Affected vehicle population in automotive cyber risk assessments

Abstract

The computerised and connected car brings with it the possibility of cyber-attacks. The automotive industry is addressing the cyber threat with new regulations and standards. As a result, cyber risk assessments will become part of the systems engineering process as vehicle manufacturers build cyber resilience and trust into their products. This work examines an overlooked aspect of automotive cyber threats, that of the affected vehicle population as a risk rating impact factor. It examines real-world attacks for a qualitatively affected population and then uses UK vehicle statistics to see if the qualitative population can be related to physical quantities. A vehicle population risk rating impact factor was derived from the real-world UK vehicle data; however, limitations exist, and further work is required to quantify other vehicle risk assessment impact and likelihood factors.