On May 5, 2017, I gave a presentation with the title “Cybersecurity in the Age of Autonomous Vehicles, Intelligent Traffic Controls and Pervasive Transportation Networks,” for which I was honored with the “Best Applications Track Paper” award, at the IEEE Long Island Systems, Applications and Technology (LISAT) Conference.
The basic premise of my presentation is that the development of in-vehicle and vehicle-to-vehicle systems for autonomous ground vehicles is much better funded by automakers (such as GM, Audi and Volvo) and software companies (such as Google, Apple, Amazon and Uber) and is also moving along much faster than comparable systems for surroundings, infrastructures and the ecosystem, where I define “surroundings” as being within about 300 meters of a vehicle, “infrastructure” as within several miles (e.g., municipality, city), and “ecosystem” as distant, such as GPS satellite systems and GM’s OnStar. This progress by private companies might have been acceptable except for the following:
There are currently no universal standards in place, with the result that the security and safety aspects of in-vehicle, vehicle-to-vehicle and ex-vehicle systems, both individually and in combination, are becoming orders of magnitude more important and yet are not being adequately addressed formally by government and industry bodies.
This course of events means that security and safety will likely be bolted-on rather than built-in, if at all, at much greater expense and with much less effectiveness. The plea is to establish security and safety requirements from the start of projects and ensure that system makers feel obligated to incorporate such requirements because security and safety standards are both created and enforced.
I expect my paper to become available in the IEEE Xplore library shortly. It provides much more detail than can be included in a column such as this. On the other hand, my book “Engineering Safe and Secure Software Systems” (Artech House, 2012) contains much of the same general advice rendered at the presentation and is available now.
Suffice to say, as has happened so many times before in IT and InfoSec, much of cybersecurity and some measure of safety will be glossed over, mainly because to do it right purportedly costs too much money and results in substantial delays in the launching of products. However, as inevitably transpires, we’ll all end up paying many times over as security and safety are retrofitted into in-vehicle, vehicle-to-vehicle and ex-vehicle systems. It happens time and time again … but we seem never to learn. We can but hope that the incidents that lead to such “patches” will not be too damaging.
This is a Security Bloggers Network syndicated blog post authored by C. Warren Axelrod. Read the original post at: BlogInfoSec.com