Skip Navigation
BlackBerry ThreatVector Blog

Cruising Through the Roadblocks to the Vehicles of the Future

In the 20th century, for many people, few things symbolized individuality more than their car. It was an extension of self-expression and their ride to freedom. Future generations are unlikely to see automobiles in the same way.

Automated, on-demand mobility will make it possible for anyone to get from where they are to where they need to be, without all of the costs of buying, maintaining, and insuring their vehicle. No more annual car inspections, oil changes, tire rotations or trips to the mechanic when the check engine light comes on.

All of which will now be the responsibility of the mobility provider, with at least one major addition: cybersecurity. Unlike the cars of yesteryear, connected transportation technology will increasingly require effective cybersecurity: vehicles will need to be designed, deployed, and maintained securely.

Security and Privacy

For years, automakers downplayed the cybersecurity risks associated with increasingly connected and software-driven cars. That changed in 2015 when security researchers demonstrated that it was possible for attackers to remotely access a Jeep while it was driving 70mph down the highway. Since then, there have been many reports of automobile software-related security vulnerabilities.

We now know that automobiles are vulnerable to attack and as they become more software driven and automated, they will become increasingly complex. And, in the years ahead as smart infrastructure is rolled out, the security challenges will only grow more profound.

Many believe industry standards and regulations are on the way that will guide automakers to more closely integrate security into their processes, so that autos are designed, built, and managed securely. One example is California’s regulations that require autonomous vehicles to meet a certain standard when it comes to security.

As Roger C. Lanctot, director of connected mobility and global automotive practice strategy analytics, wrote in his article Challenges to Smart Mobility and Smart Cities published in the eBook The Road to Mobility, in addition to security concerns, car companies are updating consent management and data privacy algorithms to comply with increasing data privacy laws.

“With some proactive decision making and implementation the auto industry may well avoid any slowing data monetization activities resulting from efforts at preserving consumer privacy — even in the context of proliferating driver monitoring systems,” Lanctot wrote.

When it comes to keeping autonomous vehicles secure, the industry certainly can’t make the same mistakes the technology and software industries have made by shipping software riddled with vulnerabilities, requiring constant updates and layers of third-party tools such as firewalls, intrusion detection systems and other defenses designed to protect these systems.

Meeting the Security Challenge

Developing secure autonomous vehicles is perhaps more challenging than developing secure applications used in enterprises today. Not only will billions of lines of code need to be developed securely, they will need to be maintained securely and interconnect with the owner’s devices and smart infrastructure. If enterprises can’t develop and deploy secure applications, and keep them secure, what hope do automakers have?

The most likely answer will come from the application of AI and machine learning. Artificial intelligence and machine learning will play a pivotal role in designing and developing autonomous vehicles.

Ashkan Amiri, director of data science, and Andrew Walenstein, director of security research and development at BlackBerry’s Advanced Technology Development Labs wrote in their article, Using Artificial Intelligence to Boost Connected Vehicle Security that is also found in The Road to Mobility that artificial intelligence and machine learning can be just as easily applied to modern automobiles as they can to computer systems by just viewing the automobile as a specialized computer. And, they explained, networks of vehicles would be treated just as any network of computers.

Both Amiri and Walenstein detailed how artificial intelligence can, and in all likelihood will, help secure connected cars. Such as:

  • User authentication and authorization to detect and prevent their misuse
  • Malware and botnet detection to avoid advanced persistent attacks  and data loss
  • Data loss monitoring and prevention to protect privacy and user information
  • Intrusion prevention and detection
  • User behavior analysis, for example to detect an impaired or fatigued driver
  • Monitoring ECUs and sensory modules to detect misbehaving or defective units
  • Monitoring internal networks to ensure the integrity of communications between key components of the vehicle
  • Monitoring external communications, such as those between vehicles or between vehicle and cloud server, to identify jamming, denial of service and so forth.

The massive amount of telemetry data autonomous vehicles generate about themselves, coupled with the maturity of data analysis tools means using these traditional cybersecurity technologies is within reach. “This is assuming, however, that the vehicle manufactures are willing to add the required processing power to enable collecting data and operating these AI-for-cybersecurity technologies,” they wrote.

Takeaways

And therein lies the kicker. While vehicle pricing is incredibly competitive, and automakers face incredibly tight margins, they may not be so eager to add the additional costs required to cover the security overhead.

However, just like seatbelts and other safety features that came to exist on vehicles, the market will demand these modern cybersecurity developments. And either the industry will choose to do it on its own, or insurance companies and government leaders will demand it.

About Corporate Communications