A threat analysis of self-driving cars, considered as potential weapons of hackers and terrorists.
Zach Aysan, January 17, 2018
At the end of the essay, Aysan provides about forty specific recommendations about how to design secure computer networks for cars and what constraints should be imposed on them. Here's an example:
I have a number of ideas on how to approach a solution to this problem, but the most important one is this: Engineers and software professionals need to recognize that our politicians aren't able to intelligently regulate autonomous devices and our corporations lack the incentives to completely protect us. A well-funded, open source effort with clear recommendations will be the most effective way to securing the future.
Safety modules should have no ports and no network connection to debugging devices or update servers. The code that commands them should not be alterable at the hardware layer. Their job is simple: Relay commands and initiate emergency shutdowns. They should be designed to be regularly recyclable, and should be physically replaced in secure, government run facilities when requiring an upgrade.