[SystemSafety] UK principles for security of driverless cars [No Classification]

Peter Bernard Ladkin ladkin at causalis.com
Wed Aug 9 07:31:06 CEST 2017


On 2017-08-09 02:12 , Matthew Squair wrote:
> My experience is that if you give a principles document to an engineer for whom it is not their
> ‘bread and butter’ it will be used to prop open the door. 

Yes, I suppose that's why MIT finds it has to teach them
https://ocw.mit.edu/courses/materials-science-and-engineering/3-003-principles-of-engineering-practice-spring-2010/index.htm

> There’s also a simple solution that I think everyone is studiously overlooking, and that’s to
> legislate that you can’t connect a car’s critical systems to the internet. 

It is not simple, and it is not a solution. People are actively working on intervehicle
communication systems and have been for a decade and a half at least (I was introduced to Daimler's
work at SAFECOMP in 2004). The main idea then seemed to be negotiation at points of traffic
conflict. Another idea was sharing traffic movement information, but that seems to be done already,
and differently.

If you think you need intervehicle communication for control purposes, you are networked. If you are
networked, then you have the choice. Do you use TCP/IP, or something else proprietary and solid,
such as Kevin designed? For companies concerned about beating the competition to market, that is a
no-brainer. TCP/IP development tools and kit is available all over the place for you to pick up and
have a working network in a trice. The reason that doesn't happen in the design of commercial air
transport is that competition is attenuated and there are two regulators who insist you do
everything right, and who have the power to interpret "right".

Now, if you have been using TCP/IP for years in your road-vehicle R&D for the above reason, you're
not going to throw away all that developed E/E/PE kit and say "now we'll do it differently before
putting it in our car". You've been testing that kit on real roads; it makes no commercial sense to
start again from scratch.

There are general due-diligence legal constraints on car manufacturers, as with any other
manufacturer, but lawmakers=politicians are a long way from being able to tell car manufacturers
what network technology they should be using. Nevertheless there are some directives setting
constraints. EU Directive 2010/40/EU on "intelligent" road transport systems contains a clause
saying such systems shall be interoperable and based on open standards (clause 11). So bye-bye to
proprietary network technology. If you want to spend the money to develop such technology because
you don't like TCP/IP, you're then going to have to give it away. (To read the Directive, easiest is
to go to http://eur-lex.europa.eu and put in a search for the label of the Directive. You can then
read it in whatever EU language you want. The URLs are otherwise horrendous.)

BTW, we all know about the Chrysler/Jeep hack (after Daimler divorced), and now after Def Con a
bunch of new Tesla hacks. Has anyone heard of a Mercedes or BMW control-system hack? Why not?

PBL

Prof. Peter Bernard Ladkin, Bielefeld, Germany
MoreInCommon
Je suis Charlie
Tel+msg +49 (0)521 880 7319  www.rvs-bi.de





-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 163 bytes
Desc: OpenPGP digital signature
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20170809/54210e5c/attachment-0001.sig>


More information about the systemsafety mailing list