Self-driving vehicles have, in a short period of time, moved from testbeds and pilot projects to a clear and established part of the technological landscape. In Sweden, companies such as Volvo Cars, Scania, Einride, and Volvo Group are developing autonomous solutions for urban environments, industrial sites, and long-distance transport. The potential is significant: more efficient logistics, lower emissions, fewer accidents, and entirely new ways of organizing mobility.

At the same time, autonomy represents a fundamental shift in what a vehicle actually is. A self-driving vehicle is no longer just a mechanical product — it is a complex digital system filled with sensors, communication layers, AI decision-making logic, and cloud-dependent functions. And anything digital is, to some extent, vulnerable.

This is where the major challenge lies: the fact that the technology is developing quickly does not automatically mean that safety follows at the same pace.

Autonomy Brings New Opportunities – but Also New Responsibilities

Autonomous transportation promises a great deal. It can make logistics more punctual, operate more energy-efficiently, and free up human resources. Public transport can become more flexible, industrial logistics more precise, and freight transport more sustainable.

But for these opportunities to become reality, one aspect must be taken seriously from the very beginning: the security of the digital systems that control the vehicles. Unlike traditional vehicles, autonomous systems depend on continuous information flow and accurate interpretation of their surroundings. When vehicles make decisions on their own, the quality and integrity of the data behind those decisions become absolutely critical.

This means that the risk picture no longer revolves primarily around mechanical failures or human error, but around data quality, software, networks, and the potential influence of actors who intentionally want to disrupt the systems.

Why Autonomous Vehicles Are Attractive Targets

To understand the security challenge, you must first understand how self-driving vehicles operate. They combine data from cameras, radar, lidar, and positioning systems with advanced algorithms that analyze everything happening around the vehicle. They communicate with other vehicles, traffic systems, and cloud services. They receive continuous updates to improve their behavior and patch vulnerabilities.This makes them powerful — but also complex.

Attackers no longer need physical access to the vehicle. They can attempt to:

• manipulate sensor information

• interfere with or imitate communication

• exploit vulnerabilities in software updates

• attack backend systems that control entire fleets

• infiltrate through a supplier in the software chain

Autonomous vehicles are part of a much larger digital ecosystem. An attack does not need to target the vehicle itself to have an impact — it may be enough to compromise something in its surrounding infrastructure.

When Complex Systems Make Decisions on Their Own, a New Level of Safety Is Required

There is an important principle to remember when discussing autonomous vehicles: decisions previously made by humans are now made by software. This means that if the software is manipulated — or if the data it relies on is altered — the consequences can become directly dangerous.

A vehicle may respond incorrectly if it receives misleading sensor values. It may stop in the wrong place, enter the wrong lane, or misjudge a situation.A vehicle that cannot be securely updated becomes unsafe over time, as vulnerabilities remain unpatched.A fleet dependent on centralized data may experience widespread outages if backend systems are affected.

The greatest risk is not necessarily individual attacks — it is the combination of them. Autonomous vehicles are built to be robust in traffic, but they are not immune to disruptions in their digital dependencies.

Why the Industry Uses Structured Security Frameworks

To manage these types of risks, a methodology that covers the vehicle’s entire lifecycle is required. This is why international frameworks such as ISO/SAE 21434 have become essential.They are not meant to create unnecessary bureaucracy; they provide shared rules for building security into:

• design and architecture

• development

• testing

• supply chains

• operations and updates

The real benefit lies in the mindset: working systematically and long-term with risk analysis, technical protections, processes, and monitoring. It is about seeing the vehicle as part of a broader system — and securing that entire system, not just individual components.

This approach will become increasingly important for transport operators, municipalities, regions, and other public organizations planning to introduce autonomous vehicles. It is no longer enough to ask what a system does — you must also understand how safely it does it.

The New Responsibility for Operators and Public Actors

As autonomous systems scale up, part of the responsibility shifts from manufacturers to operators. Transport companies and public actors will need to understand how these systems integrate into daily operations, what dependencies exist, and how incidents should be handled.This does not mean becoming software developers — but building processes and capabilities that match a new reality.

Three areas will be especially important:

1. Integration between vehicles and existing systems

Autonomous vehicles must work seamlessly with IT and OT environments. This requires coordination and clear interfaces.

2. Updates and monitoring in operation

Since autonomous systems evolve over time, organizations need structures to receive, verify, and monitor updates securely.

3. Handling incidents and deviations

When decision-making logic and communication are critical functions, organizations must be prepared to quickly manage faults, disruptions, and potential attacks.

This development resembles critical infrastructure more than traditional fleet operations.

A Realistic and Reasonable Outlook

Autonomous vehicles will not replace everything on the roads overnight. The development will likely progress step by step, beginning with specific applications: industrial areas, ports, logistics hubs, certain public transport routes, and designated freight corridors.But regardless of pace, the digital complexity will follow at every stage.

This means that the actors who start working systematically with security and risk early on will gain a significant advantage. They will be able to adopt the technology as it becomes available — in a safe and predictable way.

Conclusion: Autonomy Requires More Than Technology — It Requires Trust

Self-driving vehicles can make large parts of our transport system smarter and more sustainable. But their potential can only be realized if they are perceived as safe and trustworthy.This is why cybersecurity is not a barrier to development — it is a prerequisite for autonomous transportation to function in practice.

Standards and frameworks play a role, but it is the mindset and working methods behind them that make the difference.The organizations that early understand how security, technology, and operations must work together will be the ones shaping the future of mobility — not simply following it.

Author

Ida Martinsson, Sales & Marketing, Cyber Instincts

Read more about our automotive security services.