The Next Cybersecurity Weapon: Self-Driving Cars

A new report shows that the fastest growing crime in the world is cyber-crime. Commenting on the Hiscox Cyber Readiness Report 2017, Hiscox CEO Steve Langan said that in 2016 “cybercrime cost the global economy over $450 billion, over 2 billion personal records were stolen and in the U.S. alone over 100 million Americans had their medical records stolen,” reports CNBC.

That’s a big number, but Ernst & Young’s 2016-17 Global Information Security Survey reports that cyber crime damage could reach costs of $6 trillion annually by 2021.

If 2017 has been any indicator, we’re absolutely on the path toward even more disruptive cyber futures. This year’s recent WannaCry Ransomware attack which infected over 220,000 computers is evidence of that, and as more of our household objects become internet-connected “smart objects,” we’ll only see those infection numbers rise. The real terror may not be cyber-attacks that affect the machines in our kitchens, but rather cyber-attacks that affect our machines on the road.

Elon Musk Worried About Self-Driving Fleet Security

Cars have been undergoing the transformation from analog to digital for some time now, but only in the last couple of years have the truly exciting advancements been made. The first self-driving delivery truck delivered its payload in Colorado in October 2016, while 27 different companies are already testing self-driving tech on California’s roads. With self-driving cars so close to becoming a reality, many are worried that the security measures won’t be up to par to keep these self-driving machines from turning into the 1-ton missile at the tip of a cyber-attack.

Elon Musk’s top cyber-security concern is just that: preventing a fleet-wide hack of Teslas, though he uses a less doom-and-gloom framing of harms:

“I think one of the biggest risks for autonomous vehicles is somebody achieving a fleet-wide hack,” Musk said in response to a question from North Dakota Governor Doug Burgum at the National Governors Association summer meeting. “In principle, if somebody was able to hack, say, all of the autonomous Teslas, they could, say—I mean just as a prank—they could say like ‘send them all to Rhode Island’ from across the United States. And that would be like, well OK, that would be the end of Tesla. And there would be a lot of angry people in Rhode Island, that’s for sure.”

Whether sending them careening over the edge of a cliff or sending them all to Rhode Island, hacks that result in these kinds of actions would be the undoing of any and all trust in self-driving cars. So what’s the solution?

Of Solution and Setback: Only Time Will Tell

The solution is better cybersecurity, which means more cybersecurity experts — but, unfortunately, there’s vast short of the right skills currently on the market. According to research from ESG, approximately 45 percent of organizations claim to have a problematic shortage of cybersecurity skills.

Another problem is that policymakers, those who decide what types of regulatory measures belong in cars, may not listen, may not pass legislation quick enough, and may pass outdated legislation when they do. However, some policymakers have begun to visit cybersec gathers, such as the Black Hat USA conference, held annually in Las Vegas.

Nevertheless, if the government fails to pass legislature in an effective timeframe, there’s always the private sector. Despite the apparent shortage of skills, cybersecurity startups are experiencing somewhat of a boom. According to CB Insights, investors put $3.5 billion into cybersecurity companies last year alone, reports Business Insider. If the US took UK  National Crime Agency (NCA) tactics to heart, perhaps these companies wouldn’t have a hard time attracting talent.

The BBC reports on a new rehab camp aimed at diverting teenagers caught hacking and performing cyber-attacks away from crime and towards constructive use of their skills. After the weekend, one attendee said: “Now I know cyber-security exists it sounds like it would be something I really, really want to go into. You get the same rush, the same excitement, but you are using it for fun still, but it is legal and you get paid,” he told BBC. “So, it’s every kind of benefit.”

While there are many hypothetical solutions on the table, we likely will not know what works and what doesn’t until self-driving cars are on the road. Until then, we should be thinking about the safety of our roads and how to keep self-driving cars from becoming the next cybersecurity weapon.