Could Public Cloud Pose a Security Risk to Autonomous Vehicles?

Open-source machine learning algorithms, such as those available in the public cloud, could create major safety risks for autonomous vehicles.

I work with IT and business leaders in the auto industry every day, and they’re constantly thinking about what’s next, what new services they’ll need to offer, and how autonomous vehicles will fundamentally change the way they build cars. One of the biggest changes will be the sheer amount of data that autonomous vehicles produce.

By 2030, it’s predicted that each vehicle could be generating up to 10 terabytes per day, or one zettabyte across the whole industry. For comparison, that’s about the same amount of data as the entire world’s internet traffic from the whole of 2016. Every single day.

That means automakers and OEMs will no longer be just manufacturing companies – they will be software companies with a manufacturing arm. Today, automakers are in the process of building the IT infrastructure they need for that autonomous future, where data analysis with machine learning will be one of their most important business functions.

It’s an emerging market, so every company wants to gain first-mover advantage. Many are building new platforms and applications on third-party algorithms, rather than going through the time-consuming process of coding the software in-house.

But there is a very big risk here. Using open-source or third-party algorithms may fundamentally undermine the safety and compliance of autonomous vehicles. It could leave vehicles vulnerable to dangerous accidents or malicious cyberattacks by hackers. In either case, these dangers may cost manufacturers millions in damages or, at worst, put the lives of passengers at risk. It’s an issue which is not yet being talked about widely enough in the industry – and it’s one that IT and engineering leaders need to start thinking about today.

The argument against public cloud

Algorithms are widely available in the public cloud today. They provide the foundation for many emerging AI and machine learning use cases. They allow companies of all shapes and sizes to benefit from intelligent data analysis. But the strengths of these algorithms – simplicity and accessibility – could also be weaknesses.

Public cloud algorithms are developed in a black box, giving users little insight into how they have been implemented. And even if they did, machine learning code can run to hundreds of thousands of lines, which data scientists in manufacturing companies simply don’t have the time, resources or expertise to review. So automakers are currently building software that uses third-party algorithms, without understanding the mathematical formulas in detail.

Passengers at risk?

This year, it was revealed that ‘typographic attacks’ could confuse object recognition software run by neural networks. The AI could be fooled by simply mislabeling objects with a sticker or by adding some noise. And this raises serious concerns, especially when the faults directly impact safety-critical functionalities in the vehicles.

A stop sign with graffiti and stickers.

It’s not uncommon to see damaged or graffitied street signs in urban areas. For a human driver, it’s straightforward to filter out the unnecessary bits and make sense of the instructions – but it’s not so easy for an algorithm today. Software built on imperfect public domain algorithms might struggle to interpret crucial road signals, such as traffic lights or stop signs. But more worryingly, they may be at risk of adversarial attacks from hackers, who could endanger passengers and vulnerable road users with physical signals that would cause their vehicle to malfunction.

These risks might seem distant, but any vehicles which incorporate algorithms from the public cloud may also be importing their weaknesses too. It could fatally undermine your vehicle model’s viability in the market. Vehicles will need to be secured both pre-production (during the development) and post-production, during the operation (against malfunctions or malicious attacks). And manufacturers or suppliers can only do that if they understand the minutiae of their own code.

A new legal landscape

Governing bodies are going to be alert to these risks too, and will likely be introducing legislation in coming years to pre-empt the potential risks of autonomous vehicles. The UNECE WP29 Automotive Cybersecurity Regulation has already been approved in the EU and other major markets. Because autonomous driving technology is so new, we’re likely to see these regulations evolve over time, to mitigate for new risks as they become apparent.

As you might expect, the most important aspect of rules like these will be passenger safety. For ADAS (advanced driver assistance systems) and autonomous vehicles to be approved for public roads, there are several safety-critical functionalities which will be non-negotiable in the industry standard regulations. These will definitely include autonomous emergency braking and lane departure systems, and may cover things like proactive maintenance alerts, so that cars aren’t driving with overworn tires or damaged brakes, for example.

But if the ML software underpinning these safety-critical features comes from the public cloud, who is liable if anything goes wrong? Technology companies are unlikely to be held accountable for general-purpose algorithms they shared in the public cloud. It will be seen as unacceptable for an automaker to use black-box code in their vehicles without undertaking due diligence – but that is what some manufacturers are already doing today.

Striking the right balance

We’re probably 10 years away from the mass arrival of fully autonomous vehicles, due to the enormous network and data infrastructure needed to make the system feasible and reliable. But manufacturers’ R&D departments are already working on software for their first commercial self-driving vehicles, even if they are not due to hit the roads for some time. Many of them are relying on public-cloud code to start the process, which they don’t necessarily understand in detail or have control over.

So what can manufacturers and suppliers do? They need to innovate quickly, in order to take advantage of the enormous market opportunity for autonomous vehicles. 2020 research by Dell Technologies and WARDS Intelligence found that manufacturers already have a preference for private cloud or on-premises storage, especially given the additional control and security that it gives them throughout the vehicle lifecycle. But they may still be building up the required IT expertise, and be unable to write their own in-house algorithms yet.

A measured approach is needed. Public cloud is still a useful resource to kickstart innovation – it’s a way for businesses to test their database with existing algorithms and run proof-of-concept pilots. An automaker can learn from best-of-breed suppliers in the public cloud, and take advantage of open API innovation. But crucially, once the right algorithms have been established, it will be essential to bring the development work in-house.

For manufacturers and suppliers at that stage, it can be useful to work with a partner who can offer the scale and expertise to develop cutting-edge software on a private-, hybrid- or multi-cloud environment. This is something that Dell Technologies can help with. For example, with Dell Technologies multi-cloud services, companies can push workloads seamlessly into the public cloud to multiple hyperscalers, and benefit from publicly available AI services, but without compromising their control and security.

Dr. Florian Baumann, Ph.D.

About the Author: Florian Baumann

Dr. Florian Baumann was formerly CTO for Unstructured Data Solutions with Dell Technologies.