Driverless Vehicles and Collaboration in Cyber-security

September 25, 2017

Cyber-security has been in the
spotlight in recent months as businesses of all shapes and sizes look to
preventative measures to protect their, as well as their customers’, interests.
While this urgency is infiltrating multiple sectors, including energy and
healthcare, concerns around the cyber-security of driverless vehicles are
coming to the fore.

Indeed, government has recognised this
need and recently published its key principles of cyber-security for connected
and automated vehicles. These principles are very welcome as are the US
Department of Transport’s more detailed guidelines issued in September
2016.  However, these guidelines will not in themselves create the
momentum required for the commercial players and government alike to
collaborate on this vital issue in parallel with the more ‘sellable’ elements
of promoting a driverless future. Indeed, as a law firm, we are calling for
more regulation and collaboration on this issue within the connected and
autonomous vehicle (CAV) market.  Cyber-security is complicated but, unless
the buying public perceives connected and autonomous vehicles to be safe, there
will not be a market for them.  We would go as far as to say that the CAVs
are going to have to prove themselves to be safer than human-driven vehicles in
order to be accepted as part of our daily lives.

This is an issue my firm feels so
strongly about that it has formalised its thinking into a recently 
launched white paper, CAVs:
a hacker’s delight?,
which discusses how
the motor industry and law makers need to work together to react to the
increased importance of all-things-cyber at greater length than this short
opinion piece will allow.

We argue that there is not enough
collaboration among the manufacturers themselves. The desire to be
first-to-market and create unique selling points means discussions on best
practice and setting standards are not sufficiently advanced. Despite all the
attractive operational factors surrounding driverless vehicles, ignoring or
underestimating the cyber threat is dangerous and could threaten the viability
of this type of transport and its ability to expand.

Manufacturers cannot continue to work
within their own silos. Instead, they should act more collaboratively, share
information and adopt best practice procedures, for the good of the entire
customer base and the protection of the industry’s future.  We have seen,
at first hand, the manufacturers within the UK Autodrive
consortium
(of which we are members) collaborating in this way and it is to
their credit that they have been exploring the interoperability of their
connected vehicle fleets in a bid to improve safety.  Recent
demonstrations with emergency brake warning and intersection collision warning
show what can be achieved.  More information including videos of those
demonstrations are available
here.

We do know that inappropriate and
excessive regulation can have a deadening effect on any developing
technology.  However, in a commercially attractive but competitive market
it is often regulation (whether self-imposed or government-led) that provides
the way in which commercial and other societal interests are balanced.

Responsible industry players usually
welcome good regulation, knowing that it provides a commercially level playing
field and reduces the worry that there could be a ‘race to the bottom’ where
safety and security is sacrificed in the short-term interests of market share and
profit. The automotive industry has a strong track record of improving safety
in a collaborative way as can be seen in the reduction of serious injuries and
fatalities in the last 25 years. That same spirit now needs to be applied to
the development of CAV technology, especially in setting communications
standards.

Stuart Young is a partner at Gowling
WLG and head of its auto sector team