Navigant Research Blog

Cyber Security Is Imperative Before Deploying Autonomous Vehicles

— September 1, 2016

Connected VehiclesAugust 2016 brought a flurry of autonomous driving announcements from Delphi, nuTonomy, Ford, Velodyne, Volvo, Uber, Quanergy, and others. News about developments and deployment plans for self-driving vehicles came almost daily. A common thread was that the vehicles will be used as part of autonomous mobility on-demand (AMOD) services that require connectivity in addition to onboard sensing to function. However, something equally (if not more) important to implement before deploying any of these vehicles is beefing up the cyber security.

As the automotive world has raced over the last few years to transform itself into a mobility business, cyber security experts of both the white and black hat variety have also been advancing their own capabilities. In parallel with that, we’ve seen the launch of numerous startups focused on securing increasingly sophisticated vehicles from bad actors, including several based in Israel. Among them are Karamba Security, Argus Cyber Security, and TowerSec.

Hardened Telematics

With external connection points through telematics being the obvious starting point for any malicious attacker trying to infiltrate a vehicle, that’s also the first surface that needs to be hardened. “To provide protection, we have to think like hackers,” said David Barzilai, chairman and co-founder of Karamba. “There are two primary ways to hack a system like this, dropping malicious binary code into the electronic control unit [ECU] or in-memory attacks while the system is running.”

The so-called code-dropper approach involves rewriting some of the code that resides in the flash storage of an ECU with malicious code designed to do something never intended by the manufacturer. Karamba has devised an approach to prevent this that is very straightforward for the software engineers at an automaker to implement without having to change any of their own code.

When building binary files that ultimately get loaded into the ECU, the scripts include calls to the Karamba system to automatically include some of that company’s code. Karamba generates hashes (an encrypted alphanumeric string that uniquely represents the contents of a file) of all the factory binary files which are included. If someone tries to reprogram an ECU with a binary that doesn’t match the hash, it will be rejected.

In-Memory Attacks

Even if the original programming remains intact, in-memory attacks remain the most common attack vector. Control instructions and data get moved from the static flash storage to dynamic memory in order to run in real time. If an attacker manages to inject deliberately corrupted data into a memory address, it is possible to send the control flow off to an instruction never intended by the designers of the system. This is the sort of attack that can enable someone connecting through a vehicle’s telematics system to take control of safety-critical systems like the throttle, brakes, or steering.

Some security providers use heuristic analysis to look for anomalous behavior in real time and stop the activity. This approach creates rules with weighting and probability to detect anomalies based on previously unknown attacks and is utilized by most computer anti-malware programs. Since the in-vehicle electronics should never be running random unknown programs like a computer or smartphone, Karamba has taken a deterministic approach. During the software build, they analyze and map every possible instruction control flow. In the vehicle, any instruction call that doesn’t match the flow map immediately gets discarded, an approach that should not result in any false positives.

Navigant Research’s Autonomous Vehicles report projects that nearly 5 million autonomous vehicles will be sold in 2025, growing to more than 40 million in 2030. Harnessing the safety benefits of this technology requires every vehicle to be secure and resilient against cyber attacks.

 

Ford Sets a Date for Its Autonomous Vehicle Future

— August 19, 2016

Connected VehiclesOn August 16, Ford held a press conference to announce its plan to launch a fully autonomous vehicle in 2021. Even though the response at the live event was strangely unenthusiastic, there were a number of points that were important for the future of autonomous vehicles and the automotive industry in general.

The headline news was that in 2021, Ford intends to launch a Level 4 (SAE Standard J3016) fully autonomous vehicle. To clarify the nature of the car, CEO Mark Fields made it clear that it would not have a steering wheel or control pedals, even though last year Ford said it had no plans to sell wheeled pods in which people are merely along for the ride.

The company also said that it would be several years after 2021 before individuals can buy it; it is aimed at carsharing and ridesharing fleet operators. Ford Smart Mobility LLC may become one of the first customers. Ford and GM are already piloting their own systems on shuttles for their employees, as noted in a blog earlier this year by my colleague Sam Abuelsamid.

Skipping a Step

Ford also said it would continue to develop and improve its driver assistance features up to Level 2 (partial automation), but it would not be introducing any vehicles with Level 3 (conditional automation) because company researchers had concluded that there was no safe way to ensure that drivers would remain alert enough to resume control in an emergency after an extended period of automated driving. Ford vehicles in the future will either have a range of assistance features or be driverless.

This is a change from the gradual automation theme that has prevailed in the industry until now, although Ford has been saying for the past year that it doesn’t believe that Level 3 is viable. Solving the Level 3 handover issue has been an important topic at recent technical conferences, and Ford has now confirmed its position. While most other OEMs have been working on Level 3, many are now coming around to the idea that the Level 2 to 4 jump is inevitable.

Although convenience and mobility were the focus of the announcement, Ford also acknowledged that safety is a big part of the reason to promote more driver assistance and eventually fully autonomous vehicles. Providing mobility to those without access today, such as the elderly and infirm, was another of the high-level goals. There are also potential opportunities in local package delivery.

Future Investments

Also included in the press announcement were investments in a series of companies providing key pieces of the future autonomous vehicle:

  • Velodyne: A supplier of lidar sensors
  • SAIPS: An Israel-based computer vision and machine learning company
  • Nirenberg Neuroscience: A machine vision platform for performing navigation and object recognition
  • Civil Maps: A provider of high-resolution 3D mapping capabilities

However, Ford made it clear that it was not interested in simply installing autonomous driving software developed elsewhere. It sees its future as a system integrator and will keep most of the development and integration roles in-house.

When asked about powertrain for this new vehicle, Ford said that it would leverage one of its global platforms, but would not confirm whether it would be all-electric or not. The company noted that it has experience with hybrid drive as well as electric and the powertrain has not yet been chosen.

Ford intends to expand from being primarily a vehicle manufacturer to become a mobility company and has drafted a timeline for this shift. This aligns with Navigant Research’s Transportation Outlook white paper that was published in early 2016, and the timing validates the forecasts in our Autonomous Vehicle reports. It will be interesting to see how other OEMs react.

 

Progress on Automotive Cyber Security, but Still Much to Do

— August 8, 2016

CarsharingWhen I joined Navigant Research two years ago, I sat down on my first day and wrote a post on this blog about automotive cyber security. At that point, most of the industry was still largely refusing to acknowledge that cyber security was even something to be concerned about. Things have changed quite dramatically since then, but there is still a long way to go, as recent news shows.

All of the major automakers except for Tesla have come together to establish the Automotive Information Sharing and Analysis Center (Auto-ISAC). Like ISACs in other industries, the Auto-ISAC provides a mechanism for manufacturers to share non-competitive information about security threats and collaborate on understanding and correcting these vulnerabilities. Since the Auto-ISAC started operations at the end of 2015, it has also begun to add suppliers to its member ranks.

Developing Best Practices

At the recent Billington Automotive Cybersecurity summit in Detroit, the Auto-ISAC announced the development of a set of cyber security best practices for the industry. Industry executives and regulators—including General Motors CEO Mary Barra, National Highway Traffic Safety Administration director Mark Rosekind, and Secretary of Transportation Anthony Foxx—discussed the importance of designing for cyber security and what is being done to address threats.

In August of 2014, Tesla was taking the lead on hiring white hat hackers to work on security from inside, and other companies are now doing the same. Tesla, GM, and Fiat Chrysler Automobiles have all established responsible disclosure programs that provide a means for researchers to submit information about vulnerabilities they have discovered.

A pair of Silicon Valley startups, HackerOne and Bugcrowd, have developed platforms for submission and vetting of vulnerability disclosures that are used by these automakers as well as dozens of other technology companies. Bugcrowd has also developed a reputation system for researchers that submit vulnerability information and works with client companies to select groups of white hat hackers to conduct pre-release testing on new products.

Numerous startups including Karamba Security, Argus Cyber Security, and TowerSec have popped up in recent years to develop both hardware and software solutions to help detect and stop intrusions from malicious attackers. Since everyone familiar with cyber security acknowledges that no complex system can ever be guaranteed as secure, manufacturers are also working on resilience to keep vehicles safe in the event of an attack and be able to update them quickly after vulnerabilities are found.

Navigant Research’s Automotive Cyber Security report projects that by 2025, more than 45 million vehicles annually will have telematics capabilities that enable over-the-air software updates, just as Tesla does today on its vehicles.

Vulnerabilities Continue

Despite the progress, recent news shows that there is still much work to be done on existing vehicles. In Houston, Texas, a pair of car thieves have been arrested after stealing 30 Jeeps in 6 months by hacking the vehicles’ ignition systems with a computer. Charlie Miller and Chris Valasek have again hacked a vehicle, taking control of the steering and brakes. After FCA corrected the vulnerability that enabled last year’s remote hack, they connected a computer through the onboard diagnostic port this time.

Yet another group of researchers have even demonstrated how a signal generator could be used to provide false reflections and fool the radar sensor of a Tesla with its AutoPilot driver assist active.

There will be undoubtedly be many more such demonstrations in the coming years as vehicles get more sensors, more connectivity, and more automation. From here on out, the industry can no longer afford to relax and will have to remain vigilant and ready to respond quickly to threats. Fortunately, they seem to be doing just that.

 

Autonomous Vehicles and Keeping Pets Safe on the Road

— July 1, 2016

Electric Vehicle 2With the Fourth of July rapidly approaching, Americans everywhere are revisiting their version of the American Dream. The traditional American Dream can be quantified: 2.5 children, one house, two green lawns, one cat, one dog, and one to two cars.

Recent developments have made this dream change somewhat. The tiny house movement has driven some household footprints to 500 square feet and smaller. Lawns go unwatered thanks to drought and water conservation efforts. Cars are increasingly technologically advanced—everything from alternative powertrains and carsharing programs to autonomous driving. In fact, Navigant Research forecasts that carsharing programs will grow sixfold by 2024. It seems the only things that haven’t changed are the nuclear family’s propensity toward having pets. So how does Fido fit into the New American Dream? It turns out that the answer may be in the increased protective services of self-driving cars.

Autonomous vehicles are rapidly becoming a divisive subject. There are people who are absolutely gung-ho about the idea, promising to never touch a gas pedal again as soon as the vehicles are available to the public. On the other side are those who would never entrust something as difficult and variable as driving to the mind of a machine. However, there is no denying the fact that human drivers are a massive risk on the road. Of the 20 accidents in which Google cars have been involved, only one was caused by the autonomous vehicle. The rest? All caused by the carelessness of distracted and slow-reacting human drivers. Human-caused car accidents are a threat to lives, human and animal alike.

Keeping People (and Pets) Safe

In 2014, Tesla Motors posted a parody article for April Fool’s day, claiming that pet-driven cars are safer than autonomous vehicles. The best-driving pet was voted to be the goldfish. This was due to their calm, meticulous nature, and having no propensity to drive off cliffs (as cats do) or drive the car after squirrels (credit: dogs). Computers are in many ways like goldfish in these capacities: they are inherently unbiased except as designed in their programming, require minimum feeding, and display a calm and calculating decision-making ability. Fortunately, computers also have a memory longer than 30 seconds.

It is ridiculous to think of vehicles being driven by our furry and scaly companions rather than by complex algorithms, because self-driving cars do present many potential benefits for our many-legged friends. By reducing the number of all types of accidents and collisions, the number of pet injuries and deaths due to cars is also greatly reduced. In the United States, around 1.2 million dogs and 5.4 million cats are killed on the roads every year. In addition, distracted driving was the cause of 5,474 human deaths and 448,000 injuries in 2009. It is difficult to say precisely how many of these distractions were due to pets in the car, but pets are counted among other distractions to drivers, a category encompassing disruptive passengers, misbehaving children, and drivers that put on makeup or read in the car. While a human or their furry companion can become distracted from the road, autonomous vehicles are solely focused on the task of safely navigating the roads and avoiding collisions with vehicles, people, and other mammals.

The American Dream has certainly changed, but autonomous vehicles are doing their part to protect us and our animal companions. Aside from shooting off fireworks while grilling hamburgers on the hood, there is nothing a vehicle could do to be more American.

 

Blog Articles

Most Recent

By Date

Tags

Clean Transportation, Digital Utility Strategies, Electric Vehicles, Energy Technologies, Policy & Regulation, Renewable Energy, Smart Energy Practice, Smart Energy Program, Transportation Efficiencies, Utility Transformations

By Author


{"userID":"","pageName":"Fuel Efficiency and Emerging Technologies","path":"\/tag\/fuel-ffficiency-and-emerging-technologies?page=2","date":"2\/21\/2018"}