Safeguarding the future of autonomous driving
The facts and figures
The UK public remains wary of driverless technology due to...
Experts at McAfee discuss the future of the autonomous driving sector.
The facts and figures
The UK public remains wary of driverless technology due to safety concerns:
Research from the Institution of Mechanical Engineers suggests two thirds (66%) of people in the UK are uncomfortable with the idea of travelling in a driverless car
When asked about their biggest concerns when travelling in a driverless car, over one quarter (28%) admitted being worried about the car not being able to deal with an external situation (such as an accident on the road) while two fifths (39%) said it would be having no overall human control of the car
Yet one in ten (11%) admitted their biggest concern was someone being able to hack or disrupt the car
McAfee’s ‘model hacking’: vehicle tricked into autonomously accelerating up to 85 MPH in a 35 MPH zone using just two inches of electrical tape
As with all new technologies, cyber criminals are constantly looking to target AI models and features. As a result, the McAfee Advanced Threat Research (ATR) team and McAfee Advanced Analytic Team (AAT) partnered to explore how artificial intelligence can be manipulated through research known by the analytics community as adversarial machine learning or, as McAfee calls it, “model hacking.”
McAfee ATR successfully created a black-box targeted attack on the MobilEye EyeQ3 camera system, utilised today in many vehicles including certain Tesla models. Through this attack, McAfee researchers were able to cause a Tesla model S implementing Hardware pack 1 to autonomously speed up to 85 mph, after manipulating the AI technology to misclassify a speed limit sign that read 35 mph.
Please see links below for more details about the research including what the team uncovered, as well as the potential implications it could have on the autonomous vehicle industry.
Video: McAfee demonstrates ‘model hacking’ in the real world
The implications of this research are significant:
By 2023, worldwide net additions of vehicles equipped with autonomous driving capabilities will reach 745,705 units, up from 137,129 units in 2018, according to Gartner.
However, there is more discussion and awareness needed about the potential pitfalls and safety concerns associated with such rapid acceleration in this technology.
Given this projected growth, it’s a rare and critical opportunity for the cybersecurity industry and automobile manufacturers to be ahead of adversaries in understanding how AI/machine learning models can be exploited in order to develop safer next-gen technologies.
Insights from Mo Cashman, Principle Engineer at McAfee:
What can manufacturers do to ensure greater autonomous vehicle safety as that industry develops?
“The automotive and cybersecurity industries will need to work together closely to design, develop, and deploy the right security solutions to mitigate threats both before they occur and after they happen. Unlike automotive safety, cybersecurity is not probabilistic. Threats come from a variety of sources, including intentionally malicious and unintentionally malignant. As a result, processes must be put in place to mitigate these cyber threats over the entire lifecycle of the product, from early design decisions through manufacturing to operation and decommissioning.
“With new systems come new attack surfaces and vectors – all of which should lead to new risk management considerations. Manufacturers must recognise this and take the appropriate measures for cyber resilience. Key actions range from conducting rigorous checks to using security tools to distinguish real threats from ‘noise’. Manufacturers must also ensure connections are secured from the cloud through to the vehicle endpoint, minimising vulnerabilities which hackers could use for their own gain.
“No matter the state of the threat landscape today, best practices for automotive security are an evolution and amalgamation of both product safety and computer security. By collaborating with the cybersecurity industry, the automotive and manufacturing sectors can research, develop, and enhance products, services, and best practices for a more secure driving experience.”
Can cybersecurity researchers and the manufacturing industry get ahead of adversaries by identifying weaknesses in underlying systems within autonomous vehicles?
“Those organisations manufacturing autonomous vehicles or autonomous vehicle components have a clear opportunity to adapt and learn from the foundational principles, lessons learned, and processes developed over the past decades in cybersecurity. By doing so, they can get on the front foot to find vulnerabilities and shore up security before autonomous vehicles become the norm on our roads.
“The broad adoption of state-of-the-art sensors that utilise analytics technologies represents a fascinating opportunity in the cybersecurity industry. It’s one of those very rare times when researchers can lead the curve ahead of adversaries in identifying weaknesses in underlying systems and be a true enabler of a new business. With ‘model hacking’, McAfee and other cybersecurity organisations have an opportunity to influence the awareness, understanding and development of more secure technologies before they are implemented in a way that opens them up to adversaries. However, doing so will require cross-industry collaboration. With founding roles in organisations such as the Open Cyber Alliance, McAfee believes that industry collaboration is fundamental to building more secure systems.
“Just as we will continue to identify and actively work to solve a cyberthreat ahead of its use in the wild, manufacturers will also need to implement best practices security processes and solutions to mitigate both current and future threats. Additionally, cyber threat intelligence sharing will be key to ensure greater security across all models of autonomous vehicles.”
Tips for manufacturers:
Conduct rigorous checks. There are times when a product functions in a way developers/engineers didn’t expect it to perform, as evidenced by McAfee’s research. Perform rigorous checks and validations, considering new scenarios and edge cases that could be introduced in real-world use that perhaps the technology wasn’t specifically designed to handle. Additionally, McAfee encourages auto manufacturers to assess model hacking in systems.
Human-Machine teaming. Adversaries are human, continuously introducing new techniques. Machine learning can be used to automate the discovery of new attack methods; creative problem solving and the unique intellect of the security team strengthen the response.
Apply multiple analytic techniques and closely monitor changes. Protection methods include multiple techniques, for example noise addition, distillation, feature squeezing, etc. In addition, implement statistically-based thresholds and closely monitor false positives and false negatives, paying attention to the reason for the change.
Take a ‘one enterprise’ and systems approach to security and risk management. Many organisations still operate in silo and this needs to change. Threats enter from multiple routes. As a result, increased collaboration and achieving one unified view across the manufacturer’s digital workplace, cloud services, industrial controls and supply chain are necessary considerations if a manufacturer is to maintain a strong cybersecurity posture as it develops autonomous vehicles.
Build a strong culture of security. For manufacturers, safety is often a strategic pillar of the business. Signs are posted highlighting accident-free days and senior leaders are champions of the programme. Bring that same focus to cybersecurity.
For more information on manufacturing topics - please take a look at the latest edition of Manufacturing Global.
IMF: Variants Can Still Hurt Manufacturing Recovery
After a year of on-and-off manufacturing in the US, UK, and the eurozone, demand for goods surged early last week. Factories set growth records in April and May, suppliers started to recover, and US crude hit its highest price point since pre-COVID. As vaccination efforts immunise much of the US and UK populations, manufacturers are now able to fully ramp up their supply chains. In fact, GDP growth could approach double-digits by 2022.
Now, the ISM productivity measure has surpassed the 50-point mark that separates industry expansion from contraction. Since U.S. president Biden passed his US$1.9tn stimulus package and the UK purchasing managers index (PMI) increased to 65.6, both sides of the Atlantic are facing a much-welcomed manufacturing recovery.
Lingering Concerns Over COVID
Even as Spain, France, Italy, and Germany race to catch up, and mining companies pushed the FTSE 100 index of list shares to a monthly high of 7,129, some say that UK and US markets still suffer from a lack of confidence in raw material supplies. Yes, the Dow Jones has made up its 19,173-point crash of March 2020, and MSCI’s global stock index is at an all-time high.
Yet manufacturers around the world realise that these wins will be short-lived until pandemic supply chain bottlenecks are solved. If we keep the status quo, consumers will pay the price. In April, inflation in Germany reached 2.4%, and across the EU’s 19 member countries, overall prices have increased at an unusual pace. Some ask: Is this true recovery?
IMF: Current Boom Could Falter
Even as Elon Musk tweeted about chip shortages forcing Tesla to raise its prices, UK mining demand skyrocketed; housing markets lifted; and the pound sterling gained value. The International Monetary Fund (IMF), however, cautioned that manufacturing recovery won’t last long if COVID mutates into forms our vaccinations can’t touch. Kristalina Georgieva, Washington’s IMF director, noted that fewer than 1% of African citizens have been vaccinated: “Worldwide access to vaccines offers the best hope for stopping the coronavirus pandemic, saving lives, and securing a broad-based economic recovery”.
Across the globe, manufacturing companies are keeping a watchful eye on new developments in the spread of COVID. Though US FDA officials don’t think we’ll have to “start at square one” with new vaccines, the March 2021 World Economic Outlook states that “high uncertainty” surrounds the projected 6% global growth. Continued manufacturing success will in large part depend on “the path of the pandemic, the effectiveness of policy support, and the evolution of financial conditions”.
Mathias Cormann, secretary-general of the Organisation for Economic Co-Operation and Development (OECD) concurred—without global immunisation, the estimated economic boom expected by 2025 could go kaput. “We need to...pursue an all-out effort to reach the entire world population”, Australia’s finance minister added. US$50bn to end COVID across the world, they imply, is a small investment to restart our economies.