Get best of the week

Hacking Unmanned Vehicles: Who Will Be Responsible (RAND Corporation study)

Study on the preparation of civil liability systems


image

Unmanned vehicles should make transport safer and more affordable. Hackers, however, can interfere with this - they can hack these heavy and fast robots on wheels with AI, using them for criminal purposes.

RAND researchers have studied the legal consequences that hackers will overtake in case of hacking unmanned vehicles. Despite the fact that such a situation is unlikely, the risks of its occurrence can be high, given that hacking vehicles can lead to deaths, destruction of property, extortion or theft of information.

The researchers found that the existing civil liability law at the initial stage is likely to be flexible enough to accommodate most lawsuits that result from hacking robotic vehicles. Nevertheless, all parties involved in the process of introducing unmanned vehicles (manufacturers, owners, insurers, politicians and others) should already think about the risks, their consequences from the point of view of the law, as well as the response from the regulatory and legislative bodies .

The introduction of this technology and its ability to benefit society depends not only on the risks themselves, but also on their perception, as well as on legal structures that could compensate for them. Even if these risks are small, those responsible for developing legal regulations will need to anticipate and respond to potential problems in order to maximize the benefits of unmanned vehicles.

Anticipating an Unmanned Future


Unmanned vehicles can provide greater mobility for those who do not know how to drive a car, safer roads, and driving time can be devoted to more productive tasks - all this stimulates massive investment in this technology. Politicians, in turn, are starting to decide how to integrate unmanned vehicles into society.

Along with problems such as the economic crowding out of professional drivers, the prospect of tens of thousands of cars driving without control at the behest of hackers should slow down the actions of politicians and advocates of unmanned vehicles, even if the likelihood of such a situation is small.

Unmanned vehicles are vulnerable to many different hacker attacks. Software vulnerabilities, physical attacks through devices with malicious code and hacking of key hardware components - all this should be considered. Through these attacks, hackers can turn off the vehicle, change its course in order to cause damage, as well as manipulate personal data and steal them - these are just some of the threats.

To help lawmakers anticipate the civil-law consequences of hacking unmanned vehicles, RAND researchers examined several plausible scenarios in which an unmanned control system could be hacked, resulting in any damage that could be compensated through civil litigation.

Multiple vulnerabilities


RAND researchers looked at a series of hacking scenarios for unmanned vehicles, which will help demonstrate the variety of legal problems facing the civil law system, insurers, and other parties. These scenarios were created on the basis of real cases of hacking or damage to conventional vehicles and by reproducing scenarios designed to help in the analysis of liability.

RAND examined the following situations:

  • Hacker gains access to the network of unmanned vehicles to turn off the car and demand a ransom from the owner to restore it
  • A hacker takes control of a military officer’s car parked at a military base and controls it to damage a military aircraft in a hangar
  • Hackers take control of the infrastructure that controls traffic lights and manipulate signals to cause traffic accidents at intersections
  • Hackers send malicious software into unmanned vehicles owned by the rental company. This software infects other corporate systems, which leads to the loss of information about customer payment data, and the commission of fraudulent transactions.

For these scenarios, the civil liability of various parties was analyzed. During the discussion, parties were identified that could be called defendants in lawsuits related to cyber attacks on unmanned vehicles, with particular attention paid to the following parties:

  • Drone manufacturers
  • Software manufacturers
  • Unmanned Vehicle Suppliers
  • Owners of unmanned vehicles and persons serving it

Civil Law Response


Since there are very few federal and state laws on unmanned vehicles (and vehicles connected to the network), laws on product liability (along with guarantee laws), as well as state and federal laws on the protection of personal data, are likely to be the most important rules of law in litigation related to cyber attacks on unmanned vehicles.

Negligence and strict liability are two legal concepts that will play a key role in civil claims arising from attacks on unmanned vehicles. Both concepts suggest a balance between the prospects for cyberattacks and the costs associated with introducing less vulnerable alternative technologies.

Other areas of law that may define liability in the context of hacking unmanned vehicles include:

  • Consumer Protection Law Violations
  • Misrepresentation, Fraud and Concealment of Fraud
  • Warranty
  • Privacy Laws.

Civil consequences of hacking unmanned vehicles


RAND researchers applied the existing civil law base to the scenarios they developed, which led them to numerous conclusions that would be of interest to those who will determine the future of robotic vehicles, including users, owners, manufacturers, insurers and politicians:

  • Automakers, component suppliers, software developers, and unmanned vehicle distributors may be held liable for car break-ins.
  • , , , , - .
  • , , , ( , )
  • - ( ), , , - .
  • An analysis of costs and predictability will affect the determination of liability for damage from cyberattacks when considering cases of negligence and liability for product quality

    - Such an analysis will require vessels to familiarize themselves with the relevant technologies.


Government agencies will be potential defendants in civil claims arising from incidents involving unsafe infrastructure. Despite significant differences in state laws, state and local government agencies are likely to be protected by immunity, as they adapt the road infrastructure for unmanned vehicles. This immunity may not apply if departmental tasks, such as road maintenance, are performed.

When unmanned vehicles and supporting infrastructure develop, state agencies are more likely to be held civilly liable if their negligence gives attackers room for action. Significant differences between states regarding the doctrine of immunity complicate the analysis.

Possible actions by regulators


The conclusion that the existing civil law base is most likely to adapt to the widespread introduction of unmanned vehicles does not negate the fact that those responsible for developing the legal framework should consider the following question - will there be legislative approaches that define roles and responsibilities, to promote the introduction of this technology?

Such a regulatory framework can be beneficial in terms of clarifying responsibilities, but it can also be inflexible compared to the common law system in the face of difficult-to-predict technological development and new trends in factual circumstances.

Similarly, it would be useful to better understand and perhaps clarify the issues of consumer and commercial insurance of unmanned vehicles from cyber attacks. In this way, consumers, car manufacturers and lawmakers will be able to better understand which parties will bear the costs associated with such attacks.

Legislators may also wish to carefully consider how the legal system can deal with a large-scale attack. Such an attack can lead to bankruptcy and gratuitous losses as a result of exceeding the capabilities of insurers and reinsurers to cover the risk. A similar alarm that arose after the attacks of September 11, 2001, led to the adoption of the law on insurance of risks associated with terrorism.

Will consumers worry about hacking unmanned vehicles?


Unfortunately, consumers are used to hacks that compromise their personal information. Cyber ​​security breaches did not increase consumer demand for cyber security. So far, consumers have shrugged, changed passwords and moved on. However, hacked unmanned vehicles are threatened by a number of consequences that far exceed the consequences of most consumer hacks in terms of the likelihood of death and destruction of property. This could lead to increased consumer interest in the cybersecurity of unmanned vehicles.

Main conclusions


  1. Existing legislation is flexible enough and can satisfy most of the claims regarding hacking of unmanned vehicles.
  2. , .
  3. β€” , β€” .
  4. , .
  5. , .
  6. . .


image

- automotive . 2500 , 650 .

, , . ( 30, ), -, -, - (DSP-) .

, . , , , . , automotive. , , .

:

More articles:


All Articles