Government strengthens fight against car hackers with new laws
Legislation requires developers to build in cyber security systems to prevent attackers taking control of autonomous cars
The Government is forcing autonomous vehicle developers to toughen up cyber security in a bid to reduce the chances of hackers taking control.
New legislation requires software developers of driverless or intelligent cars to build in security measures that feature several stages, providing protection against hackers who are trying to access information or even control hardware such as the car’s throttle or brakes.
Such risks are being put at the forefront of new legislation relating to self-driving vehicles in order to prepare for an anticipated influx in the coming decades. The Government wants Britain to be a world leader in the segment, and to this end recently provided £109 million of investment into 38 cutting-edge automotive research and development projects.
However, cyber security experts, such as David Barzilai, founder and chairman of Karamba Security, have warned of the risks associated with fast progress in autonomous technology. In an interview with Autocar last year, Barzilai explained that some cars could enter production with “hundreds of thousands of security risks” if not properly protected.
“As autonomous cars get more sophisticated and as more human functions, such as looking around and steering, move to the car, the danger increases,” he said. “Hackers can hack into a car through its [internet] connected features such as the infotainment, and once in, they can work their way into the rest of the car’s controls.”
Fiat Chrysler Automobiles (FCA) had to recall 1.4 million cars in 2016 due to a security risk that was identified by two researchers who managed to hack into the system of a Jeep Cherokee with the brand’s Uconnect infotainment system. They were able to work their way through the code to eventually take over the dashboard functions, gearbox and even the steering and brakes.
The Government’s new rules are designed to prevent such a scenario arising in the UK, placing pressure on developers and manufacturers to ensure cars make production with no serious risks. It intends to align its cyber security legislation with the recently announced Autonomous and Electric Vehicles Bill.
Transport Minister Lord Callanan said: “Our cars are becoming smarter and self-driving technology will revolutionise the way in which we travel. Risks of people hacking into the technology might be low, but we must make sure the public is protected. Whether we’re turning vehicles into wi-fi-connected hotspots or equipping them with millions of lines of code to become fully automated, it’s important that they are protected against cyber attacks.”
Mike Hawes, chief executive of the Society of Motor Manufacturers & Traders (SMMT), emphasised the importance of this legislation in ensuring Britain can compete with the world’s fastest-paced autonomous vehicle markets.
He said: “These [autonomous] vehicles will transform our roads and society, dramatically reducing accidents and saving thousands of lives. A consistent set of guidelines is an important step towards ensuring the UK can be among the first – and safest – of international markets to grasp the benefits of this exciting new technology.”
Several manufacturers are in the race to produce the market’s first fully autonomous production vehicles. Audi looks on course to produce the first level-three autonomous car when its new A8 launches later this year. The car is capable of taking complete control on certain roads, such as motorways, but the driver will have to be ready to take back control within a certain amount of time, meaning they can’t be fully removed from the scenario.
BMW plans to launch a near-fully autonomous vehicle named the iNext in 2021. The brand said it will be capable of level 3.5 autonomy, meaning it can drive itself in almost all road scenarios, but a driver will still be required to take control should any issues arise.
Source: Autocar Online