An autonomous car cyber security group will receive government funding as part of a plan to make the UK a hub for the development of self-driving cars, it has been announced.
The 5*Stars consortium, which incorporates Horiba MIRA, Ricardo, Thatcham Research, Roke and Axillium Research, will get grants to develop defences against cyber attacks on autonomous cars as concern grows about the security of the ever more advanced technologies in the car industry.
Funding comes from Innovate UK, the UK’s innovation agency, which operates under the Department for Business, Energy and Industrial Strategy. The consortium put forward a case for funding, which culminates in introducing a system of star ratings for the security of autonomous cars against cyber attacks, similar to Euro NCAP's ratings for the crash safety of cars.
Business and energy secretary Greg Clark announced the consortium’s winning bid, although it has not been disclosed how much funding the group will receive. The news follows the recent announcement that the department has set aside £100 million for investment in autonomous vehicle testing infrastructure.
Clark said: “By 2035 the global market for connected and autonomous vehicle technologies is predicted to be worth £63 billion. Our investment and collaboration with industry to build on our strengths and create a cluster of excellence will ensure we are at the forefront of its development and perfectly positioned to lead and capitalise on this market.”
Q&A with Dr Anna Bonne, Transport Lead at the Institution of Engineering and Technology:
How important is it that autonomous cars are protected from cyber threats?
"Connected vehicles take us toward a mode of transport that is safer and more efficient, by enabling an interconnected driving experience. Vehicles will be connected to each other as well as their surrounding infrastructure (such as traffic lights), so for safety reasons it is important that the vehicle knows that the messages it is receiving are genuine.
There is also a risk the criminals could hack in to a vehicle to start the engine or that they might hold a car to ransom until the owner pays to be able to assess their vehicle."
How at risk are autonomous cars from hacking?
"The importance of identifying potential ‘vulnerabilities’ – flaws in a connected car’s communications and data systems that could be exploited by somebody seeking to ‘hack’ into that vehicle’s control mechanisms or other on-board technology – and protecting such vehicles against interference or attack, has stepped up in the past five years, as online menaces have become potentially more hazardous – and more penetrative.
Some users are becoming accustomed to the practice of protecting their ‘endpoint devices’; but nowadays the very communications infrastructures that form the backbone of our hard-wired and wireless networks regularly come under attack. This has created yet another field of battle to be defended, as national Internet exchanges, for instance, and the internetworking equipment they rely on – such as switches and routers – are maliciously probed.
One of the challenges we have at the moment in making connected vehicles secure is that we are trying to secure legacy systems. Fully autonomous vehicles are being designed from scratch, allowing cyber security to be considered at the initial stages of the design process."
How fast is cyber security growing versus the threat?
"The driverless/autonomous car trials planned in the UK include testing of roadside infrastructure that will communicate with vehicles to inform them of congestion, roadworks, etc., and allow drivers or their vehicles to plan and use alternative routes. Malicious attacks on this infrastructure, or the jamming/interference of satellite navigation signals, could in future severely disrupt traffic in urban areas and bring large parts of a city to a standstill.
It is important, then, that our future vehicles and their supporting smart infrastructure are designed to be resilient under both normal and adverse operating conditions. Currently most cyber-attacks are targeted at organisations within the energy sector. However as the Internet of Things grows and more things become connected, the transport sector is likely to become a target. It is difficult to say when this might happen but the drivers are likely to be financial gain, competitor espionage and disruption of services."
Why does this need the government's attention?
"No connected computer system is 100% guaranteed secure in terms of invulnerability or the integrity of the data it holds or processes, and the owners of targeted systems must be ever-vigilant for as yet unknown threats and undetected vulnerabilities to emerge at some future time. Currently the approach adopted and level of maturity in developing cyber secure vehicles varies dramatically between the OEMs.
As the link between cyber security and the safety of the vehicle is realised, the public will start to demand vehicles that are cyber secure and it is likely that the Government will need to be involved in setting the standards the OEMs need to meet in order to produce a vehicle which is safe to drive in the UK."
Is the UK likely to make an impact on cyber security, versus other economies and tech industries?
"The UK has been at the forefront of developing and implementing driverless vehicle technology. We want to retain this position and encourage driverless cars to be tested in the UK on UK roads. It’s important to consult between the automotive industry bodies for which automotive cyber security is, or should be, an agenda issue, and those professional bodies and associations in non-automotive sectors that are already engaged in cyber security awareness building. This way we can share best practice and the latest intelligence of cyber security.
A ‘working party’ or ‘consultative committee’ should be established to explore the feasibility of initiating briefings between a range of parties with a declared interest in automotive cyber security. Specifically, it could discuss the development of code-of-practice guidelines/reference model that address the systems engineering, security, privacy, legal and ethical issues associated with the increasing autonomy of vehicles."
"We welcome this yet another important initiative from the automotive eco-system, with the formation of the U.K. government's new autonomous car cyber security group. HARMAN has been an active member in the Auto-ISAC and SAE, working with the industry on defining standards and best practices for the cyber-physical protection of connected and autonomous vehicles," said Saar Dickman, Harman's vice president of automotive cybersecurity.