UST 031

29 EasyMile EZ10 autonomous shuttle | Dossier provide enhanced video surveillance through simultaneous streaming of multiple high-quality video feeds as well as infotainment for passengers. “In the long term, when 5G quality of service profiles are truly available, remote operation will be the norm,” Pairot says. To communicate with the road infrastructure, the EZ10 can exploit technologies provided by V2X suppliers, through an onboard unit that talks to roadside units, providing information on the state of traffic lights, for example. If comms with the supervision centre are lost for longer than 3-5 s, the vehicle will continue to the next planned stop and wait for it to be restored with the EasyMile server so it can receive its next set of instructions. Cyber security Thinking of the EZ10 as equivalent to a small, mobile enterprise computing system, or even as a data centre on wheels, makes the importance of cyber security obvious. With the main vehicle computer running the autonomous systems, sensor suite and so on, there can be 20 or so computers connected over the vehicle’s Ethernet bus. Then there are the automotive components such as batteries, inverters, motors and so on, all of which run software, and each vehicle is connected to the cloud. This, says Alexandre Hamez, technical lead for cyber security on the EZ10, makes for a potential “attack surface” that must be protected. The EZ10 has many different components running on various networks – Ethernet, CAN bus and so on – and some off-the-shelf components come with wi-fi capability, so most of what is required to protect those networks would be familiar to IT professionals responsible for enterprise network security. “You have to make sure that the network traffic looks nice, with no strange messages,” Hamez says. “For example, if your Lidar is supposed to send messages at a frequency of 50 Hz or so, but if you start to receive messages at 100 Hz, something fishy is going on.” What’s more, sensors are not allowed to talk to each other; they can only communicate with the main computer. “Only the central computer has the right to speak to everyone, which means you have to secure it very thoroughly. It is the brain of the vehicle and is where we put the most security,” he says. “It’s what we call a minimised attack surface, because we close every possible service that is not useful. We deactivate USB ports and wi-fi routers, for example. We make sure it is very, very hard for someone to connect to our computer.” Passwords and penetration tests With many computer-run devices on every vehicle, and a growing fleet of vehicles that have to be maintained by engineers and technicians, there are a lot of passwords that have to be managed securely and applied in conjunction with other means of authenticating people who need physical access to vehicles deployed around the world. Security is the main reason why EasyMile does not yet install software upgrades over the internet. Instead, and for now, it sends one of its technicians with a secure computer to load the new software at the operator’s facility. “It’s like upgrading your brain,” Hamez says. “It has to be very, very secure, and we prefer to approach it step by step. “First you have to prove that the code you want to run on your vehicle is the same code that was written by Unmanned Systems Technology | April/May 2020 Positioned around the interior, e-stop buttons are linked directly to the EZ10’s dedicated safety software, which is always active, even if the vehicle is under an operator’s control