According to Aptiv’s safety engineering lead, Matthew Wood, it is important to differentiate between safety and security when developing autonomous vehicles.
“People often group safety and security together, even if they cannot articulate why or how these topics relate to each other,” Wood says. “This grouping is natural due to the overlapping properties that the topics are built upon. However, they are subtly different because safety focuses on the proper functioning of a system, while security focuses on the system’s ability to resist some form of intentionally malicious action.”
In particular, he notes, these center around safety worries about risks presented by passive adversaries, randomness in nature and human-caused accidents, and security worries about risks presented by active adversaries in the form of creative, determined and malicious human beings acting intentionally.
“This leads to a requirement to utilize additional security analysis tools and technical mechanisms that also affect safety. Security makes heavy use of cryptography, which is often resource-intensive, but active safety mechanisms should be deterministic.
“Processing of safety-related data often has short deadlines, which makes it difficult to ensure the required levels of data authenticity and confidentiality. Satisfying both safety and security will impact resources and the architecture.”
Wood notes that while the risks of self-driving cars may be reasonably overt to the layperson, increasing the level of connectivity between all autonomous vehicles comes with its own obstacles.
“The automotive industry is facing new challenges due to the extreme connectivity between self-driving vehicles and from these vehicles to their environment. These challenges range from fulfilling regulatory requirements and ensuring safety to protecting fleets and customers from cybersecurity attacks. Increasing connectivity means adding new interfaces between the control functions of connected vehicles, IT backend systems, and other external information. This rich attack surface creates considerable interest for malicious actors with various goals,” Wood explains, adding that safety and security are intrinsically linked.
“In short, we have advanced to a level where vehicles cannot maintain a safe state unless they also operate securely. Most importantly, cybersecurity principles and practices should be applied to ensure that attackers cannot gain control of a vehicle and that attacks are exceptionally difficult to scale to the point of exploiting multiple vehicles simultaneously.”
