Autonomous vehicles (AV) come with all sorts of next-generation technologies under the hood, all of which generate data: These include GPS for navigation, biometric systems for the central locking, Bluetooth for infotainment, telematics for vehicle-to- Everything communication, Light Detection, and Ranging (LiDAR) to detect obstacles, artificial intelligence (AI) to regulate speed and predictive analytics to manage battery swaps, and cloud-hosted software systems.
The integration of digital technologies allows autonomous vehicles to “see” roads and signals, recognize traffic status, choose the optimal route to a given destination, and at the same time regulate the internal climate control system. The autonomous vehicle interacts with various end devices, networks, and data systems to make intelligent decisions on the road. In addition, many car manufacturers use machine learning (ML) models for training autonomous systems and increasing their efficiency.
The Price Of Comfort
Driverless cars rely on connectivity and data to make automated decisions and provide a comfortable experience for passengers. However, this autonomy comes at a price: the vehicles are a rolling cybersecurity risk. Current figures confirm this: According to a study by Upstream for the automotive industry, cybersecurity incidents have increased by 94 percent annually since 2016 (in each case compared to the previous year).
Another study by the European Union Agency for Cybersecurity (ENISA) and the Joint Research Center (JRC) divides the cybersecurity risks in AVs into unintentional and intentional software and hardware vulnerabilities. Premeditated threats target Electronic Control Units (ECUs), including embedded software and computerized systems for various modules. The functions of the control units range from distance control and parking assistance to powertrain control and lane departure warning. The CAN bus protocol (Controller Area Network) enables the control units to exchange data. While this ensures that subsystems function smoothly, the ECUs and the CAN are vulnerable to cyber-attacks.
Hackers take advantage of this: They rely on Bluetooth or USB carrier devices and code injection techniques to penetrate ECUs, the CAN bus, and OEM networks. For example, malicious code can be sent to the anti-theft system or tire pressure gauge. Incorrect commands transmitted to the CAN bus then disrupt the sensors, leading to malfunctions or stalling of autonomous driving. Hackers can also upload malware into OEM software to propagate false readings during over-the-air (OTA) updates. Threat actors thus have the opportunity to remotely manipulate central file systems and, for example, deactivate the GPS. In the worst case, even ransomware attacks are possible. In the process, hackers take control of the AV,
It is also possible that suboptimal design of AI systems, insufficient training of ML models, and faulty hardware integration lead to unintended malfunctions in connected vehicles. Incorrect sensor readings and incorrect interpretation of messages also undermine critical systems. The consequences of a cyber attack are the loss of personal data, including the location or financial data and other protected data. Noting the vulnerability of intelligent vehicles, regulators are asking European manufacturers and suppliers to improve their cybersecurity risk management.
Safety Comes First
‘Secure by Design’ is a requirement built into self-driving technology to protect the safety and privacy of vehicles and owners. Manufacturers should therefore integrate advanced cybersecurity measures into the product design. Intentional attacks, technical manipulations of AI systems, and unintentional AI and ML vulnerabilities can be reduced in this way.
Integrating cybersecurity solutions into design and development flows helps designers, AI developers, and third parties better address challenges across the data chain. Manufacturers ensure application code integrity by using digital tools to detect vulnerabilities, prevent unauthorized access to source code, and thwart malicious attacks on critical systems such as the CAN bus. Alert mechanisms can be built into the code to avoid the disruption of communication channels, changes to licensed software, and data tampering.
A “Secure by Design” approach creates an ecosystem that fully exploits the potential of autonomous locomotion. However, adequate safety testing at the design stage is uncommon in the automotive industry. One of the reasons for this vulnerability is a lack of in-house cybersecurity expertise. Software development is not one of the core competencies of manufacturers. Still, the introduction of connected vehicles requires a team of data scientists, communication technology experts, AI developers, ML modelers, and data analysts.
Cooperation With Technology Service Providers
Working with technology service providers enables OEMs to leverage multidisciplinary talent to develop cyber-resilient AVs. These companies apply multi-pronged strategies for comprehensive cybersecurity throughout the product lifecycle and improve the design phase by creating reverse engineering test benches.
Digital solutions for security threat assessment and data risk analysis identify, analyze and remediate vulnerabilities. Likewise, advanced access management protects command files with robust authorization methods for access or modification. Data encryption and anonymization ensure data integrity and data protection. In addition, the algorithms used for risk assessment and mitigation are validated by simulating attack scenarios.
OEMs can partner with Managed Security Operations Centers to improve risk management. The centers use AI-driven security solutions to continuously monitor the health of AV fleets and the OEM network. Managed services teams also establish processes for handling cybersecurity incidents and risk-based prioritization to minimize the impact of a security breach. Predictive analytics and regular security risk assessments empower teams to instantly detect anomalies and broken communications—caused by infected data or AI components, including OTA files. In addition, routine security checks of AI services onboard help identify weaknesses or errors in programs. This accelerates the development of security patches for potential AI risks and emerging threats and their implementation via OTA update. A patch security repository serves as a feedback loop for training ML models and updating AI systems.
Cars are becoming smarter with embedded connectivity and artificial intelligence, and cybersecurity regulations across the European Union are becoming stricter. Autonomous vehicles must be designed for fuel efficiency, driving comfort, and passenger safety and privacy.
Also Read: Augmented Reality In The Car