30th Floor, North Tower, Beijing Kerry Centre, 1 Guanghua Road, Chaoyang District, Beijing, 100020
+86 10 8519 0011
50th Floor, Central Plaza, 18 Harbour Road, Wan Chai, Hong Kong
+852 2521 5621
Room 4605, Park Place, 1601 Nanjing West Road, Jing An District, Shanghai, 200040
+8621 6321 1166
Suite 2405, 24/F, SCIA Tower, Qianhai Shenzhen-Hong Kong Modern Service Industry Cooperation Zone of Shenzhen, Shenzhen, 518000
+86 755 6123 5666
Select your language
Please accept the geolocation request appearing in your browser
Find other officesOUT-LAW NEWS 2 min. read
01 Mar 2021, 4:29 pm
An EU report has recommended that manufacturers of autonomous vehicles should make cybersecurity the central element of digital design to combat the risk of malicious attacks on software.
The report by the EU Agency for Cybersecurity (ENISA) and the Joint Research Centre (JRC) warned that the artificial intelligence (AI) systems in autonomous vehicles were vulnerable to intentional attacks designed to disrupt safety functions. Such attacks could take various forms from manipulating the AI system or disrupting communication channels to physically placing paint on a road to confuse navigation systems or stickers on a stop sign to prevent the vehicle from recognising it.
Cybersecurity expert Christina Kirichenko of Pinsent Masons, the law firm behind Out-Law, said the report would help raise awareness of the issues relating to digital security in the transportation sector that could help accelerate regulatory action within Europe.
“ENISA gives a list of measures taken by EU and internationally with regard to cybersecurity in transportation and motor vehicles in general, which highlights there have been just a few concrete steps taken so far,” Kirichenko said.
Recent steps mentioned by ENISA include the revised Directive on Security of Network and Information Systems, which was adopted by the European Commission at the end of 2020, as well as regulations on cybersecurity and software updates adopted by the United Nations Economic Commission for Europe in June 2020.
“In the EU, there is a lack of sufficient legislation, detailed technical requirements and standardisation for both AI and autonomous driving. The absence of clear, defined technical requirements or standards for autonomous driving would significantly decelerate the adoption of type approval for autonomous vehicles as well as vehicles with automated functions,” Kirichenko said.
Kirichenko said ENISA’s recommendations for coping with cyber security challenges for autonomous driving were particularly important. She said in certain scenarios they could be used as a guide for the minimum technical and organisational measures required to mitigate AI cybersecurity risks in autonomous driving.
The report suggests (58 page / 1.99MB PDF) that security assessments of AI components should be performed regularly throughout their lifecycle, in order to ensure that a vehicle always behaves correctly when faced with unexpected situations or malicious attacks.
It also recommends the adoption of continuous risk assessment processes supported by threat intelligence could enable the identification of potential AI risks and emerging threats related to the uptake of AI in autonomous driving. Proper AI security policies and an AI security culture should govern the entire supply chain for the automotive sector, according to ENISA.
The report includes detailed risk assessments for five hypothetical attack scenarios, which can be used by equipment manufacturers, suppliers and AI developers as guidance to conduct their own risk assessments.
Kirichenko said the development of legislation and regulations across the EU and in individual member states risked making the regulatory environment in this area tricky to navigate.
“In the end, the interplay of all existing and – first and foremost – future rules that could apply to cybersecurity in motor vehicles, connected cars including cars with automated functions and autonomous driving cars, AI in general, as well as relevant cybersecurity and resilience rules in telecommunications sector could become uncomfortably complex for all stakeholders. Legislative actions should come quickly but be very well thought out,” Kirichenko said.
Contact an adviser
Stay ahead by signing up to our weekly email of news and expert analysis, tailored for you
Autonomous vehicles
Valid email address
Thanks, we have sent an email to
Please check your inbox to confirm your subscription. The confirmation email may take up to 15 minutes to arrive.
• Check your spam or junk folder
• Ensure your email address was entered correctly.
• You can amend your details and resubmit if required
• If the email has still not arrived, please contact us for assistance
OUT-LAW NEWS
An historic ruling against a multi-million pound libel suit highlights the needs for broader speech protection laws in the UK, according to an expert.
OUT-LAW NEWS
Australia’s new mandatory merger control regime will enter its next major phase this week, on 1 April, introducing additional notification thresholds and voting power rules that expand the number of transactions requiring clearance.
OUT-LAW NEWS
Plans for a new opt-in licensing regime for heat networks in Scotland will be welcomed by operators – although they may face waiting almost two years for their implementation, according to an expert.
We use cookies that are essential for our site to work. To improve our site, we would like to use additional cookies to help us understand how visitors use it, measure traffic to our site from social media platforms and to personalise your experience. Some of the cookies that we use are provided by third parties. To accept all cookies click ‘accept all’. To reject all optional cookies click ‘reject all’. To choose which optional cookies to allow click ‘cookie settings’. This tool uses a cookie to remember your choices.
Please visit our cookie policy for more information.
