The most dangerous part of flying is the trip to the airport, or so the saying goes. And that is true if you consider the fact that your odds of being in an accident during a flight are one in 1.2 million, and the chances of that accident being fatal are one in 11 million. The odds of dying in a car crash, on the other hand, are one in 5,000
One of the promises of autonomy is that it can eradicate this kind of risk by eliminating one of the leading causes of accidents: the human factor. Take out the drunk or distracted driver and replace it with a dependable robot and the problem is solved. Right?
While autonomous vehicles (AVs) may not engage in the same risky behaviors, they do come with a whole new set of challenges. And cybersecurity is one of them. That is not surprising. We know that autonomous vehicles require communication and vast amounts of data to perceive and operate. In just one day, a single AV collects roughly 10 terabytes of data, which is equal to about 22,000 episodes of Games of Thrones. So much data and so much that could go wrong.
Whenever we think of cybersecurity and self-driving technology, the image that captures the imagination is of a hacked autonomous vehicle on a collision course. While that scenario is certainly possible, there are also many more conventional threats we need to consider. Just think about the amount of data an autonomous ride share vehicle would process about its passengers – where they go, payment histories etc. – and what could happen if that data landed in the wrong hands. There is no doubt that cybersecurity is at the core of designing safe autonomous transport solutions.
But the more interesting question is: how should we design these solutions to be fully secure without compromising on functionality and user experience?
Let’s start with an analogy – imagine going on the aforementioned car ride to the airport. You know that driving comes with some risks but you still need to catch your plane. So you hit the road. But of course you do so with all the necessary precautions: buckling up, driving defensively, avoiding distractions, and making use of all the driver assist features modern cars are equipped with.
The steps you have just taken are how we should think about cybersecurity and autonomous vehicles. There are the known risks which you can manage by taking precautions. Then there are the unknown ones, which need to be managed through awareness and understanding, as well as by making a plan to detect and lessen the impact of such risks should they become a reality.
At Volvo Autonomous Solutions, we take a risk-based approach. That means we try to identify and predict everything that could potentially go wrong in autonomous operations, compiling a ‘risk register’. Then we outline the probability of these risks and the resulting consequences, which could range from intellectual property infringement, to data privacy breaches, to compromised safety of people. And then we decide which risks are worth taking and ensure these vulnerabilities are addressed across every step of the development process.
Of course, our approach is heavily influenced by legislation. There are regulations in place or in the pipeline, which are already setting the standard and ensuring fewer vulnerabilities in the autonomous hardware and software being put out in the market. This is important and will go a long way in ensuring not just safety and security, but also consensus on what degree of cybersecurity risk is acceptable for both regulators and the general public. This is crucial for the technology to take off.
So to circle back to the question we started with – can we ever be 100% secure – the answer is yes. Theoretically we could have an autonomous vehicle that is 100% secure, but it might not be able to perform the function it was designed for. A bit like the world’s safest car that sits in the garage because safety has taken such a precedence. Not much use to anyone.
So instead of 100% secure, I think what we would want to be is 100% in control. We know that autonomous vehicles carry cybersecurity risks. But with good risk management that brings together people, processes, technology, and intelligence to help us fully understand and mitigate the impact and consequence of every risk, we can build the true path to resilience. And that’s what we are doing at Volvo Autonomous Solutions.