As with any other system that is fully connected to the cyber world, CAVs face some of the same security issues. The three key elements potentially vulnerable to cyberattacks identified by Kim et al. 2021 are automotive control systems, autonomous driving system components, and V2X.
An automotive control system consists of an in-vehicle network that connects the main device and the other devices. These are classified as units and networks. The most important units are electronic control units (ECU) that manages all of the systems within the vehicle from powertrains to door locks.
The autonomous driving system consists of the components that “read” the roadway and surrounding areas. These are technologies such as GPS, Bluetooth, LiDAR, RADAR and cameras, central computer, and ultrasonic sensors.
The V2X communication technologies communicate with all of the other technologies including Vehicle ad-hoc networks (VANETs). Attack methods and defenses are being vigorously studied by the CAV industry and IT companies.
According to the National Highway Traffic Safety Administration (NHTSA) a comprehensive and systematic approach to developing layered cybersecurity protections for vehicles includes the following:
- A risk-based prioritized identification and protection process for safety-critical vehicle control systems;
- Timely detection and rapid response to potential vehicle cybersecurity incidents on America’s roads;
- Architectures, methods, and measures that design-in cyber resiliency and facilitate rapid recovery from incidents when they occur; and
- Methods for effective intelligence and information sharing across the industry to facilitate quick adoption of industry-wide lessons learned. NHTSA encouraged the formation of Auto-ISAC, an industry environment emphasizing cybersecurity awareness and collaboration across the automotive industry (USDOT https://www.nhtsa.gov/technology-innovation/vehicle-cybersecurity).
Figure 3. Categories of Attack Research on Autonomous Vehicles. Source: Kim et al. 2021.