Connected Vehicles and Cybersecurity—A New Frontier of Risk
Raphael Stern, Assistant Professor, Civil, Environmental, and Geo- Engineering
Area of Expertise: Traffic Engineering & Management
Connected and automated vehicles (CAVs) have the potential to change how we think about transportation and, more broadly, mobility. CAVs may bring tremendous benefits such as improved access to services, reduced travel burdens, and safer transportation systems. In fact, many of these benefits are already possible with partial vehicle automation—and these benefits could grow as advanced automation continues. However, CAVs also provide new opportunities for malicious actors to compromise vehicle security in the form of cyberattacks. If not addressed as we roll out new CAV vehicles and technologies, these threats could upend many of the benefits possible with CAV adoption.
While certain cyberattacks may be simpler to detect, others will likely be difficult and lead to smaller impacts aggregating into bigger issues such as increased congestion or emissions. The stealthy nature of such attacks may make it extremely difficult to pinpoint the source vehicle that has been compromised.
While obvious hacks that cause crashes may be easy to identify and isolate, other ways vehicles might be compromised could be more difficult to spot, especially if the attack results in subtle changes to vehicle driving behavior. Such attacks could be introduced to automated or partially automated vehicles via malicious software updates and go undetected for long periods of time. Even subtle changes to driving behavior could cause widespread disruptions to the transportation network by seeding traffic jams or causing delay and excess fuel consumption and emissions. For example, if such an attack were released on all vehicles of a specific make and model, even just slightly more aggressive driving could cause a network-wide increase in delays, fuel consumption, and emissions without a clear way to pinpoint the source of the issue.
There are many types of potential cyberattacks that could compromise CAVs. These can be categorized as infrastructure-based attacks, communication-based attacks, or sensor-based attacks. Infrastructure-based attacks may compromise the integrity of roadside units tasked with providing information to vehicles for navigation. Such attacks could also be used to send false information to infrastructure managers who use the data gathered at roadside units to make infrastructure control decisions. Communication-based attacks could compromise the connections either between individual CAVs or between CAVs and ground stations. For example, by altering communications between two CAVs, a false data injection attack could cause potentially dangerous driving conditions by misrepresenting the location of a CAV. Finally, sensor-based attacks on a CAV could compromise the safety of the individual vehicle by altering measurements from onboard sensors such as inter-vehicle distance, leading to collisions or compromising the driving comfort or efficiency.
While certain cyberattacks may be simpler to detect, others will likely be difficult and lead to smaller impacts aggregating into bigger issues such as increased congestion or emissions. The stealthy nature of such attacks may make it extremely difficult to pinpoint the source vehicle that has been compromised. Such widespread attacks on CAVs may only be detected through large-scale traffic flow monitoring, which could reveal if suspicious traffic flow patterns emerge when compared to normal operations.
One major challenge that will emerge in the coming decades is the design of robust vehicle control algorithms able to provide for safe driving even during a cyberattack. This may mean building the ability for vehicles to respond to faulty sensor data onboard the vehicle or designing a way for vehicles to validate data communicated either from infrastructure-based sensors or via vehicle-to-vehicle communications. Possible strategies to introduce this robustness include sensor redundancy and better data anomaly detection techniques to identify potentially corrupted data before a CAV acts on the information.
Although many different types of cyberattacks exist, two are generally considered to be most relevant to transportation systems and vehicle automation. In deception attacks, an attacker injects false data into a system. In a man-in-the-middle attack, malicious code is injected into a communication channel and acts as an unknown intermediary, potentially changing the messages sent within the communication network.
As an example of a stealthy deception attack, hackers showed that a specific consumer SUV could be remotely taken over through a glitch in the infotainment system. The attackers remotely accessed the vehicle controls through a wireless radio and disabled the vehicle's engine. Such an attack demonstrates how substantial and dangerous these vulnerabilities can be.
Identifying such vulnerabilities is often referred to as “red teaming,” during which security researchers mimic hackers to try to identify potential security bugs that could be exploited before attackers are able to. However, in addition to expanded red teaming efforts on transportation systems, emphasis must also be placed on resilient and robust design capable of operating in the presence of cyberattacks. Securing our transportation infrastructure from cyberattacks will rely both on detecting intrusions when they occur and designing robust operating procedures in the event that an attack is not detected.