Autonomy at Odds with Security

Autonomy at Odds with Security
by Roger C. Lanctot on 03-17-2016 at 4:00 pm

 It’s funny that we all now believe that Google got the automated driving ball rolling. The reality is that the government started it all with the Defense Advanced Research Projects Agency (DARPA) and its famous DARPA Grand Challenge, which consisted of three tests (in 2004, 2005 and 2007) of driverless cars in different driving environments ranging from cross country to urban.

Alumni of those tests have helped to populate many current programs, while the attention and funding attracted by the U.S. Defense Department stimulated research and development within the auto industry and academia. The Defense Department is keenly interested in exploring the role of automated vehicles on and in support of the battlefield.

The motivations of the Defense Department were clear and publicly stated. But once the concept got into the wild, the commercial implications were less clear.

Nine years on from the last DARPA Grand Challenge, though, the outlines of the future of automated driving are becoming clearer as governments have stepped in to define and explore the civilian applications for automated vehicles. From Federal to local levels and internationally, governments are seeing automated vehicles having a wide range of impacts, both positive and negative including:


  • Making mobility accessible to disadvantaged populations including the unemployed, elderly and handicapped
  • Automating mass transit and creating new kinds of mass transit
  • Automating commercial vehicles including everything from trucks to vehicles operating in closed environments such as airports
  • Fostering the idea of automated vehicle zones in cities
  • Increasing the density of vehicular traffic on already crowded highways
  • Reducing traffic, emissions, fuel consumption and fatalities and injuries from car crashes


  • Possibly shifting consumer transit preferences back to individual cars from mass transit options – ie. putting greater stress on already stressed highways and secondary routes
  • Increasing vehicular use, congestion, fuel consumption and emissions
  • Creating deadly or damaging interactions between automated vehicles and human operated vehicles using the same roads
  • Opening the door to new opportunities for terrorist attacks via the use of automated vehicles

The last point is the key issue now being faced by governments and the automotive industry. The headlong pursuit of automated driving, which has become a global priority, and the adoption of safety systems intended to make cars safer has introduced the world to the new threat of compromised automotive cybersecurity.

Driverless DARPA Challenge vehicles dashing across deserts or through urban environments and self-parking cars have one thing in common: they are a very attractive target for hackers. Add wireless connections which are increasingly being mandated by governments around the world and you have a recipe for potentially catastrophic risk in the form of hundreds of millions of rolling improvised bomb delivery devices.

The prospect of terrorist use of self-driving cars was raised at the Future Networked Car event at the Geneva Motor Show and at a subsequent meeting at the International Telecommunications Union.

What is most amazing about the emergence of automated driving is the pressure felt by governments to define and implement policies in support of this technology in real-time even as the technology is still taking shape and the commercial applications are emerging. U.S. Department of Transportation Secretary Anthony Foxx attended the first Group of 7 Transport Ministers gathering at the Frankfurt Auto Show last fall and discovered a group of colleagues shocked at the lack of leadership on the subject from the U.S.

In reaction, the US DOT has subsequently promised to have a preliminary policy in place within six months while also promising to invest $4B over the next 10 years “to accelerate the development and adoption of safe vehicle automation through real-world pilot projects.”

The US DOT added that its intention is to test connected and autonomous cars “in designated corridors throughout the country.” It is clear that the US DOT’s vision remains somewhat foggy on how automated driving will be achieved and for what purpose. The fact that the US DOT has specifically mentioned “connected and autonomous” suggests that the agency is conflating its vested interest ($800M already spent on research) in DSRC (dedicated short-range communications) technology with automated driving which may or may not require connectivity.

The Google car, for example, is a truly autonomous automated vehicle. The vehicle does not rely on wireless connections to move and avoid collisions. It relies on its sensors and existing information about the surrounding roads stored on board.

At the same time that the US DOT is hitting the automated driving accelerator to the tune of $4B, contingent on Congressional budget approval, it is pushing the U.S. auto industry to do something about vehicle security. But the commercial opportunities inherent in automated vehicles (making and selling the hardware and software that makes them possible) is overwhelming the concerns regarding security.

This US DOT blindspot is surprising given the multiplying exploits of white and black hat hackers to expose the magnitude and implications of connected vehicles with automated driving functions. The US DOT is in the curious role of pushing the very technology that is increasing the cost of vehicles and the cost of ensuring vehicle security.

Safe and secure automated vehicles will be expensive and the pursuit of that technology is driving up the cost of already expensive cars. It’s enough to stimulate consumer interest in a “grid-less” car – completely unconnected – not unlike the Google car.

A new preliminary report has been released by the Volpe Center on the regulatory implications of automated driving vis-à-vis existing regulations: – “Review of Federal Motor Vehicle Safety Standards for Automated Vehicles.” The report summary states: “In summary, the review revealed that there are few barriers for automated vehicles to comply with FMVSS, as long as the vehicle does not significantly diverge from a conventional vehicle design.”

The key takeaway is that the US DOT and, by extension, all governments, are lagging behind commercial development in the automated driving space. No organization or regulatory body has a complete grasp of the commercial and security implications of automated vehicles.

The lack of a clear vision leaves governments in the awkward position of having asked industry (in the form of the DARPA Challenge) to pursue automated driving without defining the purpose, beyond military uses. This is a problem.

Even worse is the fact that governments and regulators feel compelled to step in to control or guide automated driving development without a set of goals, requirements or guiding principals. (The U.S. Senate Commerce Committee will conduct hearings on self-driving vehicles this Tuesday in Washington. Webcast details: It is worth remembering that it was the Defense Department that got the ball rolling with the intention of stimulating the development of technology that would be useful on and in support of active military engagements and battlefields.

This is the technology that has been released into the wild, not unlike the Internet or, indeed, nuclear energy itself. Now that the genie is out of the bottle, it is essential that governments and industry focus on resolving cybersecurity issues in concert with automated driving policy issues. In the process, it is preferred that governments such as the U.S. avoid promoting a particular technology or solution, such as DSRC, which, at this point, can only add to the cybersecurity challenges.

Let’s not forget that the lowly mandated OBDII port in the average car is, itself, one of the greatest sources of vehicle vulnerability. Governments and regulators should do their utmost to simplify and accelerate the process of establishing guidelines or frameworks for a base level of vehicle security. After all, it is the government that got us into this mess in the first place.

Roger C. Lanctot is Associate Director in the Global Automotive Practice at Strategy Analytics. More details about Strategy Analytics can be found here:

More articles from Roger…

0 Replies to “Autonomy at Odds with Security”

You must register or log in to view/post comments.