Max Cheng is the Chief Executive Officer of VicOne, a leader in future-ready cybersecurity for the automotive industry.
The adoption of artificial intelligence (AI) in and around vehicles is creating varied and profound risks for the automotive industry, especially in the advance toward end-to-end autonomous driving.
AI is at the root of so much of the industry’s enthusiasm toward the potential of autonomous vehicles to enable a significantly safer and more enjoyable automotive experience. At the same time, however, AI is rapidly expanding the potential surface area for automotive cyberattacks. Specifically, the large language models (LLMs) driving generative AI—and their dependency on critical enterprise data, utilization of hard-to-control self-learning, and propensity for errors—make highly attractive targets for cybercriminals.
Indeed, AI has emerged as a fundamentally new and unusually complex threat vector for the global automotive industry—one that will require dedicated and sustained attention in its own right.
New Opportunities, New Challenges
AI figures prominently in the next generations of autonomous driving. Perception, recognition and control functions will leverage end-to-end AI modeling, which should enable the vehicle to fluidly and safely behave and respond to roadway and traffic scenarios as its human operator would. LLMs can incrementally build planners to direct commands like acceleration and deceleration, steering and braking. Generative AI will seek to effectively clone the behavior of the human driver—hearing, sensing and deciding what to do based on the end-to-end models.
It is clear that ongoing adoption of AI in such ways will influence aspects throughout the lifecycle of automobiles—from design, test, production and on to consumer use. In use cases dependent on that kind of end-to-end modeling, varied cybersecurity risks stand to heighten and multiply.
Three Core Areas of Interrelated New Risks
Original equipment manufacturers (OEMs) and their suppliers should begin surveying and gaining more understanding of the new landscape of cybersecurity risks that AI will bring to their worlds. Effective management of the new challenges gradually ushered in by increased adoption of generative AI, LLMs, etc., will require creative thinking and planning across at least three core areas of risk:
• Strategic
Seismic shifts in governance are ahead for the automotive industry. The regulatory landscape for AI in the automotive industry is rapidly evolving and introducing significant new compliance challenges and opportunities. The standards landscape for the industry is already layered and complex, including such areas as cybersecurity engineering, automatic identification systems (AIS), and various S. National Institute of Standards and Technology activities. For OEM leaders and their suppliers, it’s important to not only understand the applicability of various existing specifications to AI in automotive but also account for new regulations and questions, such as how to deal with AI ethics and bias mitigation, from organizations they are not accustomed to dealing with.
• Operational
AI adoption is generating a myriad of operational risks. In terms of data integrity, AI systems introduce heightened risk of data poisoning, hacking and manipulation. For example, in use cases leveraging the interaction of the driver, where the driver’s voice is used through generative AI to control the function of the car, what are the protections against hijacking the voice commands?
Not only should sensitive automotive data be protected across its collection, storage and sharing, but the data quality and reliability for AI algorithms should also be ensured. AI systems need to be safeguarded against known and unknown cyber threats, and consumer privacy must be protected across the AI-driven environment. OEMs and their suppliers have the task of determining the proper roles for data encryption and anonymization and implementing accordingly. Robust AI monitoring and testing procedures should help manage risks associated with third-party vendors. And what is going to be the automotive use of open source in the years ahead? The industry to this point has been very cautious on its application of open-source code.
• Financial
The cost of AI development and deployment is typically steep, with potentially significant hidden costs of implementation to be confronted, from readiness to integration. Costs around liability and risk management will be hard to assess. And then there are the branding issues, which could carry some of the greatest financial implications, creating a whole new cost center. What enduring costs might a breach of AI cybersecurity bring to an automaker in terms of long-term brand value?
Moving Today To Protect The AI-Powered Automotive Future
Many OEM decision-makers and their suppliers are already overwhelmed with the simple question of how to make a profit. Now AI is bringing brand-new strategic, functional and financial questions to their worlds. Generative AI especially is so new for all of us that it’s extremely complex to envision its impact in an industry as huge and layered as automotive.
The automotive industry is quite traditional and risk-averse, and it is mechanical in its DNA. Furthermore, automotive companies tend to be quite big organizations with whole ecosystems of interrelated domains—the development side, the operation side, the cloud side and so forth. Much of the talk about generative AI, LLMs and their potential risks has been fairly broad and generic, but I believe automotive companies should think about the impacts—both beneficial and nonbeneficial—within the context of each of these three domains.
One step to consider it to tool a small team that can immerse themselves in the technology and start to understand all of the domains across your organization that AI may impact. Automotive companies shouldn’t allow generative AI security to be treated as an afterthought, even in its current infancy of adoption in the space. You may even want to create a Chief of AI Security officer position to properly start building a comprehensive, proactive strategy and free your company to keep plowing as opposed to chasing the next mouse, be it regulatory, competitive or adversarial.
Each of the three core areas of risks merit substantial attention from OEMs and their suppliers, so, in future articles, I will delve more deeply into each category and how it portends change for the different domains within the world’s automotive companies.
Forbes Business Council is the foremost growth and networking organization for business owners and leaders. Do I qualify?
Read the full article here
