Trust & Blame In Self-Driving Cars Following A Cyber Attack - Victoria Marcinkiewicz

good morning everyone uh welcome to my presentation um cyber security um in self-driving car technology uh following a following an attack on the car what happens to trust um after introduce my name is Victoria I'm a second year at College University PHD student um I do that full-time and also said that I also work for London Vehicles lots of the inside security itself so I Bridge both Academia and Industry so what am I going to be talking about today I'm going to be talking about um self-driving cars in general how they've come to be what some of the challenges are that lie ahead before focusing on where my Project's at and what I'm currently researching

so self-driving cars was just a thing of imagination and despite a few prior efforts it wasn't really until the early 2000s and the significant surge develop self-driving cars were eating cost and the goal of achieving a fully autonomous vehicle became an actual reality now this is actually of Automotive engineer since decided to Define what is actually meant by self-driving car because there's so many words for it about but you don't really know what it is on screen now is the definition that is currently in use and this is viewed through many iterations and as you can see there are six circuits ranging from Level zero to fully manual cars that you and I and everyone else drive I'll break

the way up to level five fully autonomous which means the car can fully operates by itself without any human interaction most circles like I say are Level zero or level one and we are beginning to see cars with level two capabilities and even level three but level three are definitely equal one new periods yeah so you may have seen the recent news headlines about opposite um they've actually just started a self-driving car bus trial you may have also seen that soon you'll be able to watch TV in your cars are these are all really exciting prospects however they're very far from reality of fully autonomous level that I started driving cars after this is part

of the push to get more vehicles on the road and more people using this technology about automation um what will really help drivers um whilst they're on the road how about whether or not we see um a world operating with level five uh autonomous it was the only time will tell that might sound a bit pessimistic um we're going to play a short video unfortunate sound is only going to come out of my laptops and be really quiet um so this is a really interesting video about some of the challenges um the the basic autonomous vehicles already the future is here and it has everybody talking tonight a video showing a self-driving car getting pulled over by

by police in San Francisco has gone viral on social media NBC bay area Stephanie magayan spoke with the man who took that video and has the story it looks like an ordinary traffic stop the operator number but then ain't nobody in it it turns into the scene of a futuristic movie because I haven't actually seen one of those cars actually drive autonomously see another stop the cruise always were laughing they might have been like embarrassed because a lot of people were looking at them at the time or they just thought the whole situation so I also a video about film today it turns out this car has actually started this will be really simple um just turning lights on when it's dark

it wasn't it wasn't it didn't go so that's one challenge we've got to overcome the Second Challenge obviously here is that the communication that these self-driving cars have been tested on the road wasn't there um so there's a number of interesting challenges that are already arising from the development and deployment scene of self-driving cars um because yeah the police have let's be unaware that this is going on um there's also some other challenges um the rest is what we're going to talk about cyber so as Vehicles continue to become smarter ensuring the cyber security best practices is becoming an increasing concerns I show most of the room already know um threat actors are evolving their

techniques and they're executed far more sophisticated attacks and we are also beginning to see cyber attacks impacting the physical world um I know in a talk early this morning was mentioned that there was an epilepsy gift that was put on epilepsy site and enforcement so that was a similar example it's an incident where an attack um happened a few years ago in Germany um and it was just some ransomware affection it crippled the um the systems of Dusseldorf University Hospital and there was a need to redirect patients now I've watched you as a result of this redirection one patient can be saved in time um and actually this is how it was a mistake um the threat actors were actually

trying to attack the universe itself rather than the associative Clinic um however since this incident there have been other attacks aiming to disrupt uh everyday life I think earlier Court mentioned the Florida um the poisoning efforts with water supply for Florida so it happens so what's all this got to do with cast well you probably guessed it cyber attacks like we've been discussing have the potential to obviously impact cars as well and this ultimately has the potential to diminish Trust so across the automotive industry the occurrence and reporting of Cyber attack is becoming more prominent I was having a happy reporter story on it for example car keyboards electric um vehicle charging system charging units

um there hasn't been one yet today where life-threatening incident has happened um however as colors become increasingly connected let alone autonomous the number of entry points is increasing um and yeah the attack surface is growing so like I said take for example electric cars one of the biggest vulnerabilities and energy points is the amount of electrical charge of noise um scaffolding across the country a recent report so that they can not only commit loss attacks but they can also allow hackers to cause disruptions steal energy as well as driver information credentials so cyber in the automotive industry like many other Industries is very much after all it's compact compartmentalize and community communication Department standards are not yet

but however by 2024 that is definitely standards emerging and there's going to become more of an obligation to integrate cyber security into the cars at the assembly stage now this is slightly warrant because self-driving cars are already being developed they're already being manufactured and considering what area is just beginning to think about the type of security in this step like I say of the elegant Sun however in addition to these kinds of theory standards we are also beginning with the individual companies place the miles on cyber security so for example BMW by 2024 they've announced that vehicles um their suppliers for the vehicle suppliers um are required to ensure that all driving control system units have no

direct communication to any customers internet-based devices so your phone anything like that so where do I finish this picture well I'm looking at once this has happened which predict projections or can't say inevitably well what has happened to this who sorry what type of Trust on SEC and who is to blame for the attack so we currently focusing on the first bullet point um now cyber security attacks you probably think that's quite a bold term and it's quite vague so my project began with narrowing down what we mean by a cyber security attack what nuances what characteristics of an attack is most likely to affect trust in an SEC so I've been drilling down into a few things

um I'll talk about that experiment one in a moment but severity and duration and frequency or three potential factors that quite a lot of literature out there quite obvious also attack trust is unlocked so experiment one um I use the future thinking style methodology in which we presented participants with a series of randomly ordered hypothetical news headlines about potential um self-driving cars and cyber instances imagines world where it has happened and this was done just to manipulate whether the thought of oh gosh it's cyber really impacts Trust the two group design um and one group experience headlines were um cyber specific terminology was used so we pulled that over and another group experience a condition where cyber

specific terminology was not used and that was called uh Cooper so what we found in this experiment in terms of trust and blame is that land is very very much dependent on the context across food conditions however overtly cyber condition maybe because they've been proven that were far more likely to attribute the blame to the hackers and attackers rather than saying employee and there are also characters where um joint blame happened so people blaming more than one entity although it wasn't possible in the study to determine the weight to yourself um with regards to trust uh we found that a reported incident um that had been that had used cyber specific terminology it wasn't trusted

any differently to an incident that hadn't used so that's actually quite an interesting finding that fiber's not that big scary world that everyone thinks it is um so despite this I might think oh no no significant couldn't find it I was actually able to draw some really useful insights so there were two um two headlines um where we did get a significant binding and that was the indication as I mentioned earlier that the more severe Cyber attack was was more likely to impact for us and also the nature of attack so if an attack was accidentally caused as opposed to the literary course this again was more likely to affect your trust ratings so we're currently conducting some

follow-on experiments to explore this and see what else people are out and why is this important you might be asking well ultimately humans are going to be interacting with this technology they're going to be the ones using it and if we don't have that trust in the technology trying to roll this out is really good your heart now I'm also fortunate enough to work on a side project this a research assistant on esrc jst funded project alongside my personal supervisors obviously for Morgan um we're working on a project with I say this project which is looking at legal liabilities and autonomous driving now I mentioned this only because towards the end of Japan as it was in last year and

we got to meet our carburetors and they're really interested in the developments in SCC cyber security so we're also currently working towards what exploring what happens to trust when as companies cyber Readiness and cyber response is good for that on that note I thank you all for listening [Applause]

regarding um security you find this in security and privacy of these electric cars what was your most concerning um find it in terms of privacy yes so privacy let's say I haven't quite delved down the resource um so yeah I don't really have to give you a comments about that question um what about the security aspects like in that case yeah so we looked more like the human side of it and the human vulnerabilities as to what makes human vulnerable rather than the tech side what the actual specifics are Victoria