techUK attended CyberUK this week in Glasgow, the NCSC’s flagship cyber security conference. This blog is part of a series of insights from the two day event.
As part of the Safety and Cyber Security Stream at this years CyberUK conference there was a panel discussion focusing on the development of connected autonomous vehicles, and how cyber security might impact and challenge development.
Taking part were:
- Andy Davis, Transport Assurance Practice Director, NCC Group
- Darren Handley, Policy Lead – Connected and Autonomous Vehicles
- Richard Porter, Director, Technology and Innovation, Meridian Mobility
- Graeme Simpson, Engineering Service Lead – Cyber Protection, Roke Manor
- Speakers from NCSC
Key areas for discussion included how cyber security can be designed into all vehicles, who is responsible and what level should minimum standards be set at, as well as an attempt to better understand the current developments and timeframes.
The session began with speakers exploring and demystifying what connected and autonomous vehicles are, and how far from adoption the most sophisticated examples are currently. Discussion was split to look at both connection and autonomy separately, despite often being bundled together in these discussions.
For autonomous vehicles speakers detailed the scale by which features are measured in the field:
- Driver with Assistance
- Feet Off
- Hands Off
- Eyes Off
- Mind Off
Features in the first three brackets were discussed as readily available and adopted within current vehicles on the road, with the final two limited to certain circumstances and testing.
The connectivity roadmap was similarly categorised:
- Situation Awareness
Again, some features are more readily available and sophisticated than others in terms of connection and both aspects introduce potential threat vectors and risks to the cyber security of these vehicles.
The conversation evolved to discuss the current approach from Government and business. The Government position is that ‘Increased connectivity and autonomy will not adversely affect safety standards’ which rightly sets a very high bar in terms of what security standards these vehicles will be expected to meet before wide scale adoption. Indeed, some speakers touched on how this has meant that during development of autonomous vehicles organisations have been unable to rely on existing infrastructure like GPS, as they would not allow for the precision required to instil confidence and security in the fledgling technologies.
A related conversation around the development of safety standards followed with speakers discussing what level and standards are being developed. Here there was a significant discussion around the Five Stars Framework some of the organisations were participating in. This initiative is developing a graded scale for cyber security in this context and was widely acknowledged as an important exercise that represents a good foundation for better understanding in this space.
Finally, speakers were asked to predict when autonomous vehicles not requiring human input would be readily available and widely adopted. Predictions varied from 2021 (in very controlled circumstances and low adoption) to the middle of the 2030’s (wider adoption). Building trust in the technology was cited as a key challenge and as a reason not to rush to adoption without first overcoming the significant security and safety challenges that were discussed.