Autonomous Vehicles Face Cybersecurity Risks
Today, cybersecurity is a significant issue facing autonomous vehicle makers. Virtually any software that connects to the Internet is susceptible…
September 12, 2017 at 07:56 PM
4 minute read
The original version of this story was published on Law.com
Today, cybersecurity is a significant issue facing autonomous vehicle makers. Virtually any software that connects to the Internet is susceptible to a cybersecurity attack and autonomous vehicles will have at least one Internet connection.
In June 2017, U. S. Secretary of Transportation Elaine Chao announced the preparation of new autonomous vehicle guideline, which will be announced in the second half of 2017. They are expected to cover areas like state deference to federal regulations, reporting requirements for accidents and other incidents involving test and production vehicles, human-machine interfaces, consumer education and training, post-crash behavior, and crashworthiness.
Inside Counsel sat down with John McNelis of Fenwick & West, who represents high technology venture capitalists and companies from privately held start-ups to publicly traded corporations and advises these companies on procedures for protecting their intellectual property through patents, copyrights, trademarks, and trade secrets.
Secretary Chao met with auto executives and noted that while the future of autonomous vehicles is bright, “we have a responsibility to ensure that the new technology is safe and secure.” His emphasis on safe and secure imply that the 2017 guidelines may improve safety guidance by addressing safety issues peculiar to autonomous vehicles, including standardization of road markings and identifying conditions under which autonomous vehicles are not permitted to operate, according toMcNelis.
“The federal government has taken a wait and see approach to autonomous vehicle regulation hoping that industry action and state regulation provide enough guidance,” he explained. “Their trust was not rewarded. The federal government has seen that a lack of leadership in this area created a grab bag of guidance and state regulations that has caused confusion and slowed the testing and adoption of autonomous vehicles.”
According to McNelis, public acceptance of autonomous vehicles and safety are two reasons why the 2017 Guidelines must address vehicle data recording and sharing, privacy and cybersecurity. “People are justifiably concerned about their personal data being compromised and want to feel confident that consistent safety procedures are required.”
“One problem that exacerbates the inherent cybersecurity risk of autonomous vehicles is that some of these vehicles are developed by companies that are not original equipment manufacturers (OEMs),” said McNelis. “These companies modify a vehicle developed by an OEM by introducing software, sensors, and other devices that enable the vehicle to perform autonomous functions.”
Therefore, the autonomous operations are being built using software and hardware that is separate from, or in addition to, software and hardware designed by the OEMs. The autonomous functions also use computer networks that were not designed for a high level of automation and remote access, so this development bifurcation is ripe for cybersecurity gaps.
Recently, there have been several automotive cybersecurity breaches. In fact, in one breach, German researchers spoofed a cell-phone station and sent fake messages to a SIM card used by a vehicle's telematics system. This gave the researchers access to remote convenience features of the vehicle, which enabled the researchers to remotely unlock the vehicle's doors. Additionally, in 2015, two unauthorized individuals could hack into a vehicle using its Internet connection and remotely stop the vehicle on a highway. And, in 2016, another vehicle's Wi-Fi connection was breached and the driving systems were controlled remotely by an unauthorized party.
Any type of malware that can put your home computer or smart phone at risk can be modified to put autonomous vehicles at risk, according to McNelis. For example, ransomware attacks that encrypt all the data on your computing device can be modified to take control or stop the operation of a vehicle unless payment is made. A user of an autonomous vehicle may not have time to figure out a solution to a vehicle that is not operational due to ransomware. But, having an autonomous vehicle controlled by an unauthorized party due to a breach can result in intentional damage to the vehicle, people and property.
McNelis said, “Privacy, liability, and cybersecurity are three areas where significant legal questions arise. It is an exciting time for autonomous vehicles in both the technology and legal issues created.”
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllUS Reviewer of Foreign Transactions Sees More Political, Policy Influence, Say Observers
Pre-Internet High Court Ruling Hobbling Efforts to Keep Tech Giants from Using Below-Cost Pricing to Bury Rivals
6 minute readPreparing for 2025: Anticipated Policy Changes Affecting U.S. Businesses Under the Trump Administration
Senate Panel Postpones Vote on Reconfirmation of Democrat Crenshaw to SEC
Trending Stories
- 1Recent Decisions Regarding the Telephone Consumer Protection Act
- 2The Tech Built by Law Firms in 2024
- 3Distressed M&A: Mass Torts, Bankruptcy and Furthering the Search for Consensus: Another Purdue Decision
- 4For Safer Traffic Stops, Replace Paper Documents With ‘Contactless’ Tech
- 5As Second Trump Administration Approaches, Businesses Brace for Sweeping Changes to Immigration Policy
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250