Cybersecurity framework for connected and automated vehicles: A modelling perspective

IF 6.3 2区工程技术 Q1 ECONOMICS

Transport Policy Pub Date : 2024-11-24 DOI:10.1016/j.tranpol.2024.11.019

Shah Khalid Khan , Nirajan Shiwakoti , Peter Stasinopoulos , Yilun Chen , Matthew Warren

{"title":"Cybersecurity framework for connected and automated vehicles: A modelling perspective","authors":"Shah Khalid Khan , Nirajan Shiwakoti , Peter Stasinopoulos , Yilun Chen , Matthew Warren","doi":"10.1016/j.tranpol.2024.11.019","DOIUrl":null,"url":null,"abstract":"<div><div>Connected and Automated Vehicles (CAVs) cybersecurity is an inherently complex, multi-dimensional issue that goes beyond isolated hardware or software vulnerabilities, extending to human threats, network vulnerabilities, and broader system-level risks. Currently, no formal, comprehensive tool exists that integrates these diverse dimensions into a unified framework for CAV cybersecurity assessment. This study addresses this challenge by developing a System Dynamics (SD) model for strategic cybersecurity assessment that considers technological challenges, human threats, and public cybersecurity awareness during the CAV rollout. Specifically, the model incorporates a novel SD-based Stock-and-Flow Model (SFM) that maps six key parameters influencing cyberattacks at the system level. These parameters include CAV communication safety, user adoption rates, log file management, hacker capabilities, understanding of hacker motivations (criminology theory maturity), and public awareness of CAV cybersecurity.</div><div>The SFM's structure and behaviour were rigorously tested and then used to analyse five plausible scenarios: i) Baseline (Technological Focus Only), ii) Understanding Hacker Motivations, iii) CAV User and OEM Education, iv) CAV Penetration Rate Increase, and v) CAV Penetration Rate Increase with Human behaviour Analysis. Four metrics are used to benchmark CAV cybersecurity: communication safety, probability of hacking attempts, probability of successful defence, and number of CAV adopters. The results indicate that while baseline technological advancements strengthen communication framework robustness, they may also create new vulnerabilities that hackers could exploit. Conversely, a deeper understanding of hacker motivations (Criminology Theory Maturity) effectively reduces hacking attempts. It fosters a more secure environment for early CAV adopters. Additionally, educating CAV users and OEM increases the probability of defending against cyberattacks. While CAV penetration increases the likelihood of hack defence due to a corresponding rise in attempts, there is a noticeable decrease in hacking attempts with CAV penetration when analysing human behaviour. These findings, when translated into policy instruments, can pave the way for a more optimised and resilient cyber-safe ITS.</div></div>","PeriodicalId":48378,"journal":{"name":"Transport Policy","volume":"162 ","pages":"Pages 47-64"},"PeriodicalIF":6.3000,"publicationDate":"2024-11-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Transport Policy","FirstCategoryId":"5","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0967070X24003561","RegionNum":2,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"ECONOMICS","Score":null,"Total":0}

引用次数: 0

Abstract

Connected and Automated Vehicles (CAVs) cybersecurity is an inherently complex, multi-dimensional issue that goes beyond isolated hardware or software vulnerabilities, extending to human threats, network vulnerabilities, and broader system-level risks. Currently, no formal, comprehensive tool exists that integrates these diverse dimensions into a unified framework for CAV cybersecurity assessment. This study addresses this challenge by developing a System Dynamics (SD) model for strategic cybersecurity assessment that considers technological challenges, human threats, and public cybersecurity awareness during the CAV rollout. Specifically, the model incorporates a novel SD-based Stock-and-Flow Model (SFM) that maps six key parameters influencing cyberattacks at the system level. These parameters include CAV communication safety, user adoption rates, log file management, hacker capabilities, understanding of hacker motivations (criminology theory maturity), and public awareness of CAV cybersecurity.

The SFM's structure and behaviour were rigorously tested and then used to analyse five plausible scenarios: i) Baseline (Technological Focus Only), ii) Understanding Hacker Motivations, iii) CAV User and OEM Education, iv) CAV Penetration Rate Increase, and v) CAV Penetration Rate Increase with Human behaviour Analysis. Four metrics are used to benchmark CAV cybersecurity: communication safety, probability of hacking attempts, probability of successful defence, and number of CAV adopters. The results indicate that while baseline technological advancements strengthen communication framework robustness, they may also create new vulnerabilities that hackers could exploit. Conversely, a deeper understanding of hacker motivations (Criminology Theory Maturity) effectively reduces hacking attempts. It fosters a more secure environment for early CAV adopters. Additionally, educating CAV users and OEM increases the probability of defending against cyberattacks. While CAV penetration increases the likelihood of hack defence due to a corresponding rise in attempts, there is a noticeable decrease in hacking attempts with CAV penetration when analysing human behaviour. These findings, when translated into policy instruments, can pave the way for a more optimised and resilient cyber-safe ITS.

Abstract Image

查看原文本刊更多论文

求助全文

约1分钟内获得全文求助全文

来源期刊

Transport Policy Multiple-

CiteScore

12.10

自引率

10.30%

发文量

282

期刊介绍： Transport Policy is an international journal aimed at bridging the gap between theory and practice in transport. Its subject areas reflect the concerns of policymakers in government, industry, voluntary organisations and the public at large, providing independent, original and rigorous analysis to understand how policy decisions have been taken, monitor their effects, and suggest how they may be improved. The journal treats the transport sector comprehensively, and in the context of other sectors including energy, housing, industry and planning. All modes are covered: land, sea and air; road and rail; public and private; motorised and non-motorised; passenger and freight.