CybersecurityThreat identification tool addresses cybersecurity in self-driving cars
Instead of taking you home from work, your self-driving car delivers you to a desolate road, where it pulls off on the shoulder and stops. You call your vehicle to pick you up from a store and instead you get a text message: Send $100 worth of Bitcoin to this account and it’ll be right over. You buckle your seatbelt and set your destination to a doctor’s appointment, but your car won’t leave your driveway because it senses it’s been hacked. These three hypothetical scenarios illustrate the breadth of the cybersecurity challenges that must be overcome before autonomous and connected vehicles can be widely adopted. While every new generation of auto tech brings new security risks, the vulnerabilities that come along with advanced mobility are both unprecedented and under-studied, the paper states.
Instead of taking you home from work, your self-driving car delivers you to a desolate road, where it pulls off on the shoulder and stops.
You call your vehicle to pick you up from a store and instead you get a text message: Send $100 worth of Bitcoin to this account and it’ll be right over.
You buckle your seatbelt and set your destination to a doctor’s appointment, but your car won’t leave your driveway. It senses it’s been hacked and your home is its pre-programmed safe destination.
These three hypothetical scenarios—posited in a new white paper by University of Michigan researchers working with Mcity—illustrate the breadth of the cybersecurity challenges that must be overcome before autonomous and connected vehicles can be widely adopted. While every new generation of auto tech brings new security risks, the vulnerabilities that come along with advanced mobility are both unprecedented and under-studied, the paper states.
U-M says that the white paper introduces a tool called the Mcity Threat Identification Model, which could help academic and industry researchers analyze the likelihood and severity of potential threats. The new model outlines a framework for considering: the attacker’s skill level and motivation; the vulnerable vehicle system components; the ways in which an attack could be achieved; and the repercussions, including for privacy, safety and financial loss.
The tool is believed to be the first of its kind focused on automated vehicles. Mcity, led by U-M, is the nation’s largest public-private partnership working to advance connected and automated mobility.
Understanding the threats
“Cybersecurity is an overlooked area of research in the development of autonomous vehicles,” said Andre Weimerskirch, lead author of the paper, who leads Mcity’s cybersecurity working group and is also vice president of cybersecurity for Lear Corp. “Our tool marks not only an important early step in solving these problems, but also presents a blueprint to effectively identify and analyze cybersecurity threats and create effective approaches to make autonomous vehicle systems safe and secure.”
