Unmanned and autonomous vehicles: solving the cybersecurity puzzle
By Richard E. Baker, PhD
Director of Master’s Programs
Reflecting back on the year 2018, I’m struck by the amount of change and progress in the unmanned and autonomous industry.
Let’s start with safety, privacy, and security -- three of the top concerns among the public regarding autonomous vehicles of all types. During 2018, initial distrust about safety has begun to shift slightly as technical issues arose and the industry responded with safety improvements and increased reliability. The Federal Aviation Administration’s release of Part 107 in 2016 has resulted in drones being accepted in commercial businesses. They are expected to impact the economy to the tune of $127 billion by 2020.
The interest of companies like Tesla, Uber, and Google in autonomous vehicles has received widespread coverage. Other forms of unmanned transportation are also coming into the limelight. Partly as a result of persistent media attention, the general public has begun to accept the increasing use and improved reliability of unmanned vehicles.
While confidence in the overall safety of these vehicles is rising, we are also seeing more attention being paid to potential cybersecurity risks. If we look closely at how UAVs evolved, we can see the basis for this concern.
The technological development of mobile robotics or unmanned vehicle automation has been taking place for years. All unmanned vehicles require software that governs their control systems, payloads, interfaces, and autopilots (the “smarts” of the systems). They utilize integrated information processing and physical processing for control, mobility, navigation, data collection or payload operation. Navigation by the Global Positioning System (GPS) or by an inertial navigation system; autopilot (cruise control); sense-and-avoid or anti-collision systems; and anti-lock braking systems are well-known examples of automation technology available today. Unmanned and autonomous systems are dependent upon communication systems that are networked (both internal and external). They are cyber domains and subject to cybersecurity threats.
The trend of automation in unmanned vehicles is toward full autonomy through advancements in robotics and artificial intelligence (AI). As a result, our lives will become more and more dependent on software-controlled devices and vehicle systems (partially or highly automated). However, computing systems have a tendency to become susceptible to faults and failures because of cyber-attacks and software and hardware defects. Cybersecurity is critical to mobile robotics and will impact the public’s trust and acceptance.
Cyber attacks are typically carried out in order to misdirect, misinform, misguide, or misuse. Attacks may be directed at interrupting communications, jamming sensors, misinformation through spoofing, attacking the control system and making the vehicle behave in an inappropriate manner, causing damage to the vehicle or payload, stealing data, or altering data from the sensors. Any of these may have disturbing impacts that range from simple misdirection of the vehicle to theft of high-value data to misuse of the vehicle to perform an inappropriate, illegal, or terrorist act.
Hacking is neither expensive nor difficult, for those with a little know-how. One of the first public media covered events was a demonstration by University of Texas at Austin Professor Todd Humphreys in 2012. With approval from the Department of Homeland Security, his students were able to feed misinformation to a drone and take control of it. Their hack cost them less than $1,000.
In 2009, BBC News reported an incident with extremely serious repercussions: Iraqi insurgents took advantage of an unprotected communications link and were able to capture live video feeds from unmanned aerial vehicles flown by U.S. forces, thus potentially gaining intelligence about possible targets. The software used to accomplish the attack was worth $26.
Cybersecurity will affect the foundation of trust for mobile robotics; and, consequently, it will influence the degree to which the technology is effective, as well as its acceptance by people. Combating the threat will take some innovative thinking and counter measures. Research is being conducted to address this critical issue; given the fast pace of technological innovation, however, it’s a moving target.
That said, we can start with two general principles. First, we need to emphasize the need for cybersecurity and training. Second, we should begin addressing cyber threats through risk assessments, identification of threats, and implementation of security and response strategies. With the right combination of tools, expertise, and resources, the challenge can be addressed – and, indeed, it must be. Cybersecurity is critical to our future use of unmanned and autonomous systems and their reliability.