Abu Dhabi, UAETuesday 25 June 2019

Cyber risks make journey to driverless transport reality a bumpy ride

Dubai to introduce new cyber security standard for autonomous vehicles by year-end ahead of plans for smart transport by 2030

In this March 20, 2018, photo provided by the National Transportation Safety Board, investigators examine a driverless Uber SUV that fatally struck a woman in Tempe, Ariz. (National Transportation Safety Board via AP)
In this March 20, 2018, photo provided by the National Transportation Safety Board, investigators examine a driverless Uber SUV that fatally struck a woman in Tempe, Ariz. (National Transportation Safety Board via AP)

A woman walks across the road from a darkened area on to a street only to be fatally struck by a self-driving car.

This is not a scenario from a distant dystopia, but a crash in March involving an autonomous vehicle being tested by Uber in Arizona, United States. The incident was a tragic reminder of the uncertainties surrounding the new technology that raises an array of safety, security and regulatory questions. Such mounting concerns also include the possibility of hackers exploiting vehicles through their internet connections and meddling with computers that control braking, steering and autonomous driving.

“Cybersecurity is paramount in shaping the future of autonomous vehicles,” Amer Sharaf, director of compliance support and alliances at the Dubai Electronic Security Center told The National. “Any oversight may result in compromising the safety of passengers. The futuristic vision of driverless cars can be realised only with high level of cyber security.”

Dubai, which set an ambitious goal to shift 25 per cent of passenger trips to driverless vehicles by 2030, will issue new cyber security regulations by year-end to protect its upcoming smart mobility sector,

Mr Sharaf said.

Cybersecurity is the biggest concern for companies evaluating risk in the nascent self-driving vehicle industry, according to a survey by the world’s second-biggest reinsurer Munich Re. Car makers are developing self-driving technology to reduce deaths on the highway but it could be a bumpy road to get there: they have to find ways to prevent vehicles from being accessed remotely by hackers. This becomes more difficult as the cars will have higher levels of connectivity than those currently on the road. Given the Middle East’s focus on smart cities and its vulnerability as one of the most prone regions to cyber threats, it needs to take a closer look on how to address these risks.

Dubai, which is currently working on what it dubs the Cyber Security Standard with the Roads and Transport Authority and other government entities, is studying steps to mitigate cyber risks in autonomous mobility. The first stage was an “extensive” survey of threats to the security of the vehicle’s communications system, software, hardware and supply chain, Mr Sharaf said.

The emirate has partnered with China’s start-up EHang to bring a closed-top passenger drone to the city. Dubai has also signed on to work with Uber on testing flying cars to its skies by 2020. In September, Dubai staged the first public test of its drone taxi service, offering a sneak peak of commuting by a flying car.

“Concerns on connected vehicles security are mounting and while the Middle East is not the base for vehicle manufacturers, organisations that are involved in initiatives such as smart cities and smart transportation in the region are starting to investigate security implications and threats,” said Ruggero Contu, research director at Gartner.

Car makers have yet to design a connected vehicle that cannot be hacked, raising security concerns and dystopian scenarios of robot cars gone awry.

Cyber attackers can find ways to control vehicles remotely through connections with the external world. The number of connections will rise significantly once cars are self-driving as they need to communicate with one another and the network of connected systems, from traffic lights to road junctions that surround them.

Riders could also face threats related to identity theft from loss of personal and financial data stored in cars, misrepresentation of information and denial of service, said Saurabh Verma, associate director of the digital transformation practice at Frost and Sullivan.

“Vulnerabilities that come as part of autonomous vehicles are unique, unheard of and under-analysed,” Mr Verma said. “It is critical to address and overcome cyber security challenges before connected vehicles can be widely adopted.”

The driverless cars’ own applications, ranging from navigation systems to re-routing around traffic to software that allows autonomous driving, all pose a security risk, Mohamad Hasbini, senior researcher at Kaspersky Lab, said.

Risks to the smart transport sector may even be on par with those of key sectors such as oil and gas, telecoms or power grids, analysts say.


Read more:

Waymo chief says his firm's driverless tech differs from Tesla's

Fear of robot cars soars after crashes


Industries such as oil and gas have experienced cyberattacks in the past, notably the Shamoon virus that targeted oil major Saudi Aramco’s computer systems in 2012. These companies have compiled historical data on the threat landscape for better protection.

“For autonomous vehicles there is no existing data on threats,” Mr Verma said. “The sector can prepare well for traditional IT-related threats against identity theft or denial of service but unique threats are likely to pose a major challenge.”

Cybersecurity is shaping the development of autonomous vehicles, analysts say. As hackers get more sophisticated, so do the risks.

Ultimately, automakers have to make certain that demand is adequate to reach commercial scale, vehicles are secure from cyberattack and regulation is ready for self-driving cars, according to a report by Boston Consulting Group. Automakers also have to ensure that uncertainty over liability is resolved, society’s resistance is overcome and certain critical technologies, such as high-precision maps are commercially developed, the report added.

Analysts say the autonomous vehicles industry presents a considerable business opportunity for cyber security companies.

“There’s definitely a lot of room for business,” Mr Hasbini said. “There’s a need to integrate cybersecurity from the initial stage of development to the last detail.”

Capitalising on regional opportunity, the European security, aerospace and defence major Thales is opening a Cyber Hub in Dubai to service the UAE and wider Middle East. With such companies tapping the region, the spread of autonomous vehicles is likely to transform various sectors of the economy.

“Let us assume that they are much safer then humanly piloted vehicles,” Mr Solling said. “They will impact the insurance and health industry, which probably make a significant part of their turnover from automotive accidents and associated treatments.”

Driverless cars could be a major boon to society: reducing the number of lives lost on the road every year, preventing millions of injuries, saving hundreds of hours to work or rest on the road and eliminating the stress of driving that could improve quality of life.

The positive and transformational potential of the technology is difficult to overstate. So it’s essential for governments to think about how to regulate autonomous vehicles well in advance of the technology’s widespread adoption.

Ideally this means promoting safety, cybersecurity and encouraging innovation with governments and companies collaborating closely, analysts say.

An automotive development playground or a “test bed” is needed to serve automakers, and cybersecurity companies, and academic researchers to function as a living lab for all aspects of future mobility systems, Mr Hasbini said.

“If the back end that books vehicles fails, Thursday afternoon will not be pleasant if you cannot get into a car or order food,” Mr Solling said. “We are simply highly dependent on vehicles and have been since humanity invented the wheel.”

Updated: June 2, 2018 06:22 PM