Cybersecurity and compliance in the age of autonomy
December 19, 2024
Autonomous vehicles bring many benefits, but similar to any emerging technology, there is a need to protect consumers from the introduction of new cybersecurity risks.
The rapid rise of autonomous vehicles (AVs) brought immense advancements in transportation. AVs bring many benefits, but similar to any emerging technology, there is a need to protect consumers from the introduction of new cybersecurity risks.
Within the last three years, the automotive sector has experienced a 225% increase in cyberattacks. From a financial standpoint, research has shown that by 2025, the cost of cybersecurity attacks could surge to 10.5 trillion dollars. These threats range from remote takeovers to data breaches and ransomware targeting personal and operational data. Given that it takes an average of 197 days to detect a breach, real-time monitoring and proactive cybersecurity measures are critical in protecting this emerging technology.
As we recognize Cybersecurity Awareness Month this October, it’s a time to reflect on the critical role that cybersecurity plays in the evolving field of autonomous vehicle (AV) technology. At May Mobility, our commitment to innovation is matched by our dedication to maintaining cybersecurity measures that ensure the safety, security, and trust of our technology customers, riders and partners.
Autonomous vehicles represent a leap forward in technology, but they also introduce new cybersecurity challenges. These vehicles rely on complex systems that integrate various sensors, AI, machine learning, and cloud computing to navigate and operate safely. This interconnectedness, while enabling the functionality of AVs, also presents potential entry points for cyber threats.
Cybersecurity in autonomous vehicles is not just about protecting data; it's about safeguarding human lives. Therefore, ensuring the security of our AV technology is not just a technical challenge but a moral responsibility.
At May Mobility, we take a multi-layered approach to cybersecurity, focusing on both preventative and responsive measures. Our infrastructure is designed with security as a priority, ensuring that each layer of our technology stack is secured against potential threats.
Our comprehensive cybersecurity strategy is built upon three key pillars: 1. Enterprise Security (DevSec Engineering & Security Operations), 2. Governance, Risk, and Compliance (GRC), and 3.Vehicle Security. Each pillar plays a vital role in protecting our autonomous vehicle technology and overall operations.
Enterprise Security (DevSec Engineering & Security Operations): This pillar ensures that security is embedded into our software development lifecycle and across the enterprise. We integrate security from the design phase through deployment, performing continuous vulnerability assessments, static code analysis, and threat modeling. In parallel, our Security Operations oversees real-time monitoring, incident detection, and response to proactively mitigate security risks. Together, these functions maintain the integrity of both internal infrastructure and external-facing systems.
Governance, Risk, and Compliance (GRC): Our GRC framework ensures alignment with industry standards, regulatory mandates, and internal policies. This includes comprehensive risk management using the Threat Assessment and Remediation Analysis (TARA), as well as comprehensive Privacy Engineering practices that safeguard data in compliance with privacy laws. We emphasize secure coding practices following the Open Worldwide Application Security Project (OWASP) guidelines, ensuring vulnerabilities are minimized at the development stage. By integrating these principles, we maintain strong policies around data retention, securely managing data throughout its lifecycle. Our audit certifications further reflect our dedication to maintaining the highest standards of security, confidentiality, and privacy across all operations.
Vehicle Security: Ensuring the safety and security of our autonomous vehicles is critical. Our vehicle security operations involve comprehensive penetration testing, systems engineering, and collaboration with hardware teams to secure all components. We work on the integration of secure communication channels, perform rigorous security validations, and implement real-time monitoring to detect and respond to potential threats. This proactive approach ensures that our vehicles remain resilient to cyberattacks and operate safely in various environments.
These pillars collectively enhance May Mobility’s ability to operate securely, protect sensitive data, and ensure the safety of our autonomous vehicle systems and our riders.
Collaboration Between Cybersecurity and Safety Teams: Ensuring Safe Driver-Out Operations
At May Mobility, the transition to Driver-Out operations, where vehicles operate autonomously without a human attendant on board, marks a significant milestone. This transition demands a tight collaboration between our cybersecurity and safety teams to ensure that every aspect of the vehicle's operation is secure and safe.
At the end of the day, safety and security go hand and hand. Safety focuses on protection against technical failures and ensures that critical systems, like brakes and steering, function properly. On the other hand, security focuses on protecting against malicious manipulation. For instance, encryption safeguards sensitive data transmitted between vehicle components to prevent tampering, and authentication ensures only authorized users can access critical functions—like requiring a key fob with a unique digital signature to start the vehicle.
Cybersecurity is integral to the safety cases that justify and document the operational safety of our autonomous vehicles. These safety cases are comprehensive, living documents that evolve as the vehicle's technology and operating environments change. By embedding cybersecurity requirements directly into these safety cases, we ensure that potential threats are identified and mitigated in the same way as other safety risks.
For example, when developing our Driver-Out systems, the cybersecurity team works closely with safety engineers to assess the risks associated with remote vehicle control, data integrity, components of our hardware (architecture) and the communication channels between the vehicle. This collaboration ensures that all potential cybersecurity threats are addressed in the design phase and continuously monitored during operations.
This integrated approach not only protects against cyber threats but also enhances the overall safety of our autonomous vehicles, providing greater peace of mind as we move towards fully autonomous operations.
As we continue to deploy our autonomous vehicles around the globe, Safety is our top priority. We want you to feel confident that we’re working to protect our riders from every angle. To learn more about our safety measures and the benefits of deploying an autonomous fleet in your community or for your business, reach out and start a conversation. And stay tuned for part II in the coming weeks when we focus on the landscape of cybersecurity compliance in the industry.
Hemanth Tadepalli currently serves as the Cybersecurity & Compliance Engineer at May Mobility where he leads and works on key initiatives in infrastructure and vehicle security as well as Governance, Risk and Compliance. Throughout his career, he had the opportunity to work at management consulting firm AlixPartners, the renowned cybersecurity leader Mandiant, tech giant Google, and the Michigan-based cybersecurity startup SensCy. Hemanth received his bachelor's degree from Kettering University with a degree in Computer Science, a concentration in cybersecurity and minors in Pre-Law, Innovation and Entrepreneurship. He is also pursuing research and a Master's degree in Cybersecurity at the University of California, Berkeley. He has been honored with invitations to speak at numerous cybersecurity conferences, serve as a distinguished panelist, and share his expertise on various podcasts focused on cybersecurity and technology.
Hemanth Tadepalli currently serves as the Cybersecurity & Compliance Engineer at May Mobility where he leads and works on key initiatives in infrastructure and vehicle security as well as Governance, Risk and Compliance. Throughout his career, he had the opportunity to work at management consulting firm AlixPartners, the renowned cybersecurity leader Mandiant, tech giant Google, and the Michigan-based cybersecurity startup SensCy. Hemanth received his bachelor's degree from Kettering University with a degree in Computer Science, a concentration in cybersecurity and minors in Pre-Law, Innovation and Entrepreneurship. He is also pursuing research and a Master's degree in Cybersecurity at the University of California, Berkeley. He has been honored with invitations to speak at numerous cybersecurity conferences, serve as a distinguished panelist, and share his expertise on various podcasts focused on cybersecurity and technology.
We love meeting transit agencies, cities, campuses, organizations and businesses where they are to explore how our AV solutions can solve their transportation gaps for good. Ready to partner up? Let’s talk.
We love meeting transit agencies, cities, campuses, organizations and businesses where they are to explore how our AV solutions can solve their transportation gaps for good. Ready to partner up? Let’s talk.