Preventing cyber‑threats in connected and automated mobility

Why is now the right time to start improving cyber-security in CAVs?

Daniel Ruiz:  Essentially it’s because the UK cannot afford to fall behind in what is an international race to perfect connected and automated mobility and make it a part of the everyday. Zenzic is dedicated to accelerating the self-driving revolution in the UK, and in the last six months we’ve been particularly focused on two things: the Connected Automated Mobility (CAM) Testbed UK and the CAM roadmap that directly relates to it.

We’re making sure that the testbed is gelling into one aggregated facility that sits in the UK and is accessible to UK manufacturers, operators and developers of mobility solutions, as well as global organisations in the same sector.

It comprises 28 companies and six consortia. They range from the controlled environments that are essentially CAM or CAV layers being built on top of existing world-class facilities, like HORIBA MIRA and Millbrook, through to the semi‑controlled at Cullen, near Oxford. Then there’s the public domain testing facilities, which in London is the Smart Mobility Living Lab led by TRL, and the West Midlands facility, which is particularly interesting because it links back to HORIBA MIRA in Nuneaton, but also brings in the rural highways and urban roads around the Birmingham and Coventry areas.

That project is led by Transport for West Midlands, so it’s a public sector organisation participating in the consortium. Testbed UK will ensure that the collaboration creates a whole that is greater than the sum of its parts. The critical part is the ability to test vehicle systems in the broader sense and see how they can deliver mobility.

As for the Roadmap, it is designed to give a framework for the whole sector when strategising and planning, to make sure that it is investing where it counts most. The roadmap highlights that cyber-security, telecommunications, public acceptance and regulation are four of the most important ‘critical path activities’. We have to start – or continue to build – on them now if we’re going to remain at the front of the race with the rest of the world.

What aspects in the engineering of CAVs need to be addressed to protect them from cyber-threats?

Geoff Davis:  The beginning of our involvement in this goes back some 30 years or so, when HORIBA MIRA began developing capabilities in electromagnetic compatibility (EMC). This is where we, as vehicle engineers, are concerned by the electromagnetic fields that are emitted from electronic devices and the impact they can have on vehicle operation. Take batteries and motors as an example; emissions from these can be harmful to operator health and can impact the performance of vehicle-based electrical systems.

For the last 20 years, emerging from that starting point has been discipline in developing a focus on engineering system safety and the critical safety of electronic systems. This is where you rely on software to make key instructions that could have an impact on vehicle performance and safety critical systems – now referred to as functional safety. It’s the art of ensuring that software, electronic hardware and code is developed and operates in a robust and safe manner, i.e. to fail safe or to fail operational.

Regulation ISO 26262 has driven the adoption of functional safety in the automotive industry for everything it does from a software perspective. A natural extension of this is starting to look at cyber-security for vehicles.

If there are safety critical systems that are software dependent, and somebody can maliciously connect or interfere with the code those systems are based on, then we should be concerned. Defence against this interference is where the art of cyber-security comes in. Today, there are lots of scare stories about what could happen, but most people are still only familiar with cyber-threats from an IT and enterprise background.

When you look at these three disciplines together – cyber-security, functional safety and EMC – they’re all closely dependent on each other: EMC looks at the testing of some of those electrical systems and how they can be influenced; functional safety looks at how to safely design software dependent safety critical systems; and cyber-security is where you reduce the risk of a successful cyber attack on your software-driven system. ‘Vehicle resilience’ is the term we use to cover all three sub-topics. How do you ensure that you design and develop systems that are robust and do what they’re supposed to repeatedly? Should they fail, how do you ensure they fail in a safe manner? You deploy vehicle resilience engineering first principles.

About five years ago we decided that we needed to start building specific automotive cyber-security capability, because we believe that the expertise required from an automotive perspective is subtly different from those who work in a generic IT or enterprise discipline. You need to understand how vehicles are used, how vehicle systems behave, and the increasing connectivity requirements on them. It’s a very different layer of complexity and knowhow that we require of our cyber-security experts working on vehicles.

We’ve been building the engineering and test methodologies to offer a solution in vehicle resilience, so we can help companies either fix problems or, from a design perspective, ensure their vehicles are designed to be robust and resilient in a challenging ecosystem.

The area that Daniel and I are focused on predominantly is around connected and autonomous vehicles (CAVs). To really make autonomy or automation deployable in significant volume and reap the benefits from CAV technology, we’re reliant on connectivity. The vehicles need to connect with each other and they need to connect with infrastructure – they need to be part of the internet of things (IoT).

Once they are connected, however, they are potentially very vulnerable. It’s easy to imagine a future scenario where these vehicles that are highly automated and connected are hacked or interfered with by a third party with disasterous consequences.

This is why the subject of vehicle resilience is so critically important for the safe and mass‑scale deployment of CAVs. In recent years, the Automotive Council, and subsequently Zenzic, have been developing strategies around how we develop and deploy CAV technology in the UK. We build the infrastructure, we build the knowhow, the technology, and we attract various companies to the UK to conduct R&D in those fields.

We are very conscious that we cannot ignore vehicle resilience and the cyber element. It is clear that building on the expertise the UK already has in automotive engineering and CAVs, but also in areas such as cyber-security, is the right thing to do as they are closely connected.

We should look at ensuring that the UK takes the lead in becoming a global powerhouse in terms of automated vehicle resilience and cyber‑security. To do that, we need to start thinking at a national level; what do we need to have in terms of a national centre of excellence? Are the design standards we look at suitable? What kind of tests and validation processes do we need? It’s from questions such as these that this whole story started.

Daniel Ruiz:  It’s important to recognise that this is the start of a journey. We’re building on solid foundations of capability with the set of projects announced in the Cyber Securities Feasibility Studies competition, but now it is about shaping the next steps and scoping a plan.

There is a substantial piece of programme work that needs to follow. We are working closely with government to shape the requests for funding to ensure continuity and that we exploit the opportunity to the full.

How do you balance trying to stay ahead in cyber with regard to CAVs while also monitoring developments coming from a malicious perspective?

Daniel Ruiz:  Too often, people tend to forget the ‘C’ in ‘CAV’. Connectivity is all about the flow of data, which represents the ability to make decisions, the ability to make our whole transport environment more efficient, and deliver the safety, productivity, accessibility and environmental impact that it has the potential to do.

There’s a net-zero element in here that we cannot afford to ignore, or wait for autonomy to come and address. Connectivity is here because we have the data to enable it, but that data can only flow freely if it is secure, which reinforces how crucial cyber‑security is. There are always going to be malicious actors out there that we have to mitigate against.

Geoff Davis:  Vehicle manufacturers have been accelerating their development of connectivity  and automation, but cyber is right at the heart of some of the concerns they have. Going forward, in addition to ensuring that they have products robust to cyber‑threats, we expect that they will need to be able to monitor the status of their fleet and to intervene where they see threats. That’s potentially a huge burden for the industry and not necessarily one it is ready for yet, because the methodologies and approach required are new to the industry.

The cost of building these kind of capabilities into operation is unforeseen and potentially significant. There’s a real challenge for industry to monitor fleets, once connected, in a viable manner, because the implications around cyber-security are quite significant for the process of engineering sign off. There’s a real change required in terms of the engineering methodology, which is one of the key points in the ResiCAV programme.

Are you concerned that by looking ahead, we might not be vigilant enough about the connectivity to vehicles and infrastructure that is filtering into our daily lives now?

Daniel Ruiz:  As engineers, we don’t have concerns – we only see problems that need to be solved or questions that need to be addressed. What’s critical is that we maintain safety throughout and do so responsibly. These six projects are evidence of exceptional responsibility because they are so diverse.

The projects are in many ways complimentary, with each looking at different aspects of the cyber challenge. Inevitably, this is part of a bigger picture, which is why the number of organisations involved is significant. They’re all collaborative but, on the sidelines, there is the National Cyber Security Centre, which is an adjective of GCHQ, and a number of other organisations which may not be in these projects.

The key is to look at the summary scope of each of these projects and recognise that we are looking at the IoT and internet of systems in an intelligent and responsible manner.

Geoff Davis:  I don’t think we should imagine that one day, all of a sudden, these high levels of automation will be turned on and we’ll see those connected vehicles on the road – it’s more of an evolution. There are plenty of connected features in existing vehicles. All new vehicles will be connected by 2025, if not sooner, so there is already a threat present.

There are plenty of opportunities for threat – look at the thefts of premium vehicles in cities such as London through wireless key fob technology. The threats are here, now – they just have the potential to become more significant when our vehicles have a higher degree of automation.

Biographies

Daniel Ruiz joined Zenzic as CEO in November 2017 to lead the UK’s unique £200 million programme for the testing and development of connected and self-driving vehicle technologies. Prior to leading Zenzic, he managed a 500-strong team as MD of Dynniq UK, tackling traffic challenges with technology-based solutions. Daniel also oversaw the London Streets Traffic Control Centre and maintenance of Greater London’s 6000 sets of traffic lights, and set up the Transport Coordination Centre for the London 2012 Olympics. Daniel has a PhD in engineering from New College, Oxford.

Dr. Geoff Davis joined HORIBA MIRA in 2009 following 10 years at Ricardo – the technical, engineering and management consultancy. He is an experienced engineering consultancy professional with a solid background in automotive engineering, has up-to-date experience in the latest automotive technologies and trends, and has first-hand experience of working across a comprehensive range of overseas territories and industry sectors.