As the autonomous vehicle (AV) industry continues to grow, so too does the risk for AV related cyberattacks. Experts suggest commercial AVs face a greater risk of hacking due to the high-value goods they carry. Companies like Wal-Mart and Amazon have been testing self-driving trucks over the past few years, and the United States Postal Service recently began testing these vehicles on long-haul routes with short turnaround times.
Members of the United States Senate have expressed concerns regarding the vulnerability of AVs to cyberattacks. The presently stalled AV START Act included provisions meant to protect vehicles from being hacked, such as ensuring the security of parts throughout the supply chain, and requiring all AV manufacturers to develop and execute a plan for reducing cyber vulnerabilities. Despite the lack of any federal regulation on the matter, AV manufacturers are partnering up with cyber security companies to detect and prevent both known and unknown threats. For example, BlackBerry, the former smartphone producer, has developed software installed on over 150 million cars globally, and is designed to protect vehicles’ connected systems and autonomous driver assistance systems.
While hackers seeking to make a profit may target commercial AVs, personal vehicles are not immune from cyberattack. A recent staged attack during a test drive of Tesla’s Model S and Model 3 using the Navigate and Autopilot features, by security company Regulus Cyber, discovered spoofing attacks on the Tesla GPS receiver could be carried out wirelessly and remotely. The staged attack caused the car to slow down and unexpectedly drive off the main road. The driver, however, was able to immediately take manual control. The results of the test raise the issue of what type of protections AV manufacturers will implement to prevent GPS spoofing attacks on fully autonomous vehicles where there is no driver behind the wheel.
The Association of British Insurers recently stated the technology in driverless vehicles must be able to detect and stop cyberattacks and breaches of data security before they can be considered safe enough to steer themselves without a driver at the wheel. Thus, these cyber security risks illustrate one of the number of ways automobile insurance will change as completely autonomous vehicles begin to hit the road. For instance, insurance providers can insure against cyber theft, ransomware, hacking, and the misuse of information, bringing in additional premiums. Such insurance will be a necessity where a hacking attempt could potentially ground an entire fleet of connected driverless shipping trucks, resulting in millions of dollars of lost revenue.
It is only a matter of time before the federal government passes widespread legislation regarding AVs. As has been seen from past iterations of the AV START bill, compliance with cyber security provisions will likely be included in any bill eventually signed into law. In the meantime, the cyber security industry continues to partner with AV manufacturers to develop comprehensive safety measures to prevent cyberattacks. Insurance providers, similarly, should also prepare for and adapt to a driverless future subject to cyberattacks. While a full driverless future is likely still many years away, cyber security risks are presently very real as vehicles become increasingly connected, and businesses continue to test fleets of driverless trucks. Insurers should explore the opportunity to provide new insurance products, particularly in the cyber security area.