“In the EU, there is a lack of sufficient legislation, detailed technical requirements and standardisation for both AI and autonomous driving. The absence of clear, defined technical requirements or standards for autonomous driving would significantly decelerate the adoption of type approval for autonomous vehicles as well as vehicles with automated functions,” Kirichenko said.
Kirichenko said ENISA’s recommendations for coping with cyber security challenges for autonomous driving were particularly important. She said in certain scenarios they could be used as a guide for the minimum technical and organisational measures required to mitigate AI cybersecurity risks in autonomous driving.
The report suggests (58 page / 1.99MB PDF) that security assessments of AI components should be performed regularly throughout their lifecycle, in order to ensure that a vehicle always behaves correctly when faced with unexpected situations or malicious attacks.
It also recommends the adoption of continuous risk assessment processes supported by threat intelligence could enable the identification of potential AI risks and emerging threats related to the uptake of AI in autonomous driving. Proper AI security policies and an AI security culture should govern the entire supply chain for the automotive sector, according to ENISA.
The report includes detailed risk assessments for five hypothetical attack scenarios, which can be used by equipment manufacturers, suppliers and AI developers as guidance to conduct their own risk assessments.
Kirichenko said the development of legislation and regulations across the EU and in individual member states risked making the regulatory environment in this area tricky to navigate.
“In the end, the interplay of all existing and – first and foremost – future rules that could apply to cybersecurity in motor vehicles, connected cars including cars with automated functions and autonomous driving cars, AI in general, as well as relevant cybersecurity and resilience rules in telecommunications sector could become uncomfortably complex for all stakeholders. Legislative actions should come quickly but be very well thought out,” Kirichenko said.