The Department for Transport recently claimed it wants to see fully autonomous cars tested on UK roads by 2021. Astonishingly, this expectation was set out after several fatal crashes in Arizona.
The system and infrastructure used in cars today (known as a Controller Area Network) was designed back in the 1980s. It was developed for exchanging different micro controllers, so that signals could be sent via the CAN, essentially a tier-to-tier network – and an old one at that.
The main issue here, is that these networks weren’t built with security in mind, as it was not a key concern back then. As time has gone on, modern-day functionality has been layered onto the CAN. This gives it no access control or security features, but instead, leaves access to cars open to criminals.
While there are no real-world hacks that have been executed this way, it has been proven possible. For example, in 2015 two researchers and a journalist were able to use wireless technology to drive a Jeep Cherokee off the road. As a result of this flaw, half a million cars were recalled.
It is an example of emerging technologies being adopted too quickly without fully considering the security implications.
Who needs humans?
Following the fatal incident in Arizona last year, it was predicted that it would be many years until autonomous cars replace human drivers. The reality is, I don’t think driverless cars will or should ever replace human drivers in the way that we think of them doing so now, where nearly everyone will continue to drive a private car, but it will be self-driving.
However, the issue of how we implement the technology is something for society to ultimately decide – whether this takes the form of private vehicles, or a coordinated public transportation system – but I do not believe either should remove the human aspect of vehicles.
After all, having a human presence is arguably a good thing, as is the security of having access to vehicles via a key controlled by a human. Accessing any connected device, whether it be a vehicle or otherwise, through an app is a key cause for concern. Someone can easily gain access to a vehicle just as they could with a smartphone – it essentially gives another person a way in.
I think people are becoming more apprehensive when it comes to driverless cars, where safety is paramount, and rightly so. Historically, driving has always been an aspect of life where human control has been essential. So the idea of watching a film, or sleeping, while a car transports us, feels understandably wrong to many people.
There are various levels of autonomy with self-driving cars – ranging from add-on features such as parking assistance through to completely driverless cars. A ‘grey area’ lies between the two, where the driver has very little to do, but has responsibility for the vehicle and might need to take control at some point. In the latter scenario, there’s a danger that the driver may switch off because they don’t feel required to be in full control and might therefore be unable to regain control in an emergency.
Driverless car fatalities have shown that there is a very real danger with autonomous vehicles, and it is therefore reasonable to question whether it is wise to resume the use of them so quickly after the incident.
Safety first?
There are real safety concerns about pedestrian and driver safety – as recent stories surrounding autonomous car testing have demonstrated – which society needs to tackle before driverless cars are launched.
There’s also a moral or ethical issue to consider. Christian Wolmar raised the issue of ‘the Holborn problem’ – if driverless cars are programmed to stop when they sense a pedestrian, what happens when they are confronted with a mass of people milling across a busy road? Will they wait all day? Or will we be asked to accept a lower safety bar? Or if the car is given the chance to choose to avoid hurting pedestrians or the passenger in the car in the lead up to an accident, how and who will it choose? A car isn’t able to make moral-based decisions on its own.
Ethics aside, in terms of cybersecurity, it is important to remember that nothing can be 100% secure. Just like housework, security is never done – you need to continually repeat the process of hoovering and dusting as the dirt will be back next week. This same logic applies to securing the increasingly advanced technology in modern cars. There are still many unanswered questions and unconsidered scenarios, which we need to ascertain before we can even start to consider loosening the reigns on bringing autonomous cars to our roads.