Industrial Engineering Professor Shannon Roberts of the University of Massachusetts Amherst notes that some modern vehicles have more than 100 computing components containing over 10 million lines of code. However, most vehicles are not designed with cybersecurity in mind and, as a result, they are susceptible to cyberattacks. For example, a 2015 Jeep Cherokee cyberattack in St. Louis resulted in a recall of 1.4 million vehicles. Moreover, there are countless other scenarios in which vehicles can be hacked to trigger crashes. With all these perils in mind, the National Science Foundation (NSF) has funded Roberts to study vehicle cybersecurity and find solutions.
The vulnerability of contemporary vehicles to cyberattacks was epitomized in 2015, when two hackers remotely exploited a susceptibility in an SUV's entertainment system to send that vehicle careening into a ditch. Considering this example of how hackers might exploit the utter dependence of contemporary vehicles on computer components, the NSF awarded Roberts a grant of $174,996 to support her proposal for “CHS: Training and Feedback Systems to Improve Vehicle Cybersecurity.”
Though many technological solutions to improve vehicle cybersecurity have been proposed, Roberts argues that “real progress toward achieving that goal will require including the human (driver) in the loop. Thus, this research will combine findings from cybersecurity and transportation safety to develop training and in-vehicle messaging systems to improve drivers' awareness of, and responses to, cyberattacks, which ultimately should help reduce crash-related costs and potentially save lives.”
Roberts observes that every cybersecurity incident starts and ends with a human being. Furthermore, she says, human training programs and real-time messaging systems designed to promote safe behavior have proven successful for improving cybersecurity and transportation safety.
“The goal of this proposed research is to effectively communicate the risk of cybersecurity to drivers so they can properly respond to unexpected vehicle behavior,” says Roberts.
More specifically, the objective of this proposed research is twofold. It will develop a training and in-vehicle message system to improve drivers’ awareness of cybersecurity incidents so they can respond in a fast and safe way. In addition, the research will test the effectiveness of training and in-vehicle message systems with a driving simulator study.
Through the driving simulator study, project outcomes will yield quantitative evidence of how drivers respond to unintended events that occur in their vehicles. More importantly, the work will create warning systems that can alert drivers to dangers associated with vehicle hacking and provide information on how these dangerous situations can be mitigated in a hurry. (April 2018)