Sep 21, 2018

AV complexity is the enemy of security

Illustration:Rebecca Zisser/Axios

The remote assistance, telematics, wifi and other core systems of autonomous vehicles have vulnerabilities that could let adversaries control safety-critical components like steering, braking, and the engine.

The big picture: Complex, novel systems fail in complex and unpredictable ways. AVs and their supporting infrastructure form one of the most ambitious interconnected systems ever conceived, but this complexity is the enemy of security.

Consider the problems encountered in securing even simple connected devices like webcams, doorlocks and (in recent years) conventional cars. Now imagine strapping yourself into the passenger seat of an AV, with hundreds of computers, in hundreds of millions of cars, and billions more sensors in and around the road itself, all talking to each other and connected to the internet, through yet-to-be-finished technology and yet-to-be-finalized standards. It’s no wonder 75% of Americans are concerned about autonomous vehicle security.

Fortunately, we have roadmaps for success, drawing on experience in automotive safety engineering and other cybersecurity domains:

  • Reducing attack surfaces — especially by eliminating capabilities and code unnecessary for normal or emergency operations — limits the frequency and impact of accidents and adversaries. Software development and debugging tools often remain in vehicles on the road, granting capabilities to adversaries without benefitting drivers.
  • Isolating and segmenting safety-dependent components reduces the resources required to shield them from hazardous or hostile conditions. A hacked infotainment system should not allow for control of braking or steering.
  • Securely deploying software updates across Ford, Tesla and other fleets increases flexibility and timeliness, at a lower cost than replacements with updated hardware.

Be smart: Security is among the most difficult issues for AVs. Where the once distinct domains of automobiles and cybersecurity have collided, good-faith collaboration can make new forms of mobility safer, sooner.

Beau Woods is a cyber safety innovation fellow at the Altantic Council's Scowcroft Center for Strategy and Security.

Read more stories like this in our new weekly Axios Autonomous Vehicles newsletter. Sign up here.

Go deeper

Trump acknowledges lists of disloyal government officials to oust

Photo: Mandel Ngan/AFP via Getty Images

President Trump on Monday acknowledged the existence of assembled lists of government officials that his administration plans to oust and replace with trusted pro-Trump people, which were first reported by Axios' Jonathan Swan.

What he's saying: “I don’t think it's a big problem. I don’t think it's very many people,” Trump said during a press conference in India, adding he wants “people who are good for the country, loyal to the country.”

Coronavirus only part of the story behind the Dow’s drop

Photo: Andrew Burton/Getty Images

As someone has certainly told you by now, the Dow fell by more than 1,000 points yesterday, its worst day in more than two years, erasing all of 2020's gains. Most news headlines assert that the stock market's momentum was finally broken by "coronavirus fears," but that's not the full story.

What's happening: The novel coronavirus has been infecting and killing scores of people for close to a month and, depending on the day, the market has sold off or risen to record highs.

Bernie's historic Jewish fight

Illustration: Sarah Grillo/Axios

Sen. Bernie Sanders would be the first Jewish presidential nominee of a major American political party — but that history-making possibility is being overshadowed by his conflicts with America's Jewish leaders and Israel's leadership.

The big picture: That's partly because we're all focusing on the implications of Democrats nominating a self-described democratic socialist. It's also because a candidate's religion no longer seems to matter as much to voters or the media, making the potential milestone of a Jewish nominee more of a non-event.