Fast-tracking Automotive Cybersecurity Innovation
While it is hugely positive to see the great strides that the automotive industry continues to make in developing vehicles with increasing levels of connectivity and automation, it is vital that this is met with a diligent approach to managing the according cybersecurity threat. As with all networked computing devices, increased connectivity, after all, often means a greater risk of a cybersecurity attack – which, in the case of systems controlling vehicles or vehicle related systems on busy roads, the consequences could be devastating.
Thus, amid increasing concern around automotive cybersecurity, Dr. Siraj Ahmed Shaikh, Professor of Systems
Security at the Centre for Connected and Autonomous Automated Research (CCAAR) and Director of Research at
the Institute for Future Transport and Cities (IFTC) at Coventry University, examines the fundamental role research
and development will play in meeting this complex future requirement.
Whilst once a distant vision, recent years have seen the journey towards connected and autonomous vehicle (CAV)
deployment gain pace. In the UK alone, last October marked the first demonstration of an autonomous fleet driving in
a “complex urban environment” in London1, shortly followed by the completion of the first test case of using driverless
cars to carry human passengers on Britain’s roads.2
Then in a huge landmark for CAV development, this March saw a pioneering research project into the latest
autonomous vehicle technologies complete a 230-mile self-navigated journey – constituting Britain’s longest and
most complex autonomous car journey to date, covering a multifaceted variety of road types, terrains and
Backed by a determinably ambitious government, which has declared aims to be a global forerunner in the
commercialisation of CAVs and, subject to change in a post-coronavirus climate, the result is some major strides forward in the evolution towards CAV-enabled future mobility.
Yet, amongst other areas, one major, ongoing challenge remains in the development of the accordingly automotive cybersecurity capabilities needed to ensure CAV vehicles will be able to operate safely and securely on UK roads without the risk of being vulnerable to cybersecurity attacks.
The reality, after all, is that as the next generation of CAV vehicles advance to become what has been widely analogised as ‘mobile computers with wheels and an engine’, they will become increasingly exposed to the same cybersecurity attacks seen by any other type of computer. One previous study, for example, found that a team of hackers were able to take remote control of an autonomous vehicle from as little as 12 miles away, and could interfere with everything from the car’s brakes, door locks, dashboard computer screen and other electronically controlled features.3
Looking towards a future of mass CAV deployment on UK roads, the consequences of a cybersecurity attack become much greater; with the potential for hackers to hijack multiple connected cars in order to cause a multi vehicle accident, or worse.
It will come as no surprise then that automotive cybersecurity continues to become a much higher priority within industry and the government, amid growing concern that current understanding and capabilities are far behind that of what will be required to ensure future safe CAV deployment – and thus must be addressed urgently.
Recent years have seen the industry break new ground in its understanding of the role of future automotive cybersecurity needs, driven by a number of major, government-funded collaborative research and development (R&D) projects.
A great example is ResiCAV; the very first project of its kind in the world to bring together industrial, academic and government expertise in order to ascertain how the mobility industry will detect, understand and respond to emerging cybersecurity threats in real-time.
Part-funded by the Centre for Connected and Autonomous Vehicles (CCAV) and supported by Innovate UK and Zenzic, the collaborative project saw numerous industry giants and research bodies come together in a three-month study designed to explore the feasibility of creating a UK Cybersecurity ‘Centre of Excellence’ to detect, understand and respond to emerging cybersecurity threats in real time across the mobility eco-system.
The resulting progressive research not only provided unparalleled insight into this still relatively untapped area and successfully demonstrated the commercial viability for such a ‘Centre of Excellence’ – crucially, it also showcased the very urgent requirement for a national road transport cybersecurity programme in the UK.
Yet this will only be achieved through an industry-wide approach; one that continues to invest in the fundamental research and development needed to drive better understanding, new ways of thinking and ultimately the innovation required to meet the complex challenge of automotive cybersecurity.
Fast-Tracking Future Innovation
When it comes to providing the R&D engine required to develop the type of cybersecurity technologies needed to safely introduce CAVs on public roads, the Centre for Connected and Autonomous Automotive Research (CCAAR) remains in the fast lane on a global scale.
Located on the MIRA Technology Park, the leading Centre consists of an expert team made up of academic staff members and doctoral research students from Coventry University, alongside HORIBA MIRA’s engineering and test team. Hereby, the remit is to enable the next generation to play a vital role in developing intelligent, connected vehicle technologies.
In addition to supporting ResiCAV, this unique, experimental approach to study continues to provide the fresh thinking and underpinning academia needed to fuel a number of industry-leading CAV projects.
One major area of focus, for example, is establishing an automotive cybersecurity testing infrastructure; one that is able to validly test the safety of a vehicle in its entirety, along with its separate subsystems, such as entertainment or power systems, and even go to the granular detail of checking each and every individual component.
At CCAAR we believe this lies in novel thinking; from the transfer of knowledge from other sectors, such as aviation, telecomms and aerospace, through to the creation of truly original testing concepts.
This is seen in the many incredibly progressive PhD students at the Centre who have leveraged the unique access to specialist facilities at HORIBA MIRA, including live testing beds and ‘living laboratory environments’, to produce truly pioneering studies in this field.
Examples from the many students at CCAAR include the proposed development of a systematic tool for testing in-cabin Bluetooth security and the application of Fuzz testing within vehicle systems to help evaluate and reduce vulnerabilities, through to the creation of a systematic security testing approach of Electrical Control Units (ECU) based on the success of an example case used in Over-The-Air software updates.
In all cases, each pioneering concept has been well received by the industry and will go a long way in forming the basis of future practice, however it is important that we have much, much more of it; and from all associated sectors and disciplines.
Conversely, another novel area of understanding we continue to research intensively is the role of drone technology in automotive cybersecurity testing. While still very much underway, our knowledge points to a dynamic future automotive infrastructure which uses drone technology to test cybersecurity; enabling increased fluidity and capability.
This approach could offer multiple benefits; from increased flexibility and enabling greater accessibility, to providing alternative ways to configure testing around a vehicle. It could also offer huge cost saving benefits in greatly reducing the need for manned inspections, or even eliminating them entirely. Most pertinently in the current climate, this approach could also provide a new contactless method of interacting with vehicles in real life, eliminating any risk associated with human interaction as needed.
Again, this remains a concept in its infancy, but it is an important unchartered territory which will not only promote further new ways of thinking and spark discussion, but will, most likely, have some foundation in future practice.
As we look ahead to the task of ensuring the UK takes a global leadership role in its approach to cybersecurity, it is vital that the industrial, academic and government expertise come together in order to progress the fundamental R&D needed to support a truly deliverable approach.
Indeed, it may be a vast and complex challenge, but by taking continual small but significant steps with fresh thinking, new learning and disruptive concepts, we can continue to make increased pace in the journey towards future automotive cybersecurity.
Dr. Siraj Ahmed Shaikh