UK insurers warn that driverless cars must be resilient to cyber attacks

UK motor insurers have advised that vehicles should have a sufficient level of security to guard against cyber attacks before they are allowed to be used in fully autonomous mode.

Setting out suggested criteria for keeping automation safe, initially on motorways, the Association of British Insurers says automated driving systems “must be able to detect and minimise the consequences of cyber intrusions and data security breaches”.

This is to protect against the risk of hackers using connected services to spread viruses or to remotely access a vehicle’s controls with potentially disastrous results. This  means that strong cyber security could soon be more important for vehicles than their physical crime prevention features such as locks and immobilisers.

The recommendation, made at an ABI event on automated vehicles, is one of ten that insurers and research body Thatcham Research hope will be made part of a set of regulations all vehicles would have to meet before being allowed to operate in fully autonomous mode on the UK’s roads. Other points include the importance of vehicle data being available in the event of an accident and that vehicles must be able to handle emergency situations without driver intervention.

A consultation to work through the technical details of all the recommendations is now getting under way, which will then be passed on to relevant national and international regulators.

James Dalton, Director of General Insurance Policy at the ABI, said:

“Insurers are major supporters of autonomous vehicles, which have the potential to dramatically improve road safety as well as transform mobility for thousands. However it is important that the transition from increasingly sophisticated driver assistance systems, already operating in modern cars, to fully autonomous vehicles is carefully handled to avoid unnecessary problems.

“In our increasingly connected world, cyber security is a crucial issue for everything from televisions to fitness trackers. Our cars are no different. If people are to put their trust in a vehicle to get them safely from A to B, building in appropriate cyber security is essential and should be a compulsory requirement before any car is allowed to effectively drive itself. It’s easy to imagine that a vehicle’s cyber security systems will soon be its most important crime prevention feature, ensuring the cars of the future are protected from data thefts and other malicious attacks.”

Vehicle manufacturers are also recognising the importance of good cyber security, particularly given the growing number of connected vehicles already on the roads.

Assisted versus automated

There are already vehicles offering advanced driver assistance, such as cruise control and automatic lane keeping, but these require the driver to maintain constant supervision. Fully autonomous driving will mean a vehicle being solely responsible for a section of a journey with the driver able to do other things because they are no longer responsible for the vehicle. Insurers are working with regulators and governments, both in the UK and internationally, to  ensure the right rules are in place so these first fully ‘driverless’ cars are capable of coping with all eventualities without a driver needing to intervene.