Keeping the Driverless Car Unhackable – Securing the IIoT in Autonomous Systems

Protecting an autonomous system requires security that keeps connected software from bleeding vulnerabilities across individual networks.

One of the key drivers of the Internet of Industrial Things (IIoT) is automating systems that were previously operated manually. The IIoT helps these systems go autonomous, whether it’s cars, medical systems, or the power grid. These complex systems require the coordination of multiple software components distributed across diverse platforms. Securing these complicated systems is not simple.


RTI, IIoT, connected systems, cybersecurity, autonomous cars, robots, predictive maintenance

This diagram shows the complexity involved in securing an autonomous system. (Image source: RTI)


Two recent examples of connected systems that are difficult to secure include the Jeep Cherokee hacking and the Target attack. The Jeep Cherokee hackers entered through the infotainment system and gained access to the steering and braking functions. At Target, the intruders entered through the HVAC system and gained access to the point-of-sale registers.

To ensure security, intelligent system manufacturers must meet demanding requirements that include safety, security, and fast data processing. Satisfying these mission-critical control requirements is much more challenging than the early stage IIoT implementations that focused on monitoring equipment for predictive maintenance, cloud analytics, and optimization.

The advanced technology needed to develop and secure autonomous systems including connectivity software, sensors, robotics and data-centric security, will be discussed in the session, Connecting & Securing the IIoT's Autonomous Systems, at the Embedded Systems Conference in Boston, April 18 and 19. The session is presented by Bob Leigh, director of market development for Autonomous Vehicles at RTI.

Isolating the Problem Networks

One of the challenges of a complex system is keeping the overall system running when one of its individual network is breeched. “In a control system you don’t want a breech in security to shut down the network,” said Leigh. “You need to continue to function in a crippled state. You isolate the breech and let the system continue, especially if you’re talking about an autonomous vehicle.”

In the instance of an driverless vehicle, there are multiple individual networks that work in conjunction with each other. “For an autonomous car, you have a mixed network environment. The networks can include WiFi, a satellite network, applications, and fleet management systems,” said Leigh. “You have a private network over a public system as well as an in-car network that is controlling the car – turning the wheel and applying the brakes. Many different vendors contribute hardware and software to the system, and these systems have to work with each other. That’s a lot of different access points.”

Securing the System, Application by Application

Each of the individual networks in an autonomous car has to be protected, even from each other if a breech occurs. “You want outside vendors to be able to access the cloud, but you don’t want anything that is public to access the control system in the car,” said Leigh. “A GPS map should not have access to the wheel control. If there is a vulnerability in the car, you need to minimize the impact.”

If an intruder gains access to one of the networks, it has to be stopped within that network. “With the Jeep Cherokee hacking, there was a flaw that let the hacker go in through the infotainment system and get to the control functions,” said Leigh. “You have to create a design that contains each network and isolates it within the system.”

While each of the individual networks needs to be protected, it also has to be protected based on its function and the vulnerability of its data. “With our strategy, we don’t secure the data. Instead, we secure how it’s moved between systems. We secure the dataflow based on its purpose,” said Leigh. “With control data, you don’t encrypt it because it’s not secret, and encryption is a burden. Yet you do encrypt the map because you don’t want anyone to access your location. You customize the security based on use or application.”


Rob Spiegel has covered automation and control for 17 years, 15 of them for Design News. Other topics he has covered include supply chain technology, alternative energy, and cyber security. For 10 years, he was owner and publisher of the food magazine Chile Pepper.


As the Internet of Things (IoT) pushes automation to new heights, people will perform fewer and fewer “simple tasks.” Does that mean the demand for highly technical employees will increase as the need for less-technical employees decreases? Cees Links, wireless pioneer, entrepreneur, and general manager of the Wireless Connectivity business unit in Qorvo, will address these questions, as well as expectations for IoT’s impact on society, in this ESC Boston 2018 keynote presentation. Use the Code DESIGNNEWS to save 20% when you register for the two-day conference today!


Comments (2)

Please log in or register to post comments.
  • Oldest First
  • Newest First
Loading Comments...