22/01/2021
On 10 December 2020, Reddie & Grose LLP held the second of our Automotive Round Table series on the topic of Connectivity and Security. As with our inaugural event held in the summer of 2020 (report here), the event brought together members of our in-house AI and Automotive teams, and leading lights from external organisations active in this area.
Connectivity : Vehicle to Everything
Whenever connected (or self-driving) vehicles, or even Mobility as a Service, are mentioned, the author of this report cannot help but imagine the science fiction vision of the future presented in films such as Minority Report. The reality is of course far less dramatic (and far less vertical), though aspects of the science fiction do still inform contemporary thinking. Certainly in the near term, communication between connected vehicles (V2V), and vehicles and infrastructure (V2I) (together Vehicle to Everything or V2X) are being used to improve road safety and improve traffic flows, by giving real time directions to drivers, alerting drivers of other road users (and vice versa), and controlling traffic lights or other road side illumination. Trials of delivery fleet platooning are now also underway in the UK and elsewhere.
The discussion opened by asking which aspects of V2X would likely take off in the UK first, and what obstacles to deployment still remained.
One of the observations to emerge in reply was the challenge that the rural / urban divide could pose for the roll-out of connected vehicles. The initial deployment of connected vehicles was more likely to take off in earnest in cities or other urbanised areas, due to a number of factors including passenger and vehicle density, the investment of city authorities in digital services, and the organizational ability of cities to develop the appropriate infrastructure.
Existing connectivity black spots (for 3G and 4G technologies) in rural areas were held out as an example of the type of systems level problem that connected vehicle deployment would need to tackle in the long run. Systems supporting Dedicated Short Range Communication (DRSC) between vehicles could cover gaps in road side infrastructure (“you are about to enter a black spot!”), but would not assist if connected vehicles are few and far between, and would not address mixed mode scenarios where only a portion of the vehicles on the road are connected.
A further topic of conversation was the blurring of autonomous and connected vehicles in the popular imagination, and the extent to which it demonstrates both the complexity and potential of different future mobility solutions. Of course, truly self-driving autonomous cars could operate in an off-line or stand-alone mode and need not be connected to other cars to operate. For reasons of resilience, they should ideally be capable of driving without connection.
Given that the average car owner uses their car only around 5% of the time, autonomous cars operated as a service would spare passengers the burden of ownership, and along with other Mobility as a Service solutions such as firms like Uber would allow those for whom vehicle ownership is not practical (the young, elderly or infirm) to get around. Nevertheless, it was pointed out that as a result of the UK government’s current focus on air quality, vehicle OEMs in the UK appear to be deemphasizing development of fully autonomous vehicles in favour of investment in electric vehicles and Advanced Driver Assistance Systems (ADAS). With air quality in mind, geo-fencing and alert notifications applications could proliferate in the connected vehicles market.
The emergence of connected vehicles also shifts the design emphasis from cars as individual units to the aggregated conglomeration of cars and their interactions with the surrounding infrastructure. This is a challenging systems engineering and organizational scale problem, requiring a number of different stake holders to see the network as whole and work together on its implementation and development. Currently highway and road infrastructure oversight can be fragmented, with Highways England in charge of motorways, local councils in charge of minor roads, and other organisations, such as Transport for London responsible for some of London’s roads. Nevertheless, entities like TfL have considerable expertise and experience to offer in this area, as they are already used to coordinating passenger flows over many different interacting modes of transport.
In summary, while much of the technology for further connectivity is already available, the remaining human or organizational problems are seen as likely to slow deployment in anywhere but larger cities where the results can be grasped more quickly. Until then, the most likely use of connected vehicles (at least those connected to a national or city wide grid) might be limited to downloadable content (such as infotainment and entertainment) and diagnostic applications.
Security : A great responsibility
We launched into the second part of our round table conversation by asking what are likely to be the key security issues around connected vehicles? The benefits offered by connected vehicles rely on the premise of sharing data between multiple vehicle components, between different vehicles in a fleet, as well as with road infrastructure and the wider network. The proliferation of connected components in connected vehicles presents a number of security risks, not just for loss of personal data and privacy, but more seriously for safety. In the worst cases, a hacked car could be turned into a blunt weapon, a concern which mandates that a hacked connected vehicle does not just fail safe, but ideally fails functional, so that an operator can continue to operate the vehicle away from potential danger.
Respondents noted that security only ever goes in one direction, and that it is essentially an arms race. As we cannot expect to keep ahead of potential hackers all of the time, connected vehicles would ideally need software that behaves like the body’s immune system, self-diagnosing and reacting to intruders and malicious actors on its own. We would also need a strong external track and trace system built into the infrastructure, so that a vehicle could be scanned at regular or critical check points, such as before a motorway journey or periodically around town. Any false reading would terminate the journey and fail safe.
Connected vehicles are known to have multiple vulnerabilities in addition to obvious weak-spots like the On Board Diagnostic (OBD) port. Attack surfaces include the use of the Controller Area Network-bus (CAN bus), which is open and generally unencrypted, as well as up to 10 or 11 software layers in the vehicle each with known security vulnerabilities: in this regard, one of the participants mentioned a report of a car engine being disabled entirely via the DAB radio port.
The problem of hardware (particular processor) obsolescence was also touched upon. Security over the lifetime of a typical ICE type vehicle would essentially require the continued updating of the operating software used by the vehicle. But what happens if the hardware can no longer support the new version of the software? Unless the vehicle processors were modular components that could be swapped out over the lifetime of the vehicle, what would stop manufacturers launching vehicles that were initially security compliant, but which over time drifted off the standard and became less secure? Encryption of messages between intra – or inter-vehicle components would place a high computational burden on the various communication protocols but would likely be necessary to ensure proper security.
What are the incentives for stakeholders to build in the right level of security at the outset? Human nature can be such that security concerns are only usually taken seriously after a breach occurs when the damage is already done, and one respondent noted that even within the financial services sector (where the expectation of strict security is more prevalent) the actual measures taken are sometimes lacking. What measures or actions can be taken now to ensure that the roll out of connected vehicles is safe, and who will lead and who will pay?
Fortunately, state actors do seem to be tackling the security problem. A number of years ago, the SMMT (Society of Motor Manufacturers and Traders) had discussions with the NCSC (National Cyber Security Centre) to create a security forum for discussion of issues with experts. Similarly, the ACSF (Automotive cyber security forum) provides a safe haven for manufacturers to discuss security concerns even confidentially. The UK government has also recently shifted its stance to favour stricter security having previously adopted a more neutral tone. With bodies like these existing to provide feedback and recommendations, as well as guidance on standards, education of the public about connected vehicle security could be achieved using a digital resilience mark or rating for each vehicle. This could become a safety selling point in the same way that, like NCAP crash safety ratings inform buyer confidence in new vehicles.
Connected Vehicle Use cases
In summary, the participants in our round table discussion noted that, while much work was being done in the area of connected vehicles and connected vehicle security, more coordinated thinking was required between different organisational entities to ensure a smooth roll out. There would need to be clear partitioning of areas required to handle different use cases, with the appropriate levels of data sensitivity and trust reviewed for each partition, and the appropriate architectural policies put in place from the outset. With these complexities in mind, there was enthusiasm about the current roll-out of autonomous and connected vehicles for last mile delivery solutions providing a test-bed to work out some of the more complicated problems on an initial smaller scale.
If you would like to hear more about our Automotive Round Table events, or participate in our next event, please contact Reddie & Grose LLP.
This article is for general information only. Its content is not a statement of the law on any subject and does not constitute advice. Please contact Reddie & Grose LLP for advice before taking any action in reliance on it.