Home / Features / Security & Autonomous Vehicles – it’s not the drivers we need to worry about

Security & Autonomous Vehicles – it’s not the drivers we need to worry about

PA1-1711TfL’s refusal to renew Uber’s licence makes us think about the safety and security of Londoners as they move around their city. In fact, any citizen of any city where Uber operates.

The point is not to get into the detail of the story itself. We can be confident that, one way or another, this issue will be resolved. It is what it tells us about current perceptions of security, in the context of new technologies and operating models that is important.  

Security considerations in the future will have to look beyond human threats
What makes the Uber story interesting, is that it uncovers an issue that, if left unresolved, presents us with far more complex threat than unlicensed taxi drivers. Nothing is more important than ensuring the safety of our citizens, and goods, as they move around the world. But as we look to the future, is it the licensing of taxi drivers that poses the biggest threat to our safety and security in the transport sector?

The challenge is, we’re still thinking about safety as a human issue. Particularly from a security perspective. At the moment, we’re worried that the driver of a private hire taxi might be a criminal or a threat. But what if the car has no driver? Or if the criminal doesn’t need to drive the car to engage in illegal activity?

We need to do more than explore autonomous vehicle security
Driverless cars are a real prospect. Though our recent report [link to report] indicates that they will not be on our roads for at least a decade, more than 78% of those we surveyed believe that we are only at best at the ‘exploratory thinking and testing’ phase when it comes to law enforcement and security around autonomous vehicles.

A decade is not long if you consider the complex and integrated infrastructure, systems and laws that will have to be developed to make them safe for us to use.  Criminal law can often take over a year to make it onto the statute books and that is often tackling a problem that we understand well.  As autonomous vehicles edge closer to becoming reality, who is doing something about the security considerations?

Who is even thinking about it?
UK government recently announced the launch of its MERIDIAN programme, and has offered £100m to support the testing of AVs, including a security dimension. However, this focuses primarily on data and cyber security, rather than physical or criminal threats.

And, to be fair, the FBI did, in 2014 acknowledge that AVs could be used as ‘lethal weapons’, but this hasn’t developed much further than initial studies.

Progress is important, and we should be harnessing the benefits of this innovative technology. But these vehicles need to be safe, and the security risks around them need to be mitigated.

There are steps to be taken, but we all need to work together
So that we can ensure that progress is made to make sure Connected Autonomous Vehicles (CAVs) are safe and secure, this is what needs to happen, with some speed:

  • Understand and communicate the true security threats of autonomous vehicles
    Across the Co-operative Intelligent Transport Systems (C-ITS) community, we need to have a shared understanding of the true security threat of autonomous vehicles might be. We can imagine that terrorists might seek to use driverless cars in similar attacks to those currently undertaken by human drivers. But what about other criminal uses, such as drug trafficking or robbery? Until we know more, we can’t design our transport systems in a way that keeps our citizen’s safe.
  • Develop a unified approach to security; from auto-manufacturers to law enforcement
    There are many agents who need to be involved in developing a security response to autonomous vehicles, from the car manufacturers to policy makers and law enforcement agencies. What is clear is that there is a lack of co-ordination, with some groups focusing on cyber threats – as the Meridian project outlines – and, as our report shows, others considering the stopping powers on a car that has no driver. So, the Ministry of Justice, Home Office, NPCC, CCAV, to name a few, need to collaborate and find an approach, and ultimately a response, that all parties are happy with.
  • Negotiate international standards
    It will be fantastic if we are able to make progress in securing autonomous vehicles in the UK within a relatively short time frame. This would demonstrate the UK’s commitment to CAV’s and that we are an open economy for disruptive technologies. However, if the standards we develop are totally out of synch with our European counterparts, for example, then the security risks will be mitigated in different ways, or worse, not at all, in certain parts of the world. We need to agree how we will tackle international criminal acts where there is no driver in the car, and consider the challenges this will pose in terms of jurisdiction and differing laws.

As the Uber example shows, we are not even currently managing the current threats that could be posed by disruptive vehicle technology. So how will we tackle the next generation of that, in the form of autonomous vehicles?

Our findings show that an open, honest and integrated approach needs to be taken to ensure that the UK, nor other countries, are left vulnerable to the new threats that driverless cars might present. Delve into more of the detail on this in our latest report, “Autonomous Vehicles: What are the roadblocks?”
If we don’t develop the right strategies to mitigate these threats, we risk developing a mode of transport that exposes already overburdened enforcement agencies to a roads eco-system they are not properly prepared for. ◆

David Oliver,  PA Consulting

David Oliver,
PA Consulting