Connected vehicles and self-driving cars may be the future but we are a still a ways off from the general public accepting their presence on public roads. According to a recent survey from AAA (opens in new tab), 3 in 4 Americans are afraid of fully self-driving vehicles and this shows there is still a great deal of work to be done.
One of the companies currently trying to improve the security of connected cars as well as the Internet of Things (IoT) is BlackBerry which recently received $40m in funding from the Canadian government to further develop its QNX platform. To better understand the issues surrounding autonomous vehicles and connected cars, TechRadar Pro spoke with Grant Courville, VP of Products and Strategy at the company’s QNX group.
- BlackBerry acquires Cylance for its intelligent security technology
- EU backs WiFi over 5G for connected cars
- BlackBerry signs $1.4bn AI cybersecurity deal
What hurdles do self-driving car makers still have to overcome to assuage consumer fears?
Autonomous vehicles, in particular self-driving cars, have certainly been generating a great deal of attention in the market over the past few years. The technology has many potential benefits for individuals, the environment and the economy. However, despite the market hype regarding fully autonomous vehicles for consumers being only a few years away, we know that we all have much more work to do to make the technology safe, secure and reliable. This is why we have consistently said that fully autonomous vehicles, also known as Level 5 vehicles, operating anywhere, anytime, anyplace, are a few decades away and you are now starting to see other industry leaders echo these timeframes as well.
As the technology and regulations evolve, building consumer trust when it comes to safety is just as important as building the technology. For the general public to accept and ultimately adopt autonomous vehicles, there needs to be trust in the technologies, trust in their benefits and of course, trust that the companies building them will act responsibly. It is a moral imperative for those of us within the industry that are advancing this fast approaching future to make sure it is both safe and secure.
Additionally, considerable effort must be put in by the private and public sectors in defining safety regulations and policies. The various levels of government need to continue to work with industry leaders to ensure that proper regulations and policies are introduced to facilitate adoption while not stifling investment and innovation. Safety must be the number one priority for autonomous vehicles.
Can you tell us a bit more about the BlackBerry QNX software platform and how automakers are using it to secure their self-driving vehicles? How are automakers integrating BlackBerry QNX software into their vehicles and what benefits does it bring?
Our software is foundational – we have been building the software that critical systems have come to rely on for decades. In automotive, we develop the safe and secure software platform that the industry has been relying on and has selected to power the future connected and autonomous cars. BlackBerry has a broad portfolio of products to protect vehicles against security attacks and a broad portfolio of functional safety-certified software including our QNX operating system, development tools and middleware for autonomous and connected vehicles.
Our safety-certified, secure foundational automotive software solutions can be found in more than 40 different automakers and more than 120 million vehicles on the road today. Automakers and Tier 1’s use BlackBerry QNX software in their advanced driver assistance systems, digital instrument clusters, connectivity modules, handsfree systems, infotainment systems and other automotive subsystems. For the past 37 years, BlackBerry QNX technology has powered many of the world’s most mission-critical embedded systems including nuclear power plants, surgical robots and class III life-critical medical devices; the types of systems that are required to operate safely, securely and reliably, 24 hours a day, 365 days a year, without failure.
We firmly believe that security cannot be an afterthought. For automakers, security should be inherent in every stage of design, development and testing. In addition to the best-in-class safety-certified operating system, BlackBerry provides a host of security products such as managed PKI, FIPS 140-2 certified toolkits, key inject tools, binary code static analysis tools, security credential management systems (SCMS), and Over The Air (OTA) Software Update technology for autonomous and connected vehicles.
The Canadian government recently gave your company $40M in federal funding to help it develop technologies for self-driving cars. Can you provide us with some insight into how this funding will be used to develop the QNX platform further?
The Government of Canada’s $40 million investment is part of a larger $310.5 million that the country has committed to help us further develop safe and secure software systems for the next generation of connected and autonomous vehicles.
To work on the groundbreaking program, over the next five years, BlackBerry will hire more than 1,800 of the best and brightest engineers, scientists, and other highly-skilled individuals from Canada and around the world. With this funding, these new hires will help us to continue to develop the transformative automotive technologies that will help drive our future.
How big of a threat do hackers and other cybercriminals pose to the self-driving car industry?
I think there is still a misconception out there that when you get into your car to drive home from work later today you might fall prey to a massive and coordinated vehicle cyberattack in which a rogue state threatens to hold you and your vehicle ransom unless you meet their demands. Hollywood movies are good at exaggerating what is possible, for example, instant and entire compromise of fleets that undermines all safety systems in cars. Whilst there are and always will be vulnerabilities within any system, to exploit a vulnerability and on scale with unprecedented reliability presents all kinds of hurdles that must be overcome, and would also require a significant investment of time, energy and resources. I think the general public needs to be reminded of this and the fact that hacking, if and when they do occur, are undesirable but not as movies would have you believe.
With a modern connected vehicle now containing well over 100 million lines of code and some of the most complex software ever deployed by automakers, the need for robust security has never been more important. As the software in a car grows so does the attack surface, which makes it more vulnerable to cyberattacks. Each poorly constructed piece of software represents a potential vulnerability that can be exploited by attackers.
BlackBerry is perfectly positioned to address these challenges as we have the solutions, the expertise and pedigree to be the safety certified and secure foundational software for autonomous and connected vehicles.
In your opinion, when can we expect self-driving cars to be commonplace on our roads and in cities and what security learnings can the connected car industry pass on to the wider IoT space?
Getting to full Level 5 autonomy – where an autonomous driven vehicle can take you and your passengers anywhere, anytime and anyplace – is not right around the corner and it’s going to take some time to get there. Likely decades. Solving the really hard problems like how a car operates in extreme weather scenarios or unfamiliar situations is going to take quite a while so I don’t anticipate that we’re going to see autonomous vehicles in every driveway anytime soon.
The IoT industry can learn a lot from how BlackBerry is approaching the connected car and autonomous vehicle industry in that, as the scale and complexity of software inside a vehicle grows, so too does the virtual attack surface, making the vehicle more vulnerable to cyberattacks. Mobility security solutions bring trust to this evolving transportation market.
The rapid expansion of the vast global network of IoT connected devices makes cyber intrusion inevitable. All these connected smart devices and access to those devices, become targets, with every connected node exponentially increasing the security risk of a network. If a single endpoint in a smart system is unprotected, the entire system is at risk. With this smart world comes a lot more exposure. It can be managed, but it will require that organizations raise their games in terms of securing every endpoint.
- Until your car can drive itself, stay safe on the road with the best dash cams