The autonomous vehicle (AV) sector is undergoing a significant transformation. What was once a niche interest is quickly moving into an important sector of the economy. With interest growing, and autonomous vehicles being used as a logistics tool and eventually a transportation module for the masses, additional issues have come to the fore – namely, security. As autonomous vehicles become more integrated with our lives, the security risk associated with those technologies continues to grow.
To assist organizations, the US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) recently released a guide to help companies and industry leaders understand the risks associated with AVs and ways to mitigate those risks.
The guide generally outlines the potential for enterprise and asset-level attacks. Through Vehicle-to-everything Technologies (V2X) and Global Navigation Satellite Systems (GNSS), autonomous vehicles connect to smart infrastructure, control centers, and other AVs. This technology is what will equip AVs to solve logistical issues on local and global levels. By broadening the systems and databases AVs pull from, vehicles can make smarter decisions that lead to more efficient outcomes.
This ability to connect to a variety of resources opens a new avenue for malicious actors to attack autonomous vehicles. To attack the entire enterprise, cybercriminals could upload malware to the system through access to an asset or a secure area. These attacks could steal proprietary or sensitive information or could mark vehicles as stolen and make them inaccessible.
In order to operate safely, AVs often have layers of redundant technology that combine to produce a robust view of their surroundings. Often, AVs will utilize RADAR, LiDAR, and numerous cameras to navigate their environment safely. By tampering with a vehicle’s sensors or hindering their ability to discern different stimuli, malicious actors could cause AVs to malfunction and harm those around them. CISA points out, for example, that taking remote control of autonomous vehicles could override programming and cause incidents that would never happen otherwise.
CISA ultimately recommends that companies develop employee training and exercises that stress the need for vigilant security and demonstrate the vast interconnected web that guides autonomous technology. Additionally, CISA will assist in conducting vulnerability assessments and distributing tools and resources that point out potential weaknesses. Lastly, consistent and clear communication and collaboration will ensure that all team members stay aware of any threats.
In addition to these company-wide practices, vehicles should be regularly inspected for tampering and designed with rigorous cybersecurity standards in mind. Vehicle software should be regularly updated, and devices should default to the most secure actions and settings. Employees and riders alike should avoid connecting non-manufacturer or unknown devices to vehicle systems. Devices outside of the network could introduce malware to the vehicle.
Ultimately, the new CISA guide indicates a drive toward recognizing the importance that the autonomous vehicles sector plays in our economy and its role in critical infrastructure.