Autonomous Vehicles: No Safety Without Security

Autonomous vehicles that can safely operate without a driver, known as SAE Level 4 technologies, have the potential to save millions of lives by eliminating automotive accidents caused by human error. That vision of safer streets is what drives us at Motional as we tackle making these vehicles a reality.

The sophistication of Level 4 technology and its real-world applications, however, demand a safety-first ethos across every aspect of creating, testing, and, ultimately, deploying autonomous vehicles. Within this, cybersecurity plays a critical role in the overall safety of autonomous vehicles (AVs). We regularly stress this with a mantra: “There is no safety without security.” This mantra reminds us that a system may be safe in the absence of a malicious actor, but malicious actors are not above subverting safety mechanisms to achieve their goals.

At Motional, we’ve taken the unique step in making our cybersecurity approach public both to be transparent and to help advance security standards and best practices.

Autonomous Vehicle Security

At present, when we talk about autonomous vehicle security, we’re also often talking about the security of traditional vehicles and it’s worth noting that the automotive industry still has a ways to go on this front. The industry didn’t bring cybersecurity to the forefront until relatively recently. In the past several years, it has emerged as a pressing issue given the rise of software defined driver assist features and pervasive connectivity solutions. Now experts predict that the automotive cybersecurity market could reach $9.7 billion by 2030.

That figure applies to security for human-piloted vehicles — autonomous vehicles are even more cybersecurity-critical given the many layers of technology and reliance on automation for safe operation. Those of us in the autonomous industry are faced with the complex task of securing AVs, all while the automotive industry is still improving the security of human driven vehicles. There’s not a clear playbook for anyone to follow when dealing with this level of complexity.

That said, we see an important opportunity for companies in the autonomous industry to serve as leaders in establishing and following rigorous standards for cybersecurity across the automotive industry. Within the AV space, we don’t have the luxury of trial and error, we have to implement a strong security approach from the beginning in order to ensure the safety of our vehicles.

The newly released ISO/SAE 21434 standard covers the engineering aspects of vehicle security, but as it’s new, there aren’t defined norms for how to interpret and comply with the requirements. We’ve set out to change that.

Last year, we released Motional’s Autonomous Vehicle Cybersecurity Development Lifecycle (AVCDL), the first publicly released cybersecurity development lifecycle in the automotive industry and the first public effort to comprehensively comply with emerging automotive cybersecurity standards and regulations, including ISO/SAE 21434 and UNECE WP.29 R155. The AVCDL is a framework designed to enable companies to attain certifications under the aforementioned standards and regulations.

Safety Over Competition

We created the AVCDL to ensure the security of our product and then released it publicly to contribute to improving the security of the entire industry. Safety over competition has long been an important part of Motional’s overarching safety commitment. Our team pioneered safety-focused data sharing in the AV industry with the release of our nuScenes and nuPlan datasets. By releasing these datasets, our goal was to further the research that would make all AVs smarter and safer — not just our own. The AVCDL follows nuScenes legacy by sharing the lifecycle with the broader community.

We’ve  invited our partners, suppliers, and others in the industry to provide feedback, with the intention of making everyone’s security practices stronger. The cybersecurity landscape is constantly changing. Thus, we view cybersecurity as a journey, where cross-industry collaboration will help us continue to stay ahead of the threat. We hope others will join us on this journey.

About the Author: Michael Maass, Ph.D., is the cybersecurity lead and principal engineer at Motional, an autonomous driving joint venture formed by Aptiv and Hyundai Motor Group with operations across the U.S. and in Asia. The company is developing and commercializing Level 4 robotaxis. Motional has partnerships with Lyft, Via, and Uber Eats to deploy its robotaxis on their networks. Read more at mindsofmotional.medium.com. 

This article was authored and edited according to Fleet Forward editorial standards and style. Opinions expressed may not necessarily reflect that of Fleet Forward.