ASIS Foundation reports on impact of autonomous vehicles on security and technology

The ASIS Foundation detailed in its latest report the multifaceted landscape of autonomous vehicles (AVs) within security contexts, offering insights into the challenges and opportunities presented by the rapid advancement of AV technologies. This comes as autonomous vehicles are rapidly proliferating across land, sea, and air domains, revolutionizing various sectors and impacting markets, user behavior, and service attitudes. 

The report pointed out that while uncrewed aerial system (UAS) technologies have matured significantly, there is a surge in investment towards autonomous ground vehicles (AGVs) capable of carrying passengers and cargo. Simultaneously, countries with advanced expertise and infrastructure are actively developing autonomous weapons systems, presenting new challenges and ethical considerations. 

In its report, titled ‘Autonomous Vehicles: Threats, Risks & Opportunities,’ the ASIS Foundation identified that security practitioners must navigate this intricate environment to harness AV technologies while ensuring responsible and secure utilization. “They must comprehend varying regulatory landscapes, public sentiments, and security requirements across jurisdictions while addressing risks to critical infrastructure from both malicious and unintentional actors. Anticipated trends include heightened security concerns as criminal and terrorist groups adapt commercial AVs, challenges posed by affordable surveillance capabilities, and the interconnectedness of AVs across domains,” it added.

The report offers practical recommendations for security practitioners to leverage AV technologies while mitigating risks and challenges. From training and regulation compliance to cybersecurity measures, the guidance outlined in the report empowers practitioners to embrace autonomous vehicle technologies responsibly.

“Key threats to the safety and security of AVs relate to their safe operation and cybersecurity, since they are based on a combination of digital technologies, sensory techniques, and AI platforms,” Ishmael Bhila, Peter Lee, and Alison Wakefield, authors of the ASIS Foundation, identified. “The primary focus of the regulation of civilian AVs is safety, and the proliferation of AVs requires robust safety and quality standards. Ko-baszyńska-Twardowska, et al., identify six sources of potential hazards to UAV operation, which are equally applicable to other types of AVs.”

Some of these include human error due to such factors as poor communication among the operating team, insufficient training of personnel, fatigue, or pressure from a supervisor to deploy in inappropriate conditions). Failure to comply with procedures; failure of the vehicle or system; the appearance of another vehicle on a collision course; rapid deterioration in weather conditions; and deterioration in the performance of systems used in steering or navigation, such as GPS.

“Cybersecurity of AVs is also a significant concern since they communicate through wireless channels that are not secure by default,” the report detailed. “These platforms are liable to cyberattack by actors who intend to disrupt, damage, or tamper with AVs. Threat actors, which range from individual, autonomous attackers to organized groups operating as part of a criminal enterprise or on behalf of a nation-state, work to infiltrate, destabilize, or attack computer systems on which AVs operate.”

The report added that where AVs incorporate higher and higher levels of autonomous capability, signal disruption becomes less of a threat, but the AI involved in such systems brings challenges to ensure consistency, safety, and reliability. The cyber element alone poses multiple threats: damage can render a system unusable, hacking could result in control of an AV even being taken by criminals or terrorists, while spoofing—confusing the system—could have similarly disastrous consequences. 

Management of risks and threats presented by AVs is a pressing concern for security practitioners, especially as the technologies become more ubiquitous, with uncrewed aircraft systems being a key area of focus. As part of the growing cyber-physical organizational landscape, they must be cognizant of the security risks and threats to AVs being employed by their organizations or clients. 

This requires the recognition of such risks in organizational risk management frameworks, based on a strong understanding of prevention, detection, and mitigation countermeasures, as well as an awareness of challenges on the horizon and key areas of future innovation. A collaborative approach to security is also needed, in recognition of the pace of technological advancement and the complexity of the risk environment.

In contributing to the protection of such systems, security practitioners can capitalize on the benefits of AVs that are transforming other sectors and incorporate them more actively in the security arsenal: such technologies have never been cheaper or more accessible. They must also keep up to date with necessary legislation and regulatory requirements in the jurisdictions where AVs and autonomous systems are designed and built, as well as where they may be used or sold. With regulations proliferating, this challenge will only grow.

Looking to the future, the ASIS Foundation report identified trends that are anticipated. These trends include security concerns that will escalate as commercial AVs are increasingly adopted by criminal organizations and terrorist groups as lessons are learned from war zones like Ukraine and Gaza. The relatively low cost of sophisticated surveillance capabilities will challenge security, police, and military organizations. The interconnectedness of AVs in air, land, and surface and subsurface sea domains will further test security capabilities. Where commercial AVs rely on a live signal to operate, these will become increasingly vulnerable to hacking and spoofing.

In conclusion, the ASIS Foundation report recognized that AVs present pressing security challenges, both as a risk to be managed and as increasingly important organizational tools forming part of the cyber-physical landscape needing to be secured. The report highlights key considerations in delivering security in these two respects. AVs also have the potential to transform and improve security practices. The use of AVs has been trans-formative in many sectors and had a dramatic impact on markets, user behavior, and attitudes toward the services provided. 

Additionally, the security sector should anticipate such changes, while at the same time being prepared to contribute to the harmonization of service provision under multi-sectoral needs, national and international guidelines and laws, and public perceptions of the use of emerging technologies.

Anna Ribeiro

Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.