Autonomous vehicles such as those being tested by Google or Tesla will be one of the most important and disruptive technologies for the future of how people move, work and live. But terrorist groups are tracking these developments closely too.
Finnish security firm F-Secure reports “concrete evidence” that ISIS is considering the use of self-driving cars in place of suicide bombers, or for ramming attacks such as those carried out as early as June 2007 in Glasgow, as well as more recently in Nice in July 2016, Berlin in December 2016, London in June 2017 and, just two months ago, in New York.
As trials of self-driving vehicles take place around the world, the FBI has identified this novel technology as “game changing” for law enforcement, presenting both new threats and new opportunities in the fight against crime and terrorism. The FBI reports that driverless cars could revolutionize high-speed car chases, freeing up passengers in the pursued vehicles to conduct tasks that are impossible with their hands on the steering wheel and eyes on the road (e.g. shooting at pursuers or civilians).
Other concerns include the potential for hackers to hijack vehicles’ navigational systems and run them off the road, turning unsuspecting commuters into hostages on the highways or weapons for deadly ramming attacks. In 2011, researchers at the University of Washington and University of California San Diego were able to hack cars wirelessly, a revelation that cybersecurity analysts described as a ‘wake-up call’ for the automotive industry.
The ability to pre-program a driverless vehicle to deliver a package (i.e. narcotics, weapons or explosives) to a destination also removes some of the major barriers to smuggling illicit substances on the road.
Driverless cars with explosives could be more advantageous for terrorists than a traditional car bomb, which requires a human volunteer to park the car and escape before detonation, or stay in the car during the explosion if it is designed to be moving at the time. Countering the mobile threat of a vehicle-borne improvised explosive device has proven difficult enough for well-equipped military forces in Iraq or Afghanistan. Terrorists bringing such tactics to the streets of Paris, Los Angeles or London by detonating explosive devices in driverless cars would pose a major challenge for law enforcement.
Still, some experts have cautioned against alarmism about the scale of the cyber or terrorist threat in driverless cars, noting that such responses are common in the introduction of any new disruptive technology. Indeed, autonomous vehicle capabilities offer a range of potential benefits to law enforcement and security operations, too.
A number of related technological advances offer opportunities to tackle terrorism directly, such as by preventing ramming attacks and countering other terrorist behavior more effectively. Driverless cars are not just about the vehicle itself, or its on-board sensors and navigation systems. Vehicle-to-vehicle and vehicle-to-infrastructure communications might make it possible to automatically detect driverless cars behaving suspiciously and alert emergency services or intervene remotely to bring the vehicle safely to a stop.
More broadly, on-board algorithms might improve pursuit tactics or the covert tailing of suspects, as well as increasing the ability of police commands to track and coordinate multiple vehicles and reduce response times.
The proliferation of driverless vehicles also could raise some of the barriers-to-entry for would-be vehicular terrorists. Today, a “lone wolf” attack to ram crowded city streets requires little more than a driver’s license to rent or buy a vehicle, or more simply still, the ability to steal or hijack a vehicle. Programming a driverless car to carry out such a task could prove to be more difficult. It likely would require advanced hacking skills to override systems within driverless cars specifically designed to prevent ramming attacks and dangerous driving. Such hacking skills likely will be beyond the capabilities of most individual terrorists.
Furthermore, as autonomous vehicles and cyber technologies mature, the automotive industry has a strong incentive to make its products as safe and secure as possible through both software and physical anti-tampering measures, not least because of the public relations disaster in the event of a major criminal or terrorist act.
Governments also are taking steps to make all vehicles more resistant to hacking. The U.S. House of Representatives has made cybersecurity a central requirement of its 2017 Self Drive Act, while the U.K. Department for Transport has partnered with the Centre for the Protection of National Infrastructure to issue a set of key cybersecurity principles for use throughout the automotive sector and supply chain.
Addressing safety and security concerns remains an essential prerequisite for driverless vehicles, if they are to gain widespread public acceptance. This will require close cooperation between the automotive industry, suppliers, cybersecurity firms and government to define appropriate controls, standards and responses to terrorist threats and other vulnerabilities as they emerge. Unlike driverless vehicles themselves, security initiatives will not get far on autopilot.
James Black is a senior analyst in the Defense, Security and Infrastructure group at RAND Europe. He previously was involved in RAND Europe’s Future Transport Scenarios study.