Research Highlights The Cyber Risk To Connected Cars

Earlier this year I explored a fascinating new paper from the University of Michigan, which outlines some of the main cybersecurity challenges we need to overcome before autonomous vehicles are able to offer us safe mobility.

The paper introduces a new tool, called the Mcity Threat Identification Model, which the researchers believe can help advance work in the field, especially around the identification of potential threats.  The model provides a framework for considering various factors, including:

  • the motivation and capabilities of the attacker
  • the vulnerability of the vehicle’s systems
  • the various ways an attack could be achieved
  • the repercussions of a successful attack, whether in terms of safety, privacy or financial loss

As vehicles become increasingly connected, it’s an issue that is attracting a growing level of attention.  The latest of these comes from a recent paper published by Coventry University that explores the risks presented as cars become more connected.

“Connected cars are no different from other nodes on the internet of things and face many of the same generic cybersecurity threats,” they say.

The team highlight a number of features that are unique to connected cars, including:

  • Improved safety through better road infrastructure, onboard safety systems, automatic ‘Smart SOS’ emergency services’ calling (for example, e-Call)
  • Enhanced vehicle security through more sophisticated access systems
  • Better use of road infrastructure to reduce congestion, enable smart parking, and spread journeys through time
  • Safer and more accessible driving for those whose driving abilities are compromised enhancing employment and leisure opportunities
  • Greener driving through reduced emissions
  • User and usage-based, including driving style and habits, insurance premiums providing an incentive for safer driving
  • Improved vehicle maintenance and reliability
  • The improvement of air quality
  • Opportunities for passengers to use the time spent on car journeys in more interesting and/or productive ways
  • Improved payment services for fuel (including e-car battery charging), pay-as-you-drive insurance, parking charges and other car-related mobility services.

Each of these brings with it unique digital security risks that could expose vehicles and vehicle systems to illegal activity.

“The potential costs of vehicle cybersecurity attacks and their prevention measures need to be weighed up against the undoubted benefits which technological innovations in connected cars may bring,” the authors say.

They believe there are four features in particular that need to be investigated.  The first of these is the commercial nature of cyberspace and the challenges this presents in regulating the environment in which connected cars operate.  The second factor is the sheer breadth of components across the world that are involved in the operation of connected vehicles.  The third factor is the speed with which risks can emerge, with the authors highlighting the risk of ‘zero-day’ attacks.  Last, but not least, the nature of cyber attacks is inherently covert, and so the risk can often be underestimated by government, business and the general public.

“Coordinated research and development strategies must be developed. Cross-disciplinary research in implementing security into control systems will be needed to provide the solutions necessary to combat cybersecurity incidents,” the team conclude.

Related

Facebooktwitterredditpinterestlinkedinmail