Addressing cyber risk in self-driving cars and beyond
Climbing into a car has long been among the riskier things that people do—famously, the least safe part of an airplane trip is the drive to the airport.1 So it’s likely no surprise that self-driving cars’ safety is one of their most often cited benefits. Indeed, many expect the emerging mobility ecosystem,2 with increasing shared access to transportation as well as autonomous technology, to all but eradicate routine accidents.
|But as the future of mobility offers potential growth and new sources of value creation, it presents new types of risk. The very innovations that aim to enhance the way we move from place to place entail first-order cybersecurity challenges. And the dangers that promptly come to mind—such as hacked autonomous vehicles crashing3—only begin to scratch the surface; indeed, they may not even represent the most likely or high-stakes threats.
After a century of addressing mainly problems with engineering, automakers are facing a new set of challenges. Other industries are also dealing with cybersecurity issues, and players in the mobility ecosystem can look to similar solutions, although the specific implementation of those solutions would need to be carefully shaped to fit the auto industry’s unique needs.
What steps companies take also likely depend on which ecosystem roles they intend to play. In The future of mobility, we envisioned four co-existing future states of mobility: some quite similar to today’s landscape and others that posit more ambitious vehicle sharing and autonomous driving possibilities (see figure 1).4 In general, as more vehicle functions become connected and automated, the scope of the risks increase. And as more and more users access a single vehicle as part of ride- or carsharing services, the scale of the potential risks grows, too.
Figure 1: Cyber risk in the future of mobility
The path forward should incorporate a comprehensive approach to cybersecurity that makes connected vehicles and the associated ecosystems secure, vigilant, and resilient.
This likely involves a radical change to how organizations address cybersecurity:
Secure. Establish risk-focused controls around the most sensitive assets, balancing the need to reduce risk, while also enabling productivity, business growth, and cost optimization.
Vigilant. Develop monitoring solutions focused on critical business processes. By integrating threat data, IT data, and business data, companies can equip themselves with context-rich alerts to help prioritize incident handling and streamline incident investigation.
Resilient. Rapidly adapt and respond to internal or external changes—opportunities, demands, disruptions, or threats—and continue operations with limited impact to the business.
Cyber risk poses perhaps the greatest threat to the future of mobility, and data governance, privacy, and protection will likely be of paramount importance as individuals and organizations move to make it a reality. Just as collision warning systems and anti-lock brakes haven’t eliminated all road mishaps, a world of shared and autonomous vehicles can never be risk-free. A key challenge for players in the mobility ecosystem lies in making the degree of risk acceptable to both consumers and regulators. As automakers, technology companies, governments, and others place bets on how and when the future of mobility may unfold, those moves could be for naught without a broad understanding of the myriad cyber threats likely to emerge—and a concrete plan to address them.
To read our full report on cybersecurity and the future of mobility, visit https://dupress.deloitte.com/dup-us-en/focus/future-of-mobility/cybersecurity-challenges-connected-car-security.html.
1Aurelio Locsin, “Is air travel safer than car travel?,” USA Today, http://traveltips.usatoday.com/air-travel-safer-car-travel-1581.html.