The Future of Fleet Security: Are Autonomous Vehicles Secure?

DAR DIAMANT

Product Marketing Manager

May 8, 2023

In recent years, the delivery industry has seen a significant shift towards electrification and autonomous vehicles in an effort to streamline services and improve efficiency. With the rise of e-commerce and same-day delivery, companies are increasingly turning to electrified and autonomous delivery fleets to meet consumer demands and reduce time-to-delivery. These technologies offer numerous advantages, such as reducing emissions, improving delivery times, and enhancing safety. However, as more companies adopt these technologies, fleets become an attractive target for threat actors, with a great impact no matter their motive, be it financial, political, or notoriety.

Major retailers have already begun implementing semi-autonomous vehicles into their supply chains. For example, Kroger has announced that Gatik Robotrucks will be used for stocking runs. It’s no surprise that the adoption of electrified and autonomous delivery fleets has taken off, since the advantages are great, including environmental benefits, reduced costs, and improved efficiency. Major retailers and shipping conglomerates have already begun implementing these technologies to streamline their delivery operations.

In June 2022, one of the dangers of autonomous fleets was demonstrated as robotaxis blocked traffic for hours in California. Though this incident was not caused by a cybersecurity attack, it highlights the potential challenges still ahead.

Cybersecurity Attacks on Fleets are Growing

As connected and software-defined vehicles become increasingly popular, the number of reported cybersecurity attacks on fleets has also risen. Upstream’s 2023 Global Automotive Cybersecurity Report predicts that a growing number of attacks will target fleet-wide access, vehicle controls, and data. Common types of attacks on fleets include malware and ransomware attacks that can compromise sensitive data. Denial-of-service attacks also target fleets and can render a vehicle unresponsive. Remote hacking attempts are especially lucrative with fleets as unauthorized individuals can take control of a vehicle’s systems, sometimes resulting in theft. The result? Significant financial losses.

Fleet managers and operators must prioritize cybersecurity and take proactive measures to mitigate potential threats and risks 

The use of connected, electrified or autonomous vehicles in fleets brings new vulnerabilities that can be exploited by threat actors. All possible attack surfaces and access points need to be considered as vulnerabilities, from the software and hardware in the vehicles to the communication systems used to control and monitor the fleets, and the charging infrastructure. An attack on fleet operations can cause significant disruptions in the supply chain, resulting in financial losses across the entire ecosystem and delays in the delivery of goods.

Data as a Target

It’s not just the vehicles that need to be protected. The use of autonomous systems in delivery fleets generates a significant amount of data. This is the data that is used to operate and manage the fleet, ultimately providing the services consumers expect. This data includes vehicle location, status, and performance, as well as customer data and other sensitive information. Securing this data is crucial to maintaining the security and reliability of delivery operations, as it is at the very core of the fleet management operation.

Ensuring that fleets are secure and operational requires a deep contextual understanding of each vehicle 

Contextual analysis of the fleet’s assets, including vehicles, applications, and charging infrastructure, among others, should be leveraged to detect and mitigate the risks of an attack quickly and effectively.

The very data that makes connected and software-defined fleets a lucrative target for cyber attacks can also be utilized to secure them and ensure continued operations. With the added complexities of autonomous and electrified fleets, charging stations, management servers, and infrastructure also need to be monitored and understood to provide threat detection and response.

After detecting potential threats, fleet operators need to build effective workflows and response methodologies for long-term risk mitigation. These workflows should minimize service disruptions and ensure continued operability.

As delivery fleets become more autonomous and electrified, the risks of cyber threats continue to increase. To protect their operations, retailers and delivery fleet owners need to take a proactive approach. Fleet operators should utilize dedicated cybersecurity solutions that understand the unique context in which vehicles operate while having the capability to support the scale of data generated by fleets. By doing so, they can help ensure the safety and security of their operations, protect their customers’ data, and maintain the trust of the public.

Newsletter Icon

Upstream’s 2024 Global Automotive Cybersecurity Report

Newsletter Icon

Subscribe
to our newsletter

Stay up-to-date on the latest trends, emerging risks, and updates

Mike Lexa Joins Upstream Security Advisory Board to Accelerate Cybersecurity Resilience in the Automotive & Mobility IoT Sector

The mobility ecosystem is experiencing a profound digital transformation. The increasing reliance on mobility services and Internet of Things (IoT) devices is not just reshaping…

Read more

7 Key Financial Implications of Automotive Cybersecurity Risks

In June 2023, a leading Taiwan-based semiconductor manufacturer disclosed a cybersecurity incident involving a ransomware group and one of its IT hardware suppliers, which led…

Read more

Newly Discovered IoT Vulnerabilities in ELDs Raise Risk for Fleet-Wide Attacks

In late March 2024, The Register published a unique coverage, describing multiple new vulnerabilities and elaborating on the cyber risks in ELDs (electronic logging devices)…

Read more

Navigating the Evolving Automotive Cybersecurity Regulatory Landscape

The automotive industry’s digital transformation has ushered in an era of unprecedented connectivity and technological advancement. Yet, it is also exposing mobility assets to a…

Read more