Autonomous vehicle (AV) security – Risk mitigation strategies


Autonomous vehicle (AV) technology is set to revolutionize how people and goods move within communities and across the country. Over 80 companies are reportedly testing AVs across 40 U.S. states and Washington, D.C., according to the U.S. Department of Transportation (USDOT). More than half of the states have introduced legislation to permit testing on public roads.

AVs represent cutting-edge technology in the development of “Smart Cities,” where infrastructure depends on Internet of Things (IoT) devices to function effectively. This includes AVs as a practical method for last-mile delivery, mass transit, and trucking—often referred to as “mobility as a service”—which can benefit organizations and communities through improved mobility, access, and speed; decreased environmental impacts; increased safety; improved public transit options; reduced operating costs; and a switch from fixed-route, fixed-timetable services to dynamic, on-demand services.

But in addition to their advantages, these cyber-physical systems (CPS) can make businesses and assets more susceptible to physical and digital attacks. Organizations will be more susceptible to attacks that result in data breaches, supply chain disruptions, property damage, financial loss, injury, and fatalities as the CPS threat landscape continues to change.

Utilizing comprehensive security strategies that address enterprise and asset vulnerabilities related to CPS integration with larger connected networks, AV companies and the owners should proactively monitor and manage AV technology risks. This article will review some tactics for reducing the cyber risks associated with autonomous vehicle technology.

  • Create and implement employee training programs and drills to ensure local staff is knowledgeable about connected cyber-physical risks. Employees using CPS devices should be aware of the potential effects of a targeted attack and the best way to defend against it.
  • Ensure that networks and systems have secure physical access points, including connected and unconnected building security systems. Keep thorough asset management lists and access control logs.
  • Conduct vulnerability assessments to identify specific organizational weaknesses to inform an enterprise security strategy. Regularly evaluate cyber-physical AV system threats.
  • Inform the relevant authorities of any vulnerabilities and cyber-physical incidents right away. Keep lines of communication open with local, state, and federal law enforcement.
  • Utilize resources and tools to help find weaknesses that nefarious actors might exploit.
  • Adopt and put into practice recommendations for system security, best practices, and design principles from the National Institute of Standards and Technology (NIST), the Automotive Information Sharing and Analysis Center (Auto-ISAC), and other reputable organizations.
  • Establish formalized communication between organizational security departments and incorporate best practices for physical security and cybersecurity into routine operations.
  • Create and implement a program to reduce insider threats to strengthen shared accountability and asset protection culture.
  • Conduct application, network, firmware, and hardware testing to find cybersecurity weaknesses and attack vectors in vehicles.
  • Regularly apply suggested vehicle software updates. AVs need regular software updates like a computer to maintain and enhance their security and usability.
  • Avoid connecting devices not from the vehicle’s manufacturer that are unsecured or unknown to the system. This includes connected devices from outside the AV ecosystem, which may contain malware.
  • Keep an eye out for signs of physical access or tamperings, such as spliced wires, unidentified devices connected to OBD-II ports, or a removed dashboard, and report any unusual activity.
  • Lock doors, keep key fobs safe, and store fleets in secure locations to prevent unauthorized physical access to vehicles. Reduce unauthorized access as little as possible to avoid tampering or unintentional changes.
  • Set devices and services up with the most secure default configurations possible. To discover how default settings might be changed to introduce vulnerabilities, speak with the manufacturers.
  • To reduce potential attack vectors and guarantee proper functionality, ensure staff members are knowledgeable about advanced driver assistance systems (ADAS) and how to disable and reenable ADAS features.
  • Through product and ecosystem reviews, remediation engineering, and supply chain security, design, develop, and implement cybersecurity standards for connected vehicles and related components (such as infotainment systems, controller area networks, and sensors).