Greek Mythology is primarily associated with ancient literature, arts, culture, and education; but many of the stories have great contemporary significance. Most have heard the expression “be careful, you may be opening Pandora’s box”, but looking at the intricacies of the story itself, they are quite reflective of what we see going in the autonomous vehicles space in the automotive industry.
Pandora’s box is an origin myth — used to attempt to explain the beginning of time itself; considerably like new ventures, new technologies, and new ideas around the autonomous ecosystem. It is also a story of curiosity; Pandora’s curiosity caused her open the box even though she was specifically told not to, unleashing negativity into the world — what does this mean about the curious concept of self-driving cars?
Today, Pandora’s box represents a source of troubles. The idea that we do not always know how something we have started may end, nor fully recognize the consequences of our actions. Already, in the new digital landscapes, cybersecurity has come to the forefront. But at what point are we sure that we are not opening Pandora’s box with the mainstream adoption of autonomous vehicles?
One of the greatest paradoxes regarding autonomous vehicles is the increased safety. When self-driving cars become commonplace, the 94% of serious crashes caused by human error should be remedied, right?
For autonomous cars to become truly safe, the entire automotive ecosystem must be sure of the reliability and integrity of their contribution to the system, through building and maintaining these vehicles. Every component, from a screw to a line of code must be scrutinized once this box is cracked open.
Therefore, cybersecurity has rightly attracted the attention of many automotive experts. In 2015, security experts demonstrated how a modern, non-autonomous Jeep Cherokee could easily be hacked and “killed” while on the highway. Imagine the (negative) possibilities when said Jeep is fully autonomous and connected to its surroundings.
There have been many examples of controlled white hat hacks conducted from the outside of organizations by exploiting well known security flaws. Hackers penetrated these systems through a weakly-guarded gateway like an OBD port or WIFI connection. But what if the biggest danger doesn’t come from outside of the system? What if the biggest danger is from the components that make up the actual system?
For example, in 2015 Amazon found a tiny microchip nestled on a motherboard relevant to their new venture, that wasn’t part of their original design. After investigation, it was discovered that this chip was allowing Chinese intelligence agencies to allegedly modify widely-used motherboards to allow their spies to access the trade secrets of top American companies such as Amazon and Apple.
The small chip –as small as the tip of a pencil, was inserted at the supplier level. The microchip could alter an operating system’s core so it would accept modifications and contact computers controlled by the attackers in search of further instructions and code. Being that it was at the supplier level, the security of the entire supply chain was compromised, even if most companies didn’t know it yet.
In the automotive context, insecure supply chains could compromise not just a single vehicle on the road, but an entire fleet of vehicles and the ecosystem that they are connected to. A company could be brought to its knees within a day in such a scenario, and more dangerously, lives could be lost. While automotive executives may be spending substantial amounts of money securing their systems from traditional hackers, they will still be left completely defenseless to this kind of hardware-level hack.
Luckily, with science and technology — we are not reliant on myths, like Pandora’s Box, anymore for our understanding of the world; but the lesson stands: if we are to introduce revolutionary technology to the world we better be darn sure what we are doing.
If autonomous vehicles are to deliver their promise of safety, the system must be secure from every aspect of intrusion, and from the very beginning of the supply chain. Securing the supply chain is imperative to ensuring the integrity of the product. The key is taking a pro-active approach. You must take cyber security into account from day one developing end-to-end solutions with the aim of ensuring the highest possible degree of security at all times.
Would you toss in your keys for an autonomous ride anytime soon? Let me know in the comments or tweet me at @Miranda_LaBate.