News

In a Tech Briefs presentation, a reader asked our automotive expert: “How can we achieve autonomous cars without 100-percent cybersecurity?”

Read the response from Barbara Czerny, an author of the Ground Vehicle Standard known as J3061. The SAE-developed guidelines establish a framework for designing cybersecurity defenses into the automotive development process.

Czerny, a Sr. Technical Specialist Safety and Cybersecurity at ZF TRW, was one of many speakers in the Tech Briefs presentation: SAE International J3061 – The World’s First Standard on Automotive Cybersecurity. Her response is below.

Barbara Czerny: This is an excellent question. We can also ask how to achieve autonomous vehicles without 100 percent safety. Right now, we have autonomous advanced driver assistance systems; these systems can interact with the vehicle without the drivers’ desire. They actually can control the vehicle independently of the driver, with respect to braking, throttle, and steering.

Barbara Czerny, Sr. Technical Specialist Safety and Cybersecurity at ZF TRW

So, how can we have any of this without 100-percent safety and 100-percent cybersecurity?

The answer is that we can release these systems into the public because we follow a well-structured and well-defined process with respect to safety. We can have a high degree of confidence with the built-in checks and balances within the process. With the process, we can ensure that we have correctly identified and addressed the potential hazards, and assessed them correctly, with respect to Automotive Safety Integrity Level (ASIL), [a risk classification scheme defined by the ISO 26262 - Functional Safety for Road Vehicles standard].

J3061 provides a well-defined, well-structured cybersecurity process to follow. If we follow a methodical approach to developing our systems, to make sure that we've correctly identified and addressed the potential high-risk and higher-likelihood vulnerabilities to be exploited, then we can have a higher degree of confidence that the system, when it gets released, will be secure from a cybersecurity perspective.

We can never guarantee 100% security, but by following a methodological approach that has the appropriate checks and balances put into it, we can have a high degree of confidence. That high degree of confidence is what allows to be able to deploy not only autonomous vehicles in the future, but also the advanced driver assistance systems at the present time.

This response has been edited for the web.

What do you think? Does a methodology like SAE J3061 give you a high degree of confidence in autonomous vehicle security? Share your comments below.

The U.S. Government does not endorse any commercial product, process, or activity identified on this web site.