nCipher Security Blog

For autonomous vehicles, there’s a difference between security and safety: part I

Brad Beutlich More About This Author >

Self-driving or autonomous cars are coming. Whether the buying public likes it or not, they’re coming. The advantages are as clear today as they were when the automobile was poised to replace the horse. It’s just a matter of when…not if.

In the early days of the automobile, it was enough that you were driving a car on a paved road, at a speed greater than that of a horse. Then, as more and more cars were driving on more and more paved roads and cars were able to reach greater speeds, the buying public started to be concerned about safety. When the Nash Motor Company introduced the seat belt in 1949, the other manufactures accused Nash of ‘requiring’ seat belts because their cars were unsafe. It wasn’t until the 1970s that phrases like seat belts, air bags, safety glass and crumple zones became part of the automotive vernacular.

Seat belts were included in all US-sold cars by 1968, but it wasn’t until 1986 that states like California legally mandated the use of seat belts. With all of these safety enhancements, the number of US deaths has dropped from 7.13 deaths per million miles traveled in 1949 to 1.16 deaths per million miles traveled in 2018. That’s quite an improvement, but the number of overall deaths across the US has increased during the same period by over 6,000 annually (see this entry for figures).

If you’ve ever wondered which car is the safest, you cannot find that answer. The Insurance Institute for Highway Safety (IIHS) measures safety by vehicle type from compact car to SUV and everything in-between. In the new and upcoming world of autonomous vehicles, a new category will be necessary for evaluation: security of the car. ‘Security’ and ‘safety’ in this new world will be very different.

All vehicle safety features are based on the survivability of an accident. All bets are off if you decide to drive your own car off a cliff or into a tree. With an autonomous vehicle, however, it’s not inconceivable that someone or some group would want to take control of a car or a group of cars in order to cause harm. Automakers won’t be able to subdivide security ratings by vehicle type like they’ve subdivided safety ratings. No one in their right mind would purchase an autonomous car with a less than perfect security rating because all of the safety ratings are based on “accidents”, not intentional harm.

Because of this fact, automakers have no choice but to provide their cars with the same level of security as you might find in a military fighter jet. The technology does exist today to better secure the manufacturing, privacy and system-updating environment in autonomous cars but it’s expensive to design, expensive to build, expensive to maintain and it won’t last forever.

The next problem will be that an automaker won’t want to maintain liability for an autonomous vehicle made 50 years earlier let alone 10 years earlier, even if there’s a profit associated with that maintenance. In order for these vehicles to remain secure over time, the security parameters must also change over time. Planned obsolescence will creep into the automobile business, potentially forcing the US government to mandate a limited life span of autonomous vehicles in order to guarantee their security and minimize liability.

It's conceivable that in the future, automakers will not sell their autonomous cars but will rather provide them with a closed-ended lease. This limited life will guarantee that the security systems keep pace with the fast-paced hacker crowd.

Another option might be that in the future, automakers or some other entity will provide vehicles on a subscription bases. Similar to the Ubers and Lyfts of today, you will summon a car to take you to a destination but without a driver. This option has a number of very interesting scenarios. With this option, all of the maintenance (including keeping up the security systems) would be the responsibility of the entity that owns the car and not the “rider”. Additionally, this would mean that a vehicle would end up being driven for greater than the average 10K miles per year and would therefore not last 20 to 30 years before being decommissioned and recycled.

The new world of autonomous cars will be more disruptive than the advent of the first car 133 years ago. Our whole view of road transportation will need to be reevaluated. Once Vehicle to Vehicle (V2V) technologies start allowing cars to avoid each other, the theory is that when more cars communicate with each other, the number of accidents will decline. By that logic, the number of overall deaths should also decline.

Additionally, if cars can communicate with each other, a line of cars on a freeway will be able to travel at a higher speed with less distance between them. This would mean that traffic jams could be eliminated and fuel economy improved by cars drafting each other. This would allow for more cars on current roads, which will decrease the expense of widening freeways. If these theories are born out, there is little doubt the US government will start removing non-autonomous/non-communicative vehicles from the road.

Visit nCipher’s dedicated landing page to learn more about connected vehicle security – and stay tuned for part II of my blog, where I delve further into the security question.

You can also follow the company on Twitter, LinkedIn, and Facebook.