On July 14, Mohamed Lahouaiej Bouhlel drove a 19-ton cargo truck into a crowd at a Bastille Day celebration in Nice, France, killing 84 people. He carried out the attack on behalf of the Islamic State terrorist organization.
Bouhlel was shot dead by police, a typical consequence for
those who carry out jihadist attacks. However, an emerging technology seems as
though it could take the suicidal terrorist out of the equation entirely: the
autonomous truck.
Self-driving trucks, predominantly in operation overseas,
are currently being tested on highways in the United States.
Autonomous trucks operate in much the same way as
self-driving cars, using Wi-Fi-connected artificial intelligence. Anything that uses Wi-Fi can
theoretically be hacked, including vehicles, as revealed last year in St. Louis,
Missouri, when hacker duo Charlie Miller and Chris Valasekdemonstrated how easy it
was to hijack a Jeep Cherokee's brakes, dashboard functions, steering and transmission
by remotely hacking into its Wi-Fi-connected entertainment system from a laptop
10 miles away.
Does this mean that it's possible an attack such as the
tragedy in Nice could happen again, this time carried out by someone
controlling the vehicle from a remote location?
There are currently only a few hundred of these trucks in
operation, and the prevailing concern is not that they could be used in
terrorist attacks but that they will put many truck drivers out of work. Still, as the
technology becomes more prevalent, it's worth asking what the risks might be in
the future.
The growing road to autonomy
Autonomous trucks are predominantly in operation overseas.
The Tokyo-based heavy-equipment company Komatsu Ltd. has been operating a small
fleet at Codelco's Gabriela Mistral copper mine in Chile since 2008. Last year
Alberta-based Suncor Energy signed an agreement to buy 175 trucks from Komatsu,
with plans to make its entire fleet autonomous by 2020.
There are also approximately 50 autonomous trucks in use in
the mines of Pilbara in Western Australia. And last year the Nevada Department
of Transportation granted the first license for an autonomous commercial truck
to operate in daylight on the state's public highways in order to test its
real-world capabilities. Although this truck operates at autonomy level 3,
meaning a human driver still needs to be behind the wheel to take full control
in critical traffic and environmental conditions, it is expected the driver
will be needed only for occasional control.
Michelle Culver, a spokesperson for industry research firm
IHS Markit, said these numbers will likely grow in the coming years,
particularly when it comes to trucks in the Class 8 segment, whose weight
exceeds 33,000 pounds when hauling freight.
"Within the next 10 years, IHS Automotive analysts
expect that autonomous heavy trucks will gradually grow into the market and
potentially hit the 20,000-unit annual sales mark in the United States by 2025,
most of which will be expected in the Class 8 segment," she said.
"Autonomous truck sales could reach 60,000 annually by 2035. That would
amount to 15 percent of sales for trucks in the big Class 8 weight
segment."
In other words, the trucks are coming.
A whole new level of risk
So how worried should we be about the possibility of a
terrorist using one as a remotely guided weapon? According to Jeremy Anwyl, CEO
of Trucks.com, the scenario is not entirely likely, but even if it's the
product of baseless paranoia, it couldn't hurt to give it some thought, he
said.
"Paranoia is a good thing, because it will cause
technology providers to take the risk seriously and prevent it from ever
happening," he told CNBC.com. "It's one thing to protect our phones,
but this is a whole other level of risk."
Anwyl said that well over 50 percent of new vehicles being
sold today have some form of connectivity, and he cited the St. Louis,
Missouri, Jeep Cherokee "hijacking" test as a good case study in
demonstrating the risk of this reality.
"More and more vehicles today have some form of access
to the internet, and somebody could hack into that signal," he said.
"If a truck communicates its location, speed and fuel level to
headquarters, somebody could intercept that message and trick the truck into
thinking the person was fleet headquarters. It's not an easy thing to do, but
anything's possible."
---------------
"Really great
hackers aren't always the smartest people, but the most creative. You succeed
because of cleverness, not because you have the best technology. They always
have the most clever ways of finding vulnerabilities."-Chris Finan, former
director for cybersecurity legislation and policy under President Obama and
current CEO of Manifold Technology
----------------
Anwyl explained that the autonomous vehicle's wireless safety
features present hackers with their biggest, juiciest opportunities. The
technology that allows an autonomous vehicle to wirelessly inform another that
it's coming around a blind corner is, ironically, where hackers would find the
most vulnerabilities.
"Anytime you have wireless technology like that,
there's an opportunity for a bad actor to hack into that system," he said.
"In theory it would be possible for someone to take over a 70,000- or
80,000-pound vehicle.… If it was a fuel tanker, they could drive into anything
and cause a big explosion."
Chris Finan, former director for cybersecurity legislation
and policy under President Obama and current CEO and co-founder of Manifold
Technology, a start-up that offers security technology to financial institutions,
agreed this scenario shouldn't be dismissed.
"We've seen vulnerability researchers in the last year
or so prove that this technology can be hacked," he told CNBC.
"Really great hackers aren't always the smartest people, but the most
creative. You succeed because of cleverness, not because you have the best
technology. They always have the most clever ways of finding
vulnerabilities."
When CNBC asked Finan if the Nice attack could be replicated
elsewhere with an autonomous truck, his answer was an unequivocal
"yes."
"The hypothetical of remote reprogramming is
plausible," he said. "You could have a malicious actor or group that
would reprogram a truck and use it as a missile as a way to target
bystanders."
Finan added that one way of preventing such hacks was to use
open-source technology, which is available to be viewed and updated by anyone
from the general public, in a truck's programming.
"If you use open-source technology, you get millions of
eyes on it, instead of just a few, on the type of bugs that hackers would
exploit," he said. "In general, open-source code tends to be more
secure, because you have so many people looking at it and finding flaws more
quickly."
Finan hastened to add that while the scenario is possible,
it's unlikely to transpire anytime soon, due to jihadists' attitude toward
technology.
"This isn't something people need to freak out about
happening tomorrow with radical Islamists," he said. "They view
cyberspace as a recruiting space, not as a threat delivery system. It's very
possible that in the future that could change, but they've got very many people
willing to be programmed to die carrying out these attacks."
**By Daniel Bukszpan, special to CNBC.com