If you’re like us, you think that the increasing possibility of owning a driverless car is one of the most exciting things to happen in the automotive industry since the creation of the convertible. It seems incredible that, within a few years, driverless automobiles won’t just be limited to science fiction films and novels – they’ll be a reality.
That’s the good news. The challenge is that there are many complications inherent to the design, development, creation and distribution of these vehicles. Among the most serious problems is the risk of cyberthreats. Driverless cars will, by their nature, rely far more heavily on computer systems, many of which will be connected to the Internet. As we’ve already seen, this creates a very real danger, as malicious hackers could potentially infiltrate and even gain control of these systems, and therefore the cars themselves.
As auto manufacturers move closer towards full-scale driverless vehicle production, the need for cybersecurity measures will become essential. Companies need to begin preparing for this eventuality as soon as possible. Adopting high-quality software security tools, such as Klocwork and OpenLogic, are key first steps in this area.
Driverless car vulnerabilities
The potential danger cyberthreats pose for driverless cars was highlighted by a recent report from the United Kingdom’s Department for Transport. The DfT’s Pathway to Driverless Cars study emphasized some of the most obvious advantages that these vehicles will offer, such as improving road safety and providing drivers with more free time – both benefits to be enthusiastic about.
“Driverless cars will quite possibly connect to other vehicles and their surroundings.”
But the cybersecurity concerns are undoubtedly troubling. The report noted that in addition to being connected to the Internet, as I noted above, driverless cars will also quite possibly connect to other vehicles and their surroundings. This creates a huge number of potential access points that cybercriminals could take advantage of to hack into cars’ systems. And in the case of driverless cars, the computer systems susceptible to such attacks will be absolutely critical, covering everything from braking to steering and beyond.
We’ve already seen these threats emerging in the context of increasingly automated, interconnected cars on the market today. Notably, BMW was recently forced to address a cybersecurity flaw in its ConnectedDrive software that left millions of its vehicles vulnerable to cyberattack. The most worrisome aspect of this vulnerability was the fact that hackers could potentially gain control of vehicles’ door locks – an obvious security threat. But that pales in comparison to the potential damage a cyberattacker could cause by infiltrating a driverless car.
With all these threats established, the question becomes how car manufacturers can continue to develop driverless cars while addressing these risks.
The DfT report offered some guidance in this area. Specifically, the study called for government oversight, tasking agencies to “liaise with manufacturers and stakeholders to ensure an appropriate level of protection from unauthorized access, control or interference for automated vehicles engaged in testing.”
“To develop truly safe, secure driverless vehicles, car manufacturers need to take the initiative.”
In reality, though, government oversight is not likely to be sufficient. To develop truly safe, secure driverless vehicles, car manufacturers need to take the initiative, and they need to do so as soon as possible.
Embracing Klocwork and OpenLogic represents a powerful step in this direction. Klocwork, a static code analysis tool, identifies coding flaws and potential vulnerabilities in real time as developers work, and then proposes alternatives – something no other analysis tool offers. This means that developers can focus on features and hit their deadlines while still improving the reliability and security of their coding efforts. Effectively, Klocwork delivers real-time testing for developers. And as the DfT report and numerous industry experts have noted, rigorous testing is imperative for automotive cybersecurity.
OpenLogic’s open source scanning further improves cybersecurity by identifying where open source is being used, as well as any potential problems associated with these packages. Open source is an invaluable resource for developers, but it can pose a threat unless combined with oversight. OpenLogic delivers a report that identifies all instances of open source throughout the developers’ code, then runs a comparison with a national vulnerability database. This allows car manufacturers to ensure that none of the open source code they utilize is potentially a security risk.
Combined, these two tools present a powerful, effective approach to cybersecurity for any manufacturer looking to offer driverless cars in the near future.