NYLJ.COM |
Litigation | TUESDAY, JULY 5, 2016 | S3






• Level 0: No Automation. The driver Jeep hackers utilized a law in the vehicle’s 

maintains control of all vehicle operations onboard entertainment system that allowed 
at all times.
remote access to the vehicle’s critical safety 
• Level 1: Function Speciic Automation. systems through a built-in cellular data con- 
One or more driving functions are automated, nection. Through the exploit, the hackers 
like parallel parking assistance or automatic were able to remotely control and disable 
breaking.
key systems including acceleration and break- 
• Level 2: Combined Function Automation. ing. The particular vulnerability used by the 
Two primary control functions are automated hackers was ultimately ixed by Fiat Chrysler, 
and designed to work in unison, like adaptive Jeep’s parent company, through a software 

cruise control and lane centering.
patch. The reality remains, however, that 
• Level 3: Limited Self-Driving Automation. other vulnerabilities will likely exist in cur- 
Full control of driving functions switches back rent and future vehicles. Manufacturers can 
and forth between the driver and the vehicle respond with software upgrades that close 
depending on conditions.
exploits, as Fiat Chrysler did in the Jeep hack, 
• Level 4: Full Self-Driving Automation. but these ixes are likely to come only after a 
The vehicle performs all safety critical driv- successful cyber attack has occurred.
ing functions.
As automation increases, and more critical 

As a vehicle moves from one level to the control systems are operated by the vehicles 
next, the prevalence and sophistication of in- themselves, the potential for cyber attacks 
vehicle technology increases to support the resulting in loss of control of these systems, 
more advanced automated functions. Some like steering, increases. This situation is espe- 
of these technologies are already considered cially true because no uniform cybersecurity 
standard in most vehicles. For example, rear standards for vehicles exist, and regulation, 
and front facing cameras, Bluetooth, GPS, though proposed, has yet to be enacted to 
proximity sensors and cellular data connec- set industry standards. The result of a lack
tions can be found in almost all new vehicles 

on the road today. Fully automated vehicles, 
which are currently being tested, use these The data connections and 
existing technologies in addition to new tech- 
nology such as RADAR, LIDAR, ultrasound, sensors necessary for automat- 
vehicle-to-vehicle (V2V) communications and 
vehicle-to-infrastructure (V2I) communica- ed driving provide entry points 
marcumllp.com/nylj
tions, in making automated driving decisions. for cyber attacks that can com- 
These technologies collect data that is used 
by an algorithm to make driving decisions as a promise the security of the data 

substitution for human driving. As automated collected and the operation of 
functions become more advanced, more data the vehicles themselves.
will be collected, and more sophisticated algo- 
rithms will be utilized to analyze the data and 
perform the functions. While the potential of uniform standards is fragmentation within Choosing your valuation 
beneits of this technology are innumerable, the industry, with different manufacturers 
from a safety perspective, the technology also utilizing different standards and no mini- and litigation specialists 
presents signiicant cybersecurity risks. The mum standards in place. Although public 
shouldn’t be a gamble.
data connections and sensors necessary for relation and litigation risks posed by cyber 
automated driving provide entry points for attacks should lead manufacturers to strive to 
cyber attacks that can compromise the secu- develop secure systems, a regulatory scheme 
rity of the data collected and the operation that imposes both minimum standards and 
of the vehicles themselves.
remedial measures may be necessary to 
ensure uniform cybersecurity throughout the 
Vehicles Under Attack
industry. The risks of cyber attacks posed to 
vehicles with automated driving technology 
There are two main categories of cyber- implicate legitimate concerns for individual 

risks posed to vehicles with automated attacks, terrorism and cyber-ransom.
driving capabilities: (1) cyber attacks that The same cybersecurity laws that can 
pose a risk to the operation of the vehicle; result in an attack on the operation of a 
and (2) cyber attacks that pose a risk to the vehicle with automated functionality also 
security of the data collected by the vehicles. present risks to the security of the data col- Our dedicated litigation and valuation practice provides exceptional client service 
While cyber attacks aimed at disrupting the lected and stored by these vehicles. The on forensic accounting, fraud accounting, business valuation, and matrimonial 
operation of the vehicle or one of its auto- number of cyber attacks on traditional com- 
mated functions presents the most profound puter networks resulting in data breaches matters. As one of the largest and most experienced forensic accounting and 
safety risk, both forms of cyber attack can has increased steadily each year with an valuation practices in the New York metropolitan area, we invite you to get to 
know us.
be disruptive and costly.
estimated 113 breaches reported in 2015 
The concept of a hacker taking control of resulting in the compromise of at least 150 
a vehicle with automated driving technology million records. As more data is collected Below are the partners who are in charge of our department:
is by far the most talked about issue relat- and stored by vehicles in conjunction with 
ed to vehicle cybersecurity. The concerns advanced automated driving functions, cyber Harold L. Deiters III, Partner Henry B. Guberman, Partner Jean J. Han, Partner
related to this type of cyber attack are far attacks aimed at compromising that data CPA, ABV, CFF, CGMA, CFE, MAFF CPA, ABV, CFF, CFE, CDFA CPA, ABV, CFF, CDFA, JD
from unfounded, and successful attacks become more attractive to hackers.
have been demonstrated already on existing Vehicles with automated driving technol- 
Connect with us: 
model vehicles. For example, the 2015 proof ogy collect and analyze a tremendous amount bakertilly.com 
of concept hack of a Jeep Grand Cherokee, of data as part of the automated driving pro- 212 792 4846 | 631 719 3456
covered by Wired Magazine, resulting in the cess. Most of the data collected is relatively 
disablement of the vehicle while in operation benign, such as video captured by cameras, © 2016 Baker Tilly Virchow Krause, LLP
on the highway, demonstrated the reality of readings generated by proximity sensors, that Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International.
the risks posed by vehicle cyber attacks. The
amount to mere observations » Page S10