Opinion: Collaboration key to preventing autonomous vehicle terror

Autonomous vehicles could be the next technology used as a terrorist weapon. 

There is a long history of terrorist attacks by vehicle rammings already, and a previous spokesperson for the Islamic State in Iraq and Syria (ISIS) expressed support for such operations in September 2014. That guidance likely played a role in inspiring vehicle attacks that occurred in France and Germany in 2016; England, Spain, Sweden and the United States in 2017; and, Canada in 2018. 

A self-declared ISIS supporter was recently found guilty during his trial in Sheffield, England on charges that he and a fellow ISIS sympathizer considered placing improvised explosive devices in driver-less cars to conduct attacks.

While this plot did not come to fruition, it would be not be a stretch to imagine that other terrorists are brainstorming on how to use autonomous vehicles. As a longtime counterterrorism professional, during my career I studied and observed how terrorists — even with little financial resources or technical expertise — were able to leverage modern technology for a variety of nefarious purposes. 

Key to preventing the terrorist use of autonomous vehicles is the protection of the vehicle’s command and control system. Engineering protocols should focus on minimizing the potential for remote access beyond those authorized to operate the vehicle (manufacturer, individual or corporate owner, etc.). As we have seen with other technology sectors, however, very few electronic systems are 100 percent immune from for external interference, and our adversaries — whether terrorists, nation-states, or criminal actors — are constantly searching for possible vulnerabilities to exploit. 

The good news is that the National Highway Safety and Transportation Administration (NHSTA) is tackling this security concern with a proactive approach. Last year, NHTSA provided new federal guidance for automated driver systems (ADS) with a document called Preparing for the Future of Transportation: Automated Vehicles 3.0 — and also announced a pilot study to help safely test and deploy autonomous vehicles. In addition, NHTSA has laid out its current efforts on autonomous vehicle cybersecurity by describing various protection measures focused on intrusion detection, incident response and intelligence and information-sharing, and has promoted a significant amount of research in academia and industry. 

In addition, there are legislative opportunities that could prove beneficial in ensuring terrorists are unable to use autonomous vehicles as weapons. Reviving past legislation — like the Senate bill co-sponsored by Sens. Gary Peters, D-Michigan, and John Thune, R-South Dakota, called the American Vision for Safer Transportation Through Advancement of Revolutionary Technologies Act — can provide funding and set clear guidance on autonomous vehicle security measures. The next surface transportation authorization provides an excellent chance to incorporate NHTSA’s cybersecurity guidelines on autonomous vehicles, which if so adopted would further help fill gaps and seams when the 2015 Fixing America’s Surface Transportation Act expires in October 2020. 

Convening discussions on the potential terrorist use of autonomous vehicles between security professionals, engineering and design experts, federal regulators, legislators, and academic specialists will further generate additional ideas for consideration and identify possible issues for resolution.

Without such increased collaboration and consultation, these different disciplines may potentially overlook measures that could be exploited in the future. One of the main criticisms after the tragic attacks on Sept. 11 was that the government “failed to imagine” those attacks and that the U.S. national security enterprise was not optimized to prevent them from occurring.

While it is difficult to imagine a scenario whereby an autonomous vehicle attack comes close to approximating the scope and scale of those that occurred 18 years ago, an “ounce of prevention” now could be worth a “pound of cure” in the future.

Javed Ali is a Towsley Policymaker in Residence at the University of Michigan’s Gerald R. Ford School of Public Policy and has over 20 years professional experience in Washington, D.C., on counterterrorism, homeland security and intelligence matters. While in government, he served in multiple roles, to include senior director of counterterrorism on the Trump administration’s National Security Council from 2017-18.