Connect with us

Hi, what are you looking for?

Loan And Finance

Insuring the Cyber Risks of Connected and Autonomous Vehicles


Authored by AXA UK Managing Director of Underwriting & Technical Services David Williams

All modern vehicles now include driving assistance, control units, sensors and ubiquitous internet connections. However, the future needs to be anticipated now, and it is a future of fully autonomous vehicles, connected to each other, to road services and to infrastructure.

This article is part of the AXA Research Fund’s upcoming report, Building Cyber Resilience: Threats, Enablers and Anticipation. The full contents of the report will be available in November.

All modern vehicles now include driving assistance, control units, sensors and ubiquitous internet connections. However, the future needs to be anticipated now, and it is a future of fully autonomous vehicles, connected to each other, to road services and to infrastructure.

As vehicles become more connected to their external environment, the vulnerabilities and opportunities of attacks increase dramatically, including for example threats on engine controls, tyre pressure monitoring systems or wireless key fobs. For example, in 2015, a remote attack was carried out against a Jeep Cherokee through its connected entertainment channel and resulted in physical control of the braking system, amongst other elements.

The insurance industry is working hard to understand the new class of cyber risks brought by autonomous and connected vehicles. It is a big challenge, as insurance companies traditionally rely on data to price their products and provide services to their customers. Most of the data is historical data based on the performance of millions of previous policies and customers, which enables us to accurately predict overall outcomes. Today in the vehicle insurance sector, all this data comes from the operation of manual vehicles with little or no connectivity. To embrace autonomous vehicles, we need to change strategy and model the risks based on scientific understanding and modelling, rather than on data from past experience.

We need to understand how vehicles will connect and interact, as this is the entryway for any attacker, and to detail what autonomous systems and technology will be deployed, as this helps to understand the hazards incurred. For example, hacking of an automated brake system will affect not only the passengers but also very possibly, the other users of the road, whereas a dysfunctioning navigation system might drive you safely at least… but to an unwanted destination.

Advertisement. Scroll to continue reading.

However, due to the volume of control modules and microprocessors, new vehicles can have around 100 million lines of code across 50 engine control units or more. In practice, there is a high probability that we ignore vulnerabilities as detailed code reviews and security evaluations are infeasible. These vulnerabilities can compromise one of the vehicle control mechanisms. For example, an attack could target the vehicle’s sensor network, falsify the sensor data, or exploit control modules directly. To properly assess the vulnerabilities and manage or insure the pertaining cyber risks, we need to understand the functionality of each of the individual components, the vehicle design and the interaction between components.

Future intelligent vehicles will be increasingly connected to the internet, accept over-the-air updates, become Wi-Fi hotspots, and communicate with other internet-enabled devices such as vehicles or infrastructure. This means that the most severe security threats are still to emerge.

In addition, vehicles are also the entry point into many other vehicles and the wider infrastructure. This means that a hacker gaining physical or remote access to a vehicle can use it as a gateway to cause wider disruption. Given this possibility of physical access, simply removing internet or remote access to vehicles does not remove the risk entirely if vehicles can still connect to each other. Therefore, key security methods to protect connected and autonomous vehicles against cyber-attacks will likely be a coalition of cryptography, statistical anomaly detection systems, and software integrity solutions.

With much of this technology still being in the test phase, insurers have struggled to obtain data to run their usual risk-and-pricing models. To fill this gap, insurers now seek to embed themselves in the development work in order to gain a greater understanding of the subject. For example, the Association of British insurers has set up the ‘Autonomous Driving Insurance Group’ which liaises with motor manufacturers, to obtain information on new technology and to run track tests. The data and information we obtain from involvement in these areas will enable us to build analytical models, helped by AI and machine learning. This should prepare us for when these vehicles become more widely available. Connected and autonomous vehicles are a global phenomenon and sharing across borders will help to enrich this process, for example using resources like the National Vulnerability Database in the US. Practical experience can be gained at facilities such as the Thatcham Motor Vehicle Research Institute in the UK and the AXA Crash Test Centre in Switzerland.

Finally, despite a very important technological focus, many experts believe that the weakest link in terms of cyber-attacks on connected and autonomous vehicles remains the human element. User behaviours are key to issues ranging from not operating systems properly, being influenced by external communications, tampering with equipment or just not quickly installing security software updates. Awareness of user behaviours and a more balanced focus between studying the cutting-edge technologies themselves and how we interact with these technologies is necessary to ensure autonomous and connected vehicle insurability.



Source link

Advertisement. Scroll to continue reading.
Click to comment

Leave a Reply

Advertisement

Latest

Technology

Editor’s take: Second Life founder Philip Rosedale is returning to Linden Lab to help navigate the company and its groundbreaking virtual world through the...

Social Media

Twitter has published a new report which looks at how brands can maximize their success on the platform, based on evolving consumer trends and...

Loan And Finance

Authored by FloodFlash FloodFlash is taking a trip back in time. Extreme flooding forms one of the key sequences in the Bible. But it’s not...

Technology

Join gaming leaders, alongside GamesBeat and Facebook Gaming, for their 2nd Annual GamesBeat & Facebook Gaming Summit | GamesBeat: Into the Metaverse 2 this...

Loan And Finance

The NFL playoff schedule for the 2021-22 season is set and the 14 teams that have a chance to get to the championship game...

Technology

​UniCC, the largest carding site operating on the dark web at the moment, has announced its retirement, after reportedly generating $358 million in sales....

Top Stories

The House of Lords Economic Affairs Committee — an investigative governing body representing the economic interests of the United Kingdom — has released an...

Technology

Apple doesn’t seem all that keen to bring USB-C to an iPhone and while there is still a chance that it could happen with...

Advertisement

You May Also Like

SEO Guide

There are all kinds of pictures of the world on the internet, but to find one of these specific pictures that you want to...

SEO Guide

How to index website on Google? Do you want to drive more organic traffic to your new website? I am sure your answer is...

Blogging

In this post, I will discuss the top ten profitable blogging niches ideas for Adsense approval and high traffic. whether you use Blogger or...

SEO Guide

Want to rank in Google image search? Images that you use as a featured images when writing a post actually appear on Google Images...

Advertisement