Driving a new future for autonomous vehicle technology

Liz James, Senior Security Consultant, NCC Group

Imagine a world where your local bus route runs autonomously, or your weekly food shop is delivered by a self-driving truck. The UK has taken a step closer to that reality this month, with the Department for Transport (DfT) launching its vision for rolling out autonomous vehicles on the road by 2025, in Connected and automated mobility (CAM) 2025: realising the benefits of self-driving vehicles.

The plans include a £100m investment commitment, and could see the creation of 38,000 jobs. £34m of this investment will support safety developments and inform more detailed legislation, with primary laws introduced as part of the Transport Bill slated for 2022-23 that will provide the broad structure of a new legal framework.

Of course, with any exciting step towards a more technologically-enabled future, comes risk. Autonomous vehicles do take away the element of human error leading to potential physical safety risks (as the Government’s vision states, human error is currently a factor in “over 80% of collisions that result in personal injury”). However, the technology underlying self-driving cars, trucks and coaches could make vehicles more vulnerable to cyber attack. The possibility of a hacker remotely taking charge, denying access or bypassing the authentication mechanisms (such as key fobs or your phone) to of a self-driving car is real; in fact, NCC Group demonstrated just this on a non-autonomous vehicle earlier this year.

It is important to recognise the interconnected nature of these cyber security and physical safety risks. We believe that a secure platform is a necessary first step toward the creation of a safe one. Encouragingly, the Government’s vision for autonomous vehicles aims to reassure on both fronts. Its deployment plans include the development of comprehensive regulatory, legislative and safety frameworks, in an attempt to both provide certainty for innovators and investors, and confidence for the public that the technology underlying autonomous vehicles is safe and secure.

In rolling out CAM on UK roads, the proposal states the Government’s work will be built around three pillars: ensuring safety and security; securing industrial and economic benefits; and delivering societal benefits. This first pillar is very much in line with the ‘embedding safety and security by design’ principle in the Government’s existing vision for the future of transport in the UK.

To achieve this, the proposal states it will establish a new safety ambition for self-driving vehicles that will shape safety assurance and legislation; it will also address public concerns to build trust and willingness to use self-driving technologies. A Government-backed report from the Centre for Data Ethics and Innovation (CDEI), published on the same day as the DfT’s vision, explored the work needed to reassure the public of the safety of self-driving vehicles – even if the technology is safer on average than human-driven cars. It has informed the Government’s ‘safety ambition’ – equivalent to that of a competent and careful human driver. A public consultation on this safety ambition will run until October.

Legislation to clarify responsibilities and support a safety framework, that allows for continued innovation, will also be introduced. To realise the full potential of autonomous vehicles, the proposals state the UK must “transform the way we ensure safety”. This will be led by the aforementioned safety ambition, and guided by National Safety Principles, intended as statutory guidance: is the vehicle technically safe? Should the vehicle be permitted to drive itself? Where the vehicle needs no driver at all, is there a responsible operator behind it? Are vehicles safe when used on roads? How can we use real-world evidence to continuously improve and update our assessment requirements?

The Government also stated its intentions to develop and implement new safety and cyber security assurance processes, including new safety requirements and test processes both before vehicles are in use and for their whole lifetime. CAVPASS (Connected and Automated Vehicles: Process for Assuring Safety and Security) was a body of work launched in 2019, which explored the breadth of systems that would need to be safety and cyber resilience assured to help deliver self-driving vehicles. CAVPASS is discussed in depth in this new vision, with CAVPASS workstreams intended to help deliver the new safety framework. One of these workstreams will focus specifically on cyber security and data. It will ensure developers and operators of autonomous vehicles follow “appropriate consideration” of cyber and data security and resilience needs, as well as exploring how we can manage and mitigate such risks, and facilitate forensic investigations should cyber incidents occur.

The workstream will also consider international cyber security regulations for CAM, including those set at the UN Economic Commission for Europe (UNECE), and any additional requirements that could be incorporated. This work will also look at potential barriers to these aims; for example, any current legislative issues that might prevent new cyber research and development.

The vision of course explores many more areas that will help deliver driverless vehicles by 2025; it includes the preparation of existing and new road networks and infrastructure, the UK’s future connectivity needs and the safe integration of CAM technology into the smart cities of the future [- areas we will explore in more detail over the coming weeks].

Key to all of this will also be ensuring vehicle manufacturers understand how regulatory frameworks evolve, and how they must make sure their autonomous products are safe, secure and compliant.

Though it is clear that much work is needed before we fully embrace self-driving vehicles on UK roads, these commitments are an exciting glimpse into the not-too-distant future of CAM – and a world where the safety and security of transport is bolstered by exploring new technological boundaries.