Stalled e-rickshaws are a reminder that India’s regulation of smart vehicles needs to smarten up

As automobiles began to become “connected”, a new generation of security challenges became quickly evident. In 2015, for example, two researchers took wireless control of a Jeep Cherokee by hacking into its dashboard system, forcing a recall of over 1.4mn vehicles. Of course, that didn’t slow the trend of automobiles acting like computers. But in Japan, EU, South Korea etc regulators began to institutionalise a system for fighting cybersecurity dangers – for the entire life of a vehicle, not just when it’s new. These are not, however, issues that are top of consumers’ minds. Until something goes wrong.

In the videos of stalled e-rickshaws that went viral last week, we can see that something has definitely gone wrong. Why “pranksters” should have been using a Bluetooth app to terrify hapless drivers is one thing. It’s typical of how the “attention economy” scales up individual human cruelties for mass participation. But that a glaring security flaw was roaming unnoticed on our streets, just waiting to wreak havoc, is an altogether different issue. Authorities started taking down the relevant apps subsequently, but that is small comfort. However fast they respond to every scare served up by social media, that’s no fix for a large share of EVs already on Indian roads apparently plying with no cybersecurity protection at all.

Again, cars today are basically computers on wheels. They connect to the internet, get software updates, and can be hacked just like a phone or laptop. India’s cybersecurity rulebook for all this, called AIS-189 (for the security system itself) and AIS-190 (for software updates), is a local adaptation of the UN guide that many others use. But it’s still in draft stage. Phased implementation is expected to begin in Oct. Even in this context, it’s the higher-end vehicles that often occupy the mindspace of policymakers and pundits. But there, manufacturers themselves have high stakes in robust processes.

What our e-rickshaw drama has underlined is that vehicles are becoming software-defined even at low price points. Small manufacturers purchase different parts from different third-party suppliers. If one supplier ships an insecure design, it will end up in vehicles sold by many different brands. The cybersecurity weaknesses lie in the component ecosystem, rather than one vehicle manufacturer. And this is not just an automotive problem. A weakly secured Bluetooth interface can also compromise pacemakers, insulin pumps, baby monitors, drones…Moving into “smart cities” is well and good, but not if we are still using mechanical era locks.



Linkedin
Disclaimer

Views expressed above are the author’s own.

END OF ARTICLE



Source link