For many people, the vision of a world of driverless cars represents a commuter’s utopia, and for good reason. Commuting is costly, not only in terms of time and money but in terms of stress-related illnesses. Despite the fact that people have adapted to hurtling through space at 70 miles per hour while avoiding a potentially deadly crash, traffic is anything but relaxing. Just the idea of a car expertly programmed to detect and respond instantly to hazardous road conditions and the erratic behavior of all those other drivers is enough to lower a commuter’s blood pressure considerably. (Our own driving is, of course, always impeccable.) Driverless cars could also make it possible for people to give one another the increasingly rare gift of their undivided attention while traveling.
Any dream of utopia contains within it the potential for the creation of a nightmarish dystopia, and a world of driverless cars is no exception. The number of deaths and injuries resulting from crashes caused by human error could be greatly reduced. However, the number of deaths and injuries caused by deliberate human actions, such as hacking the computer systems of driverless cars, could increase. It isn’t hard to imagine the horror of a driverless car being hijacked and used to drive into a crowded building or cause a multi-car pile-up on a busy interstate highway. One article describes an experiment in which hackers demonstrated, under controlled conditions, how just such a scenario would be possible.
IT experts are the first line of defense of our collective vision of a driverless utopia. Recently, the Cloud Security Alliance published a detailed report identifying 20 potential cyber-security threats to connected vehicle systems, including driverless cars. Many of those threats are vulnerabilities caused by the very things that have helped make commutes if not more enjoyable, at least more bearable. Those potential security loopholes include onboard diagnostic ports used for vehicle maintenance, USB ports, Wi-fi, Bluetooth, and entertainment devices that utilize internet connectivity.
Electronic vehicles depend on a CAN (Controller Area Network) message bus that allows communication between devices. The CAN bus was designed as a closed network without security features. According to the report, “An unauthorized party that gains access to the bus can block legitimate messages and transmit illegitimate ones.” Keyless entry systems and the Amazon Echo, which can start a vehicle remotely, also present potential security concerns. That’s why the group recommends that separate CAN buses be used for critical safety features such as braking and lane detection systems.
Brian Russell, the chairman of the alliance’s IoT Working Group, stresses the importance of developing operational designs that “incorporate security throughout the development”. He also recommends using the Department of Transportation’s Connected Vehicle Reference Implementation Architecture as a design guide. Its protocols apply security measures to the enterprise, functional, physical and communications elements of connected driverless systems. Vehicles communicate with one another using both established infrastructure and a DSRC (Dedicated Short Range Communication). The DSRC assigns each message a digital certificate which prevents tampering. To keep out intruders, third party devices should only access a vehicle’s Bluetooth system using the mutual recognition and authentication of Bluetooth Low Energy.
In addition to high-tech security measures being designed and implemented, societies will require a whole new set of laws to successfully integrate driverless technology. That doesn’t just include traffic and insurance laws, but privacy laws. The amount of personal information collected by driverless technology is rivaled only by the amount collected by Facebook. Like Facebook, those who wish to utilize driverless technology may have to sign agreements too lengthy and complicated to read and understand without the expert assistance of a legal professional. In 2015, a class-action lawsuit was filed against Toyota Motor Corp., Ford Motor Co., and General Motors LLC, alleging fraud, false advertising, and violations of consumer protection laws. While the district court dismissed the complaint, the Electronic Privacy Information Center (EPIC) has filed a brief requesting that the dismissal is reversed.
It Takes a Global IT Village
Creating a commuter’s utopia in which drivers can enjoy all the benefits of driverless technology is an achievable goal. With the right security measures, it will become possible for elderly to retain their travel independence and for the young to increase theirs. Parents will be able to spend less time chauffeuring and more time parenting. Workers will be able to spend less energy commuting and more time and energy to enjoy the fruits of their labors. The phrases “fighting traffic” and “road rage” will disappear from our daily lexicon, making room for more interesting, and pleasant, topics of conversation.
IT professionals worldwide are working overtime to make a world of driverless cars a dream come true. The internet has revealed the degree to which we are all interconnected. That connectivity has the potential to significantly improve the quality of our lives. It also has the potential to expose us to greater danger. That’s why programmers and app developers, whether employed by a private enterprise or governmental organizations, must work together to prevent that dream from becoming a nightmare.