As we march down the path of autonomous vehicles, both on the roads and in the air, collisions remain the dominant security issue of the news cycle. While we certainly want vehicles to avoid collisions whenever possible, we need to sound a much different alarm: Are manufacturers addressing cybersecurity concerns, and do they even have access to the talent pool to solve that problem?
Most commercial environments deploy defenses against cyberattacks, as do many households. To stay in familiar territory, let’s talk about protecting against malware – software created by hackers to do mischief on your computer system. Whether it is to steal credentials, for use to launch a larger attack or to shut down your system until you pay a ransom, malware is a problem. Now, imagine that attack hitting an autonomous vehicle or a drone heavy with packages to deliver.
Why current techniques won’t work
The current techniques a manufacturer would use to prevent this include anti-virus software similar to what you might use at home. You know, the one that updates its list of known viruses and patches periodically and then scrubs your system. This works fine if you can wait a few days or weeks for your anti-virus provider to identity and fix the effects of the malware. But for autonomous vehicles driving you, sharing the road with your children in a school bus or delivering packages in your neighborhood, do you really want to wait a few days for those systems to become secure? I don’t.
How private and government talent can solve the problem
The cybersecurity requirement for these autonomous systems is high. It’s a standard that few commercial entities have had to meet and that few government agencies have achieved. To make these systems viable, we would need support from the best cybertalent the government has to offer. A recent study from Intel, in partnership with the Center for Strategic and International Studies (CSIS), found that a whopping 82% of IT pros admitted to a shortage of cybersecurity talent. Collaboration between private organizations and the government is a must.
Again, I mean to sound the alarm. Most reporting on autonomous vehicles focuses on how well they “see,” but we need to be much more concerned about who they “listen” to. Without fail, these systems must only respond to the commands they should, each and every day, without fail. That is our highest cybersecurity bar and requires all hands – both private and government – on deck.