The self-driving car is not a new concept. From the Batmobile to KITT, Hollywood has given us smart cars that fight crime, have witty banter with their drivers and even possess medical scanners. As rosy as this all sounds, on the flip-side Stephen King gave us “Christine” – a self-driving, self-aware 1958 Plymouth Fury with a serious mean streak.

While it is unlikely that self-driving cars will begin acting out on their own, it is possible that hackers could exploit a smart car’s lack of any real cybersecurity, thus transforming an otherwise helpful “KITT” into a dangerous “Christine.”

The 2017 Autotrader report revealed that 49 percent of respondents would give up driving/control in exchange for free time or not watching the road, this is up from 35 percent in 2016.

Self-driving Cars Spark Fear in Many

Smart car manufacturers have data showing that human error is a component in more than 90% of traffic accidents. Transitioning to driverless cars has the potential to make the road safer for every one.

Along with improved safety, who wouldn’t love having a personal chauffer on hand? Instead of dealing with a typical nightmarish commute, people would arrive at their destinations faster and happier. Why bother dealing with traffic when you could be working, reading a book or napping?

What’s not to like about all of this? Well, it turns out people get pretty edgy when human decision-making is left on the curb.

In 2016, J.D. Power’s U.S. Tech Choice Study showed only 41 percent of Generation X, 23 percent of Baby Boomers and 18 percent of Pre-Boomers trust self-driving technology. Add to that, 39 percent of Boomers and 40 percent of Pre-Boomers say they “definitely would NOT” trust self-driving cars.

Additionally, Michael Sivak and Brandon Schottel, both researchers at the University of Michigan, completed a study in 2016 called “Would-Self Driving Vehicles Increase Occupant Productivity?” It found that the whole idea of people being productive instead of watching the road wasn’t going to become reality overnight. 23 percent of people surveyed said they would never drive a self-driving car. Another 36 percent said they would be so nervous about it that they would spend the entire time watching the road. An additional 3 percent said they would probably get motion sick.

However, it does look like attitudes are beginning to warm toward self-driving cars as people become more familiar with the technology. The 2017 Autotrader report revealed that 49 percent of respondents would give up driving/control in exchange for free time or not watching the road, this is up from 35 percent in 2016. When it comes to the younger generation the numbers are even more promising with 58 percent of Millennials viewing self-driving cars favorably.

With companies like Uber, Tesla and Google rolling out self-driving cars, people are certainly becoming more accustomed to and accepting of the technology. However, a large hurdle still remains; the lack of cybersecurity.

“It is a matter of public safety. How are automakers working to ensure that malicious actors do not take remote control of self-driving cars and, say, turn them into weapons of terror?”

Mary Barra – CEO General Motors

The Cybersecurity Risk of Self-Driving Cars

Business Insider predicts that by 2020, ten million self-driving cars will be on the road. With this technology seeing immense growth over the next few years, organizations and experts are beginning to sound the alarm, raising concerns that the cybersecurity component is being left behind.

“A cyber incident is a problem for every automaker in the world,” General Motors CEO Mary Barra said in a speech last year. “It is a matter of public safety. How are automakers working to ensure that malicious actors do not take remote control of self-driving cars and, say, turn them into weapons of terror?”

These vulnerabilities shouldn’t come as a surprise. About five years ago researchers at the University of California San Diego published a series of papers, which showed how hackers could activate the breaks of a car while the car was in motion.

Additionally, in 2015, security researches Chris Miller and Chris Valasek wirelessly hacked a Jeep andtook over dashboard functions, steering, transmission and breaks. As a result, Chrysler issued a formal recall for 1.4 million vehicles that could be affected by the hackable software vulnerability. Owners were sent a USB drive with a software update that they were instructed to install.

Individual safety is not the only concern, ransomware attacks on self-driving trucks could be used to disable entire fleets, disrupting important delivery schedules or exposing sensitive commercial details.

“These (trucking) companies need to start looking at computer security as a potential safety issue like they look at making sure air bags work properly,” said Yelizaveta Burakov, a University of Michigan researcher who hacked into heavy vehicles to change gauge settings, brake operations and acceleration controls. “It all needs to go into the same level of priority.”

“Our cars will communicate with the outside world only when they truly need to, so there will not be a continuous line that is able to be hacked, going into the car.”

John Krafcik – CEO Waymo, Google’s driver-less vehicle division

Google Takes Its Self-Driving Cars Offiline Citing Cybersecurity Concerns

Observing that other self-driving cars manufacturers, such as Nissan and Chrysler, have already fallen victim to cyber-attacks Google has decided to keep its self-driving car off-line for the majority of the time.

The technology giant is concerned that as vehicles are built with ever more connected technology, the risk of getting hacked will only increase.

“Our cars will communicate with the outside world only when they truly need to, so there will not be a continuous line that is able to be hacked, going into the car,” said John Krafcik, CEO of Waymo, Google’s driver-less vehicle division, in an interview with the Financial Times.

“Cybersecurity,and keeping ahead of all of these types of bad guys is going to be one of the toughest problems the auto industry will have to face.”

Jack Gillis – Director of Public Affairs for the Consumer Federation of America

Government Weighs in on Lack of Cybersecurity for Self-driving Cars

In the beginning of 2016, the FBI was concerned enough to issue a public service announcement in partnership with the Department of Transportation and the National Highway Traffic and Safety Administration. The announcement warned the public of possible internet attacks on vehicles.

Toward the end of 2016, federal officials had published a set of 15 autonomous vehicle guidelines known as the Vehicle Performance Guidance for Automated Vehicles. These recommendations cover various issues faced by self-driving vehicle manufacturers, including cybersecurity.

“Our concern is whether or not government oversight and regulation to insure cybersecurity on a number of fronts can keep up with the rapid roll-out of new technologies and the autonomous vehicle,” said Jack Gillis, director of public affairs for the Consumer Federation of America. “Cybersecurity, and keeping ahead of all of these types of bad guys is going to be one of the toughest problems the auto industry will have to face.”

Additionally, the House has plans to collaborate with the Senate in order to pass a number of bills this year that are focused on the self-driving car industry.

“Throughout the year, the committee will work with our colleagues in the Senate, industry leaders, and safety advocates to advance a number of bills that will prioritize safety and build consumer confidence in self-driving cars,” wrote Rep. Bob Latta, head of the Energy and Commerce Subcommittee on Digital Commerce and Consumer Protection, in an emailed statement to Morning Consult.

Rep. Latta also stated that the subcommittee plans to examine the full potential of self-driving cars along with state laws for driverless cars and the cybersecurity risks that go hand-in-hand with the technology.

While self-driving cars come with a host of benefits, true cybersecurity will become only more critical as driverless cars become standard.

If you are looking to secure your organization’s data and IoT connected devices while gaining protection against ransomware, phishing attacks and insider threats, contact us today.