities and personal data theft as other future states – and would present a problem of another order of magnitude, since a hacker breaching ‘smart’ infrastructure or a large fleet of shared autonomous vehicles could inflict dramatically greater damage.
In every future state, cars and their occupants will likely need to place additional trust in on-board technology, raising the stakes for vehicle cybersecurity. Security researchers have highlighted vehicle vulnerabilities, engaging the interest (and possibly the imagination) of the public, regulators, elected officials and many others. Successfully addressing those risks is expected to require both consensus on the overall standards to be met and a broad effort to make the future of mobility secure, vigilant and resilient.
The big picture: reaching consensus
While the possible advances that comprise the future of mobility bring with them significant new potential threats, the dangers are hardly insurmountable, partly due to a growing awareness of the importance of cybersecurity among the general public, federal, state, and local governments, as well as regulatory and standards bodies. One example: In 2016 the FBI and the NHTSA issued a warning to the general public and manufacturers of vehicles, vehicle components, and aftermarket devices to “maintain awareness of potential issues and cybersecurity threats related to connected vehicle technologies in modern vehicles.”
The NHTSA also convened a public roundtable in January 2016 to facilitate a diverse stakeholder discussion on vehicle cybersecurity topics. Attendees included representatives of 17 automotive OEMs, 25 government entities, and 13 industry associations.
“This increase in awareness comes at an opportune time. As the private sector and governments work to make the future of mobility a reality, the extended global auto industry faces what most consider an urgent need to establish cybersecurity standards to create current baselines for today’s needs – as well as to prepare for future software development and distribution.
“Thankfully, early efforts are already under way. In 2015, the Automotive Information Sharing and Analysis Centre formed to enhance cybersecurity awareness, share information about threats and improve coordination across the global auto industry. The Alliance of Automobile Manufacturers and the Association of Global Automakers also developed a ‘Framework for Automotive Cybersecurity Best Practices’.
“While these are important early steps, more can be done. The current efforts are voluntary and the organising groups’ memberships are limited to auto OEMs and major suppliers – a narrow focus considering that the future mobility ecosystem is expected to cut across traditional industry lines and include players from technology, telecom, media, insurance, finance and beyond. A much more diverse consortium of actors would be needed to effectively set standards that can bridge tomorrow’s diverse mobility options. Indeed, given that this new wave of technology is still in its infancy, current technology vendors seem well positioned to shape the relevant standards.”
Thankfully, many of the cyber risks posed by the future of mobility have been confronted before. By taking the hard-earned lessons learned from other industries, the extended auto industry can keep itself ahead of hackers and other adversaries. Deloitte recommends steps including:
- leverage enterprise IT processes for data privacy and data decommissioning
- implement encryption and code signing to protect the integrity of system software
- develop standards of practice for secure development of critical vehicle systems, and
- enforce developed standards on their suppliers, similar to payment card processors.
“By taking these cues from others that have grappled with securing critical digital infrastructure – including current efforts to protect connected cars – the extended global auto industry can help make hopping into a shared driverless car as blasé as getting behind the wheel is today,” the report concludes.