The UK government wants the country to be a leader in autonomous vehicle technology.
We saw this in the Queen’s Speech, when the government outlined its intention to introduce an Automated and Electric Vehicles Bill.
The proposed legislation will ensure the UK is “at the forefront” of the driverless car revolution.
These vehicles will fundamentally change our roads and the way we think about car ownership.
But change on this scale also brings new risks.
Cyber attacks have already become one of this year’s defining threats. Hackers are continually evolving what they exploit and how they exploit it.
The recent WannaCry attack, which crippled the NHS, proved nothing is off limits to these criminals.
Autonomous technology means vehicles will soon resemble computers with wheels.
Cellular inputs, navigation systems and a growing myriad of other computers (or endpoints) are increasing the potential attack surface — making them more vulnerable to attack.
The risks are exemplified by 2015’s Chrysler incident, where hackers were able to remotely operate a Jeep’s radio, air conditioning and windscreen wipers, before disabling the vehicle’s transmission as it drove 70mph down a US highway.
After a year underground, the hackers found a way to execute more malicious commands, such as operating the accelerator and turning the steering wheel at breakneck speeds.
Luckily for Chrysler, the saboteurs were actually security professionals researching different ways criminals might attack an autonomous vehicle.
It turns out there are many.
It is, therefore, critical for the government to use the upcoming Automated and Electric Vehicles Bill to set out a framework for clear security standards, so consumers can see how at risk their vehicle is.
While there are things the automobile industry can do to improve security, it will ultimately be the government who set the standards for our roads.
The Department for Transport’s consultation last year into driverless cars examined safety, but omitted cyber security.
We know cyber is on the government’s agenda, but it is unclear if the upcoming bill will include provisions to introduce security standards for this emerging technology.
If proper standards aren’t put in place, the repercussions for consumers could be severe.
Vehicle theft, invasions of privacy, and serious injury are all possible — not to mention the potential commercial and reputation damage that could be inflicted upon manufacturers if security is not up to scratch.
The government has a role to play here.
They’ve already set codes of practice for testing driverless vehicles on roads, and have stated the upcoming bill will ensure insurance continues to cover these vehicles.
They must also use this opportunity to address the security issue.
This could take the form of a standard or label, allowing consumers to judge how cyber-safe their vehicle is.
The test or certification could even be taken into account when assessing the overall safety rating of a new car.
Just as other electronic goods come with safety certificates, a similar system could be introduced to cover autonomous vehicles — and applied to Internet of Things enabled devices more generally.
This would give consumers the ability to make an informed decision themselves, while driving up standards across the industry.
This new, transformative technology is closer than ever before, but a clear policy framework with guidance for consumers appears further on the horizon.
Policies must be put in place before driverless cars become a critical and mainstream part of our transportation network.
To protect consumers, the government must make this part of the Automated and Electric Vehicles Bill.
Decisive policy action needs to be taken now, so we remain ahead of the hackers.