The talk of self-driving cars is endless, and it seems manufacturers and the tech industry want to automate our road networks as soon as possible.
One thing we don’t hear as much about, though, is cybersecurity and the likelihood of attacks on Intelligent Transportation Systems (ITS).
BI Intelligence data predicts that by 2021 a staggering 82% of cars shipped will be ‘connected’, highlighting the immediate need for cybersecurity frameworks.
A recent Trend Micro report, ‘Cyberattacks Against Intelligent Transportation Systems’, highlights the importance of prioritising the prevention of cyberattacks as ITS is adopted around the world.
“By identifying and addressing the cybersecurity risks faced by ITS in the early development stages, we have the opportunity to influence both legislative and technological developments in ITS, which is the goal of this research paper.”
The report discusses a number of cyber threats that face ITS, from attacks denying the flow of data through to disruption of functions and services.
In 2015 tech magazine WIRED worked alongside researchers demonstrating how to perform a hack of a Jeep Cherokee while it was in motion, prompting an initial recall of 1.4 million vehicles and later a further 7,810 vehicles.
The hack, which as the video below details, was implemented from approximately 16km away while WIRED writer Andy Greenberg was travelling at 110km/h.
This was an alarming demonstration of the vulnerabilities internet-connected vehicles face, one that prompted the tech world to put their heads together to find solutions.
Shortly after the Jeep recalls, tech giant Intel established the Automotive Security Board (ASRB) to innovate the automotive cybersecurity industry and reduce the risks associated with connected vehicle technology.
The ASRB set out with plans to test and audit connected vehicles for security flaws, as well as develop best practices in the automotive security space.
The recent Trend Micro report highlights similar issues, focusing on the entire ITS ecosystem rather than just the vehicles.
This means roadway reporting systems, traffic flow controls, payment systems, and overall communications between vehicles and infrastructure.
Trend Micro senior security architect Dr Jon Oliver says ITS cybersecurity is crucial, citing an incident earlier this year involving hacked speed cameras in Victoria.
“In today’s connected world of smart devices and ever-increasing volumes of disruptive and destructive cyberattacks, ITS cybersecurity is mandatory and should be considered a fundamental pillar in ITS architectures and frameworks,” he says.
“Earlier this year, we already saw the WannaCry ransomware infecting speed cameras in Victoria.
“Adding security to an existing solution is always more difficult and costly than building that security from day one.
“We recommend that the people building ITS systems look into policies and methods so that security can be built into ITS systems in a cost-effective way from its infancy in Australia.”
Combatting cyber-attacks is an issue governments, manufacturers and the tech industry are coming together to proactively tackle as automation progresses.
The National Transport Commission (NTC), an inter-governmental agency in Australia charged with improving transport systems, is aiming to stay one step ahead with a number of autonomy-related projects currently on the go.
An end-to-end regulatory framework for ITS in Australia is the NTC’s primary focus, and one of the key projects aims to tackle the security of connected vehicles.
“The NTC has been tasked with delivering an end-to-end regulatory framework that ultimately paves the way for the commercial deployment of connected and automated vehicles within Australia from 2020,” an NTC spokesperson told Owner//Driver.
“We are on track to achieve this objective, although there is still a great deal of work to be done to ensure all the critical aspects, and various intricacies, are contemplated.
“To achieve this we are working closely with other agencies and a broad range of key stakeholders, both within Australia, and internationally, who can provide expert advice on what risks we need to be aware of, and how we can best mitigate against them.
“During 2018, as part of the NTC’s AV program, we will be seeking input on ways to protect the security of vehicles and the privacy of AV data.”