We spoke with David Miller – Chief Security Officer at IoT and identity cloud platform company, Covisint – at last week’s RSA Security Conference, in a two-part discussion about the security future of autonomous vehicles.
In part one, we talked about the perils of hacking your ride and how our cars could join our phones in the never-ending, chronically tightening obsolescence cycle.
Part two focuses on why rolling out fully autonomous cars could – and should – take time, why your car will look more like a rolling smart home and less like a smart device with tires and some ideas for autonomous vehicle ransomware of the future.
So given the size of the automotive aftermarket business, what will the impact be of these aftermarket products and what are their potential weaknesses?
Miller: The aftermarket products (market) would work the same way (by communicating with command systems to request permission). They would be a monitoring system. It would do the same thing as the car’s own components, to request permission to do whatever that aftermarket product does.
Many of these products today are monitoring products anyway; they don’t really need to do anything, they’re polling information and they’ll send that information up. But they’d do the same thing (as other components), ask ‘Hey, I’m going to send that information up’ and the cloud system says ‘Well, hold on, I’ll need you to verify who you are.’ You have to authenticate, just like people do for secure transactions. So you’d say ‘Ok, you can stream to me and here’s the encryption key you’ll use for this session.’ Which, by the way, is the way we’ve done things on the web forever. It’s how we do web banking. It’s the way SSL (secure sockets layer) works. Even if someone steals the key, it’s only good for that session. It’s not good for the next one, or the next one, or some other guy’s (system). We’re actually talking to some aftermarket (firms) who have some smart (automotive) parts – a lot of trucking for example – parts that can sense if the engine is running well or not. The part actually has wi-fi built into it, into the actual part. It communicates, through a box that sits in the truck, with the cloud; it’s a diagnostic tool. So it lets them keep track of their truck fleet, and lets them see ‘Oh, we need to bring this one in, it looks like there’s trouble.’
Miller: Yes, it’s not a platform, it’s an ecosystem – an ecosystem of things. There’s the vehicle itself, then there’s the infotainment system, and that’s a separate bunch of things, then there’s the command and control system and the actuators, and an engine control module. In most modern vehicles now, there are over ten microprocessors in the vehicle, running different things. And it’s growing more and more and more – you have things like anti-lock brakes, adaptive cruise control.
If you just look at adaptive cruise control, it has its own subsystem and its own microprocessor. It’s looking at the radar buttons on the front of the vehicle that are figuring where the vehicle in front of you is, and that is telling the control module to speed up or slow down. It really is this ecosystem, it’s more analogous to your house than to a thing. It’s not a thermostat, it’s like a home. That gives you certain advantages – you can have gateways. One the things about vehicles is that they move, and so you can’t guarantee they’ll be connected all the time because maybe you’re driving through a tunnel. Imagine your vehicle being able to run and function (only if there’s) a cell phone signal. Even here in California, there are places where your car would stop.
The advantage of an ecosystem of things is that you can control gateways. The gateway model is used in a lot of home systems, and there are companies like Cisco that are looking at this now. It utilizes the gateway to use those systems without needing to be connected.
Do you see these potential security lapses as something could slow down autonomous vehicle deployment? Is it a bottleneck?
I would like to hope yes. But the actual answer will be like what we’ve seen with the internet. It’ll take until someone actually dies in an autonomous vehicle due to a hack. That doesn’t mean people aren’t thinking about security, but usually, there needs to be an actual event before you solve them. Unless there’s a government agency that comes in and says ‘We’re going to regulate exactly what you can and cannot do.’ The challenge of a fully autonomous vehicle is so high, except in very specific circumstances, you’re just not going to see it. Now I can see an autonomous vehicle being able to navigate a parking deck…
So some closed environment…
Miller: Yes, some closed environment. There’s no rain, you can move really slowly. And that has some value. So I arrive at a parking garage, and the car parks itself. Then when it’s time to go, you press the fetch button and it slowly makes it way down. Those things will be straightforward. The idea of autonomous vehicles like the way some think – where I left my car at work and I’m going to tell it to drive itself home – well, under perfect circumstances, perhaps. But what if you live where it rains or snows, or where the lane markers aren’t perfect.
But the danger is going to be the semi-autonomous vehicle, where I’m still driving but it does the lane keeping or the adaptive cruise. Hacking into that sort of thing is probably what we need to worry about.
Now, part of the issue associated with assisted or semi-autonomous driving would be the ability for my vehicle to know not about the vehicle directly in front of it, but the vehicle three cars in front of it. I know that that vehicle is putting its brakes on so I know my vehicle will have to put its brakes on in anticipation. If the vehicle knows that, you can allow them to drive much closer together. You don’t get that slinky effect. We’ve all seen the slinky effect, where the vehicle five cars in front of you gets going and there’s a delay while the next guy gets going and the next guy and so on. To get rid of that, if I knew what was happening up front, all the cars can move as a train. The problem with that is if I can fool my car into believing its ok to start moving, it’s going to rear-end the car in front of me. Those are the kinds of hacks I’d think you’d start to see. The other thing about these hacks that they are either going to be malicious – just to prove I can do it, which is actually few and far between – or a terrorist. I don’t think those things are going to happen the way you see on the internet, where people are hacking to get money.
What about the old hijacking of the truckload of goods?
Miller: Then we’re back to ‘Is it going to be truly autonomous?’ I’m going to hijack the truck, but there’s a driver in there who will just turn off the truck. What you could get is ransomware, where we can actually put the brakes on all of (a manufacturer’s) 2006 vehicles simultaneously unless you give us $10 million. You certainly wouldn’t want that to come out.
But it’s probably going to be more that level than someone locking you out of your car for $1,000…
Miller: That would be interesting! As with most things physical in nature, there are fail-safes. Even with my vehicle, we all have electronic key fobs now. If the battery is dead you can’t open the car doors, but you get out this one-time use key and unlock your car. I believe there will always be that sort of thing. As long as someone is behind the wheel you’ll have a way to disengage.
So what’s our timeframe them to fully autonomous vehicles then? Do you think it will be anytime soon?
Miller: I don’t think so. And again, I think we’ll move to more and more assisted driving, to the point where – on a nice day – once I’m in my lane on the expressway I don’t have to touch my accelerator, I don’t have to do anything with the brake, I’ll just cruise. Even when traffic is not free-flowing – when the traffic stops, it stops, and when traffic goes, it goes. We’ll see a lot more of that. The challenge is what do I do when I want to get off the expressway. I have to stop at the stop sign, and turn left and make sure no one is coming. You will have a lot of assisted sorts of things you’ll need a driver for, for the next ten-to-15 years.