Smart stuff is getting smarter all the time – and the smart car, which strives to eventually take over all functions of the driver, is ground zero for a connected and autonomous future that will eventually be applied to a wide variety of systems and devices. By securing these systems now, and developing methods to ensure vehicles operate the way they are supposed to, we can detect anomalies that could compromise performance and will be able to future-proof their security. This will ensure they remain safe in the face of ahead-of-the-curve security and safety challenges that aren’t even on our radar yet.
There’s a lot to love about autonomous vehicles, from their potential to eliminate distracted driving, a leading cause of road accidents, to their quelling of road rage by making commutes more comfortable by relieving drivers of the need to change lanes, avoid potholes, etc. But, there are many things for us to be concerned about as well–from software glitches to manipulation of an autonomous vehicle by hackers via the communications network, to compromising components by malicious actors at any stage of the manufacturing process.
Those issues are similar to the ones we currently face with advanced systems that utilize network communications in which hackers can infiltrate, or that enable actors to insert malware or rogue components into devices that can compromise safety or security. The difference is that if a hacker strikes, or a software glitch kicks in when an autonomous vehicle is traveling at 60 miles an hour, it may very well mean that the people in that vehicle will not get out of it alive.
Most vulnerabilities in vehicles today are unknown until an attack happens. The pace of software and communications development in autonomous vehicles is so rapid that a security measure developed to deal with today’s threat may become obsolete tomorrow, as new technologies and new tactics by hackers upend them. If we are going to put our trust in the bits and bytes that control the functions of these ever-smarter and more autonomous machines, we need some assurance that they are going to operate as they should–the way we intend for them to operate.
To do that, a mechanism needs to be implemented that ensures the systems in an autonomous vehicle are behaving properly–that the braking system is performing as it should, that the engine control unit’s registers and memory are operating as expected, etc. If anomalous behavior is detected, the assumption would be that something has gone wrong–and an alert would be triggered that will call attention to the threat so it can be assessed.
An anomaly detection system for smart technology would entail installing a supervisory system, whose function would be to check the activities of the autonomous and smart systems controlling vehicles–or any other smart devices or systems–to make sure that they operate properly, even after they leave the factory. That supervisory security system–which has its own control unit with security measures ensuring it hasn’t been tampered with–will ideally check all layers of an autonomous vehicle, including hardware (USB, storage, physical interfaces, etc.), software, communications and sensors.
A multilayer approach like this is essential to detecting anomalies and keeping drivers safe. If a hacker penetrates a vehicle’s communications system, for example, his purpose might not be to take direct control of the steering wheel, but to insert malware into the ECU that will kick in later. If the only thing detected is a small jump in the number of bytes transferred to the vehicle over the network–the malware package itself–that might not catch the attention of an anti-malware system. But, it would get the attention of the supervisory system, which would recognize the anomalous activity in the ECU itself.
The same holds true for any breaches in other layers or components. A clever hacker could bypass firewalls or other security measures, but the point of that would be to make the vehicle act in a way they want it to – often in a very subtle, but decisive manner. The only way to catch that is by examining all layers and components for anomalous behavior. Indeed, one of the lessons of the Internet is that even the most sophisticated anti-virus systems are no match for the innovative hackers who have turned cybercrime into a multi-billion dollar industry. Multilayer anomaly detection is our best approach to securing the technologies of tomorrow.
With smart technology, we are going to become even more dependent on autonomous systems–in vehicles and on many other platforms, from smart homes to smart cities. We can expect clever hackers to work overtime to figure out ways to manipulate these systems as well. And given their track record on network hacking, we sorely need a new approach to ensuring that we can be secure–and safe–when we rely on autonomous technology. With the kind of security that multilayer anomaly protection provides, we can future-proof that technology. With that kind of supervision, we’ll feel more confident that we can rely on the machines to do what we need them to do.