Experts have warned the UK government to ensure its newly announced consultation into self-driving technologies fully takes into account the cybersecurity risks associated with connected cars.
The transport secretary Patrick McLoughlin and business secretary Sajid David formally announced the consultation on Monday, claiming proposed new rules would allow for automated vehicles to be insured for use on public roads, and that the Highway code and related rules must also be updated.
The government claimed that cars with advanced driver assistance features to help with remote control parking and “motorway assist” would be on sale in the UK in the next two to four years, while fully automated vehicles could be on the roads by the mid-2020s.
The consultation will last for nine weeks with the proposed changes to insurance set to be included in the Modern Transport Bill.
Intel Security director of government relations, Gordon Morrison, argued in a statement that he hoped the consultation would also provide a platform to explore autonomous vehicle security.
“It is crucial that in its pursuit of innovation, the government doesn’t neglect the security essentials which will guarantee not only the success of these new technologies, but also the safety of its users,” he added.
“With security researchers demonstrating the potential for hacking driverless cars, for example when a Jeep was remotely stopped on an American highway, the government must ensure that, as part of its innovative work with the automotive industry, cybersecurity remains a top priority.”
That hack, demonstrated at Black Hat last year, enabled researchers Charlie Miller and Chris Valasek to move laterally inside the embedded computing systems of a 2014 Jeep Cherokee and modify key firmware to remotely control functions such as the steering and brakes.
Although it took years for the duo to complete their research, it should still act as a warning to automobile manufacturers of the potential risks involved in connected cars – risks which may multiply as vehicles are fitted with even more hi-tech kit.
As if to highlight the dangers associated with such technologies, a Tesla driver died in May whilst cruising on Autopilot after a white tractor trailer drove across the vehicle.
“Neither Autopilot nor the driver noticed the white side of the tractor trailer against a brightly lit sky, so the brake was not applied,” Tesla explained in a blog post.
Veracode principal solution architect, John Smith, referenced a recent IDC report which claimed there could be a lag of up to three years before car security systems are protected from hackers.
“With over 200 million lines of code in today’s connected car, not to mention smartphone apps linked to the car, we must ensure they are developed with security at the heart of the strategy, rather than as an afterthought,” he added.