Cybersecurity framework for connected and automated vehicles: A modelling perspective

IF 6.3 2区工程技术 Q1 ECONOMICS Transport Policy Pub Date : 2025-03-01 Epub Date: 2024-11-24 DOI:10.1016/j.tranpol.2024.11.019

Shah Khalid Khan , Nirajan Shiwakoti , Peter Stasinopoulos , Yilun Chen , Matthew Warren

{"title":"Cybersecurity framework for connected and automated vehicles: A modelling perspective","authors":"Shah Khalid Khan , Nirajan Shiwakoti , Peter Stasinopoulos , Yilun Chen , Matthew Warren","doi":"10.1016/j.tranpol.2024.11.019","DOIUrl":null,"url":null,"abstract":"<div><div>Connected and Automated Vehicles (CAVs) cybersecurity is an inherently complex, multi-dimensional issue that goes beyond isolated hardware or software vulnerabilities, extending to human threats, network vulnerabilities, and broader system-level risks. Currently, no formal, comprehensive tool exists that integrates these diverse dimensions into a unified framework for CAV cybersecurity assessment. This study addresses this challenge by developing a System Dynamics (SD) model for strategic cybersecurity assessment that considers technological challenges, human threats, and public cybersecurity awareness during the CAV rollout. Specifically, the model incorporates a novel SD-based Stock-and-Flow Model (SFM) that maps six key parameters influencing cyberattacks at the system level. These parameters include CAV communication safety, user adoption rates, log file management, hacker capabilities, understanding of hacker motivations (criminology theory maturity), and public awareness of CAV cybersecurity.</div><div>The SFM's structure and behaviour were rigorously tested and then used to analyse five plausible scenarios: i) Baseline (Technological Focus Only), ii) Understanding Hacker Motivations, iii) CAV User and OEM Education, iv) CAV Penetration Rate Increase, and v) CAV Penetration Rate Increase with Human behaviour Analysis. Four metrics are used to benchmark CAV cybersecurity: communication safety, probability of hacking attempts, probability of successful defence, and number of CAV adopters. The results indicate that while baseline technological advancements strengthen communication framework robustness, they may also create new vulnerabilities that hackers could exploit. Conversely, a deeper understanding of hacker motivations (Criminology Theory Maturity) effectively reduces hacking attempts. It fosters a more secure environment for early CAV adopters. Additionally, educating CAV users and OEM increases the probability of defending against cyberattacks. While CAV penetration increases the likelihood of hack defence due to a corresponding rise in attempts, there is a noticeable decrease in hacking attempts with CAV penetration when analysing human behaviour. These findings, when translated into policy instruments, can pave the way for a more optimised and resilient cyber-safe ITS.</div></div>","PeriodicalId":48378,"journal":{"name":"Transport Policy","volume":"162 ","pages":"Pages 47-64"},"PeriodicalIF":6.3000,"publicationDate":"2025-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Transport Policy","FirstCategoryId":"5","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0967070X24003561","RegionNum":2,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"2024/11/24 0:00:00","PubModel":"Epub","JCR":"Q1","JCRName":"ECONOMICS","Score":null,"Total":0}

引用次数: 0

Abstract

Connected and Automated Vehicles (CAVs) cybersecurity is an inherently complex, multi-dimensional issue that goes beyond isolated hardware or software vulnerabilities, extending to human threats, network vulnerabilities, and broader system-level risks. Currently, no formal, comprehensive tool exists that integrates these diverse dimensions into a unified framework for CAV cybersecurity assessment. This study addresses this challenge by developing a System Dynamics (SD) model for strategic cybersecurity assessment that considers technological challenges, human threats, and public cybersecurity awareness during the CAV rollout. Specifically, the model incorporates a novel SD-based Stock-and-Flow Model (SFM) that maps six key parameters influencing cyberattacks at the system level. These parameters include CAV communication safety, user adoption rates, log file management, hacker capabilities, understanding of hacker motivations (criminology theory maturity), and public awareness of CAV cybersecurity.

The SFM's structure and behaviour were rigorously tested and then used to analyse five plausible scenarios: i) Baseline (Technological Focus Only), ii) Understanding Hacker Motivations, iii) CAV User and OEM Education, iv) CAV Penetration Rate Increase, and v) CAV Penetration Rate Increase with Human behaviour Analysis. Four metrics are used to benchmark CAV cybersecurity: communication safety, probability of hacking attempts, probability of successful defence, and number of CAV adopters. The results indicate that while baseline technological advancements strengthen communication framework robustness, they may also create new vulnerabilities that hackers could exploit. Conversely, a deeper understanding of hacker motivations (Criminology Theory Maturity) effectively reduces hacking attempts. It fosters a more secure environment for early CAV adopters. Additionally, educating CAV users and OEM increases the probability of defending against cyberattacks. While CAV penetration increases the likelihood of hack defence due to a corresponding rise in attempts, there is a noticeable decrease in hacking attempts with CAV penetration when analysing human behaviour. These findings, when translated into policy instruments, can pave the way for a more optimised and resilient cyber-safe ITS.

Abstract Image

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

联网和自动驾驶车辆的网络安全框架：建模视角

网联和自动驾驶汽车（cav）的网络安全本质上是一个复杂的、多维的问题，它超越了孤立的硬件或软件漏洞，扩展到人类威胁、网络漏洞和更广泛的系统级风险。目前，还没有正式的、全面的工具将这些不同的维度集成到CAV网络安全评估的统一框架中。本研究通过开发用于战略网络安全评估的系统动力学（SD）模型来解决这一挑战，该模型考虑了CAV推出期间的技术挑战、人类威胁和公众网络安全意识。具体来说，该模型结合了一种新的基于sd的库存和流量模型（SFM），该模型映射了影响系统级网络攻击的六个关键参数。这些参数包括CAV通信安全性、用户采用率、日志文件管理、黑客能力、对黑客动机的理解（犯罪学理论成熟度）以及公众对CAV网络安全的认识。SFM的结构和行为经过严格测试，然后用于分析五种可能的场景：i)基线（仅关注技术），ii)理解黑客动机，iii) CAV用户和OEM教育，iv) CAV渗透率增加，v) CAV渗透率增加与人类行为分析。四个指标被用来对CAV网络安全进行基准测试：通信安全、黑客攻击的可能性、成功防御的可能性和CAV采用者的数量。结果表明，虽然基线技术进步增强了通信框架的稳健性，但它们也可能产生黑客可能利用的新漏洞。相反，对黑客动机的更深入理解（犯罪学理论成熟度）有效地减少了黑客行为。它为早期的CAV采用者提供了一个更安全的环境。此外，教育CAV用户和OEM增加了防御网络攻击的可能性。虽然CAV渗透增加了黑客防御的可能性，因为尝试的相应增加，但在分析人类行为时，CAV渗透的黑客尝试明显减少。当这些发现转化为政策工具时，可以为更优化和更有弹性的网络安全ITS铺平道路。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Transport Policy Multiple-

CiteScore

12.10

自引率

10.30%

发文量

282

期刊介绍： Transport Policy is an international journal aimed at bridging the gap between theory and practice in transport. Its subject areas reflect the concerns of policymakers in government, industry, voluntary organisations and the public at large, providing independent, original and rigorous analysis to understand how policy decisions have been taken, monitor their effects, and suggest how they may be improved. The journal treats the transport sector comprehensively, and in the context of other sectors including energy, housing, industry and planning. All modes are covered: land, sea and air; road and rail; public and private; motorised and non-motorised; passenger and freight.