Cybersecurity Essential for Autonomous and Connected Cars, Government and Industry Say

By: Lee Rickwood

March 16, 2018

The country is ill-prepared for the future.

That’s the concerning essence of a Canadian government report on autonomous and connected cars that acknowledges its own regulation and coordination hasn’t kept up with industry’s pedal-to-the-metal approach.

“[C]ybersecurity measures are essential to maintain public safety and public confidence in this new technology”, members of the Standing Senate Committee on Transportation and Communications wrote about automated vehicles, adding that “[t]hese vehicles collect a vast amount of data and could be the target of hackers who want to use the vehicles for nefarious purposes.”

Vast amount of data is putting mildly.

According to a McKinsey & Company estimate, connected cars create up to 25 GB of data per hour; Intel CEO Brian Krzanich told the Intel Developer Forum that the autonomous vehicles will use about 4,000 GB daily.

Cybersecurity Essential for Autonomous and Connected Cars, Government and Industry Say

Estimates of the amount of data each and every connected car will generate on a daily basis are alerting industry, government and privacy advocates to new cybersecurity risks.

The U.S. auto association says connected car sensor data could reach between 380 TB to 5,100 TB per car per year (based on annual average distance driven figures) in the future!

Their math may need some coordination and recalculation, but the point is made — and so last month, Canada’s Senate released a long-awaited report into automated vehicles, and cybersecurity was a central theme.

The connected car is not just a smartphone with wheels, it is a data transmission centre on steroids. And as the report notes, all that data has tremendous value. And not just to cyber-criminals, about whom the report warns several times.

But it also identifies positive economic paybacks from autonomous vehicle data — reducing accidents and collisions could save an estimated $65 billion annually, the report highlights. Being able to drive from here to there more quickly means increased fuel savings and reduced road congestion, representing valuable benefits for the individual and the planet.

Of course, as has been noted here before, that data can also represent tremendous value for the car owner if he or she is willing to sell their personal information in an emerging user generated data market.

Yet with the potential comes the risk, the report notes.

The connected car data flow extends from the manufacturer to the dealer to the telecom service provider to the auto mechanic to the insurance company to the licensing agencies to the driver and occupants, and then out to infotainment services, social media platforms and other digital service providers (with potential stops in between for law enforcement and traffic management officials).

Cybersecurity Essential for Autonomous and Connected Cars, Government and Industry Say

Auto and IT industry companies like BlackBerry say the approach to data safety and security for connected cars includes solutions for securing the initial supply chain for chips and software, to isolating various computer systems within the car from one another (and often from the outside world), to periodic and secure software updates.

Which company or public sector institution would the average driver contact if they have a privacy concern about that trip?

With no explicit answer as yet to address specific concerns, the report makes several recommendations for tightening connect car cybersecurity generally. They include developing guidelines and principles for industry, promoting public education and awareness programs, and quickly setting up a “real-time crisis connect network” to deal with cyber-hacks of autonomous vehicles.

A central point of contact in government is being called for and the responsible ministers (Marc Garneau at Transport and Navdeep Bains at Innovation) said the report’s recommendations “will guide our ongoing work on this emerging technology, including on the development of regulations and standards” and that a “plan of action” would be released in the coming months.

The call parallels initiatives at the Office of the Privacy Commissioner of Canada, where a project to develop a privacy code for connected cars has received funding for the current 2017/18 operating period. While the Privacy Commissioner told the Senate he favours voluntary guidelines, at least in the early stages, he has also called for a stricter privacy regime overall in Canada, with increased ability to penalize and economically fine those who violate privacy rules and regulations.

Meanwhile, both industry participants and privacy advocates are driving forward with their own cybersecurity and the connect car initiatives. Auto-ISAC is a U.S.-based industry-led initiative to enhance cybersecurity awareness and collaboration, counting among its member OEMs, suppliers and commercial vendors in the auto market.

Cybersecurity Essential for Autonomous and Connected Cars, Government and Industry Say

From left, senators Michael L. MacDonald, Betty Unger and Terry Mercer ride in a connected bus during a fact-finding mission to the University of Alberta’s Centre for Smart Transportation in Edmonton.

Privacy and Access Council of Canada told the Senate during the connected car hearings it conducted that a long-term strategy for cyber-awareness and education has to start early.

“[A]s a matter of public policy, national economic policy and a cybersecurity strategy, we think that education has to incorporate mandatory learning for children — starting in kindergarten,” Sharon Polsky, the Council’s president, said.

Not many drivers there yet, but plenty of potential in the kids who will grow up to become the legislators, designers and technologists building and managing our future things — laws, products, services, even attitudes — which need privacy embedded in them.



Want to Get Paid $33 Billion a Year? Maybe $600 Billion If Your Data Is Good


Leave a Reply

Your email address will not be published. Required fields are marked *