Last week, Trillium’s CEO attended the awards ceremony for the Red Herring Asia 2017 competition in Manila. On this spectacular occasion, Trillium is proud to accept the Red Herring Top 100 Asia Award. We are honored to be recognized for the creativity and hard work of our growing team by the renowned Red Herring leadership and community. We want to express our sincere and heartfelt thanks to all our supporters, and hope we can continue to grow together.
Autonomous vehicles are here today, and unbeknownst to many, they are already on public roads, test driving next to unsuspecting traffic – this is done before proper legislation to protect innocent bystanders is put into place.
This reality is one that causes great concern among the few who are aware of it. There is almost no regulation at a local level, and the technology is still very much in the development phase. Even worse, much of the development is conducted on public roads, right alongside human drivers. What will prevent an experiment from turning into an accident, potentially taking lives in the process?
Luckily, you will not have to fear for the safety of public roads much longer. On Tuesday, September 12th, the US National Highway Traffic Safety Administration (NHTSA) administered their updated guidelines on development of Autonomous Drive Systems (ADS). This document helps local governments develop their own regulations, as well as providing businesses developing ADS a clear message of what will and will not be tolerated.
It is no surprise that vehicle cybersecurity is listed as one of the 12 essential safety design elements. Without cybersecurity, a vehicle becomes a hacker’s plaything – allowing them to take complete control of the car, including steering, braking, and acceleration. The possibilities for malicious abuse of autonomous cars are endless, ranging from extortion to remote cyber terrorism. The NHTSA stresses the importance of cybersecurity, stating that entities developing ADS “should insist that their suppliers build into their equipment robust cybersecurity features. Entities should also address cybersecurity, but they should not wait to receive equipment from a supplier before doing so.” The message is clear and urgent; implement cybersecurity at every level, and do it quickly.
Trillium agrees, and we are ready to help suppliers, developers, and OEMs implement these guidelines today. Trillium has partnered with the world’s largest automotive IC vendor, NXP, to provide support for Trillium’s SecureCAR platform on NXP’s next-generation S32K automotive microcontrollers (MCU). Our modular, multilayered approach also allows for developers of ADS technology to add cybersecurity directly onto their existing hardware today – without requiring costly changes to their underlying systems.
It is essential that the industry adopts these guidelines quickly and immediately, especially as autonomous vehicles are deployed on an increasingly larger scale. As connectivity and reliance on machine learning increase, so will the damage hackers can cause. Autonomous cars are set to shift the entire transportation landscape, with companies rolling out entire fleets within the next ten years. One rogue autonomous car is a hazard, an army of hacker-controlled vehicles is an avoidable, unnatural disaster.
“Software is eating the world” – perhaps no other phrase better sums up the era in which we live. In this increasingly interconnected world, new software-driven technologies continue to revolutionize every aspect of our lives. One important consequence of this innovation has been the rise of smarter medical devices, such as software-controlled pacemakers, which have contributed towards increasing the average life expectancy in the US every year for nearly the past quarter century. Now these life-giving devices, to which many owe their lives, are squarely in the crosshairs of hackers.
On August 29th, the US Food and Drug Administration issued a recall on St. Jude Medical pacemakers, stressing that the means to conduct an attack on these pacemakers are easily and commercially available today. Despite the reported ease of accessibility of the hack, the potential consequences are grim: hackers would have the ability to either drain the battery or administer incorrect pacing, with either attack resulting in a sudden cardiac arrest. Such an event can easily prove fatal if proper medical care is not administered immediately.
While no cases have been reported thus far, all pacemakers of the recalled model require an update to their firmware, one that allows only verified parties to make changes to its settings. This process will no doubt carry a hefty price, both in time spent and resources used to carry out the modification. The lack of a secure path to quickly update the settings of these devices is a key issue in this case, once again stressing the necessity for seamless over-the-air updates in modern technology.
The FDA has set a strong example: no longer shall cybersecurity be treated as an inconvenience. It is of utmost importance that device manufacturers, physicians, and patients all heed this warning. Trillium agrees, and looks forwards towards a world in which every device is safe from hackers, but until that day, we must strive to improve cybersecurity in not just one industry, but in every industry. Trillium’s portfolio of lightweight, scalable, and effective cybersecurity solutions were created with this goal in mind.
Trillium had a great run at the Technology in Motion conference last week! It was a great event filled with informational speeches and populated with the best in the industry. We would like to extend a special thanks to our partners who visited our booth, as well as the organizers and judges who saw fit to award us with the User Experience Award!
We’ve all heard of this famous thought experiment: if there was a trolley heading down the tracks towards five people, and you had the choice to divert the trolley to an alternate track with only one person, should you do so? This question is perhaps the simplest way to demonstrate the complex ethical challenges facing the deployment of autonomous cars.
It is crucial that in this early stage of the autonomous revolution, governments must legislate a specific code of ethics for autonomous cars to prevent horrendous abuses of this newfound power. Germany, for example, has taken a step in the right direction, recently releasing a report on automated and connected driving. In this report, they outline 20 guidelines regarding the ethics of autonomous vehicles. These initial guidelines form an important precedent, for the first time giving manufacturers a clear idea of what core principles their autonomous systems should follow.
A few key points within the report highlight several necessary changes to vehicle systems:
- The driver of a vehicle retains their rights over the personal information collected from that vehicle. Use of this data by third parties must be with the owner’s informed consent and with no harm resulting.
- The vehicle should have an aviation-style “Black Box” that continuously records events, including who or what is in control at any given time.
- The threat of maliciously hacking any autonomous driving system must be mitigated by effective safeguards. Software should be designed with a level of security that makes malicious hacking exceedingly unlikely.
The first point demonstrates the necessity of maintaining privacy within a vehicle. Without respecting the rights of the vehicle owner, an OEM is infringing on that person’s right to privacy. Trillium shares this concern, and as such we have developed our SecureSKYE data mining and analytics solution with the consumer’s protection in mind every step of the way.
The second point demonstrates the importance of data integrity. This “Black Box” will be as crucial a safety feature as seatbelts and airbags historically has been, allowing improvements to be made to prevent future crashes. Without data integrity, however, any data recorded will be useless as it is open to manipulation by malicious third parties. It will only serve as a convenient collection of data for cybercriminals to steal. Trillium addresses concerns of data integrity with SecureCAR encryption, authentication, and dynamic key-lock pairing, placing the data safe behind multiple layers of security built from the ground up for automotive applications.
The third point demonstrates the importance of system-wide use of a multilayered security solution. Any cyber-security system requires not just one, but multiple layers of security to effectively safeguard against attacks. Each additional layer of security lowers the success rate of an attack exponentially. Trillium strongly agrees, offering an extensive portfolio of modular security solutions to allow for complete use of all available security resources, no matter the computational strength of the system.
Without flexible, multilayered security and customizable data analytics, manufacturing safe autonomous and connected cars is an impossible endeavor. More countries need to recognize the pressing importance of the matter before it’s too late. Germany understands the threat that autonomous and connected cars will bring, and we hope to see more countries adopt similar guidelines within the near future.