Safety and security analysis of Connected and Automated Vehicles: A methodology based on Interaction with stakeholders

Connected and Automated Vehicles (CAVs) are becoming global phenomena and making their way into our society. With the increase in vehicle system automation and connectivity levels, reliance on technology increases, which reduces the human influence on vehicle dynamic driving tasks. This development significantly transformed the nature of human-vehicle interaction design from control to supervisory control. The final goal of CAVs is to enable driverless rides (SAE L 4 – 5), where various stakeholders (passengers, service providers, and insurers) will interact during the post-development phases of the vehicle life cycle. CAVs are susceptible to safety and cyber security attacks where a successful attack could lead to various safety, operational, financial, and privacy losses. This paper aims to propose a methodology for safety and security analysis of CAV interaction with various stakeholders and is aligned with automotive cyber security standard ISO/SAE 21434 TARA. This standard provides the guideline to perform risk management for vehicles, considering the vehicle system level only; whereas the prescribed methodology will complement standard ISO/SAE 21434, performs safety and security analysis based on the CAV - Stakeholders interaction model and investigates the impact of cybersecurity incidents on various stakeholders. The paper presents the methodology which builds upon knowledge combining the known techniques from safety and security domains. The research results in developing an interaction model, and identifying interaction assets, their vulnerabilities, and threats. Furthermore, it performs an attack consequences analysis to demonstrate the impact of the attack on various stakeholders. The developed methodology can be applied to any post-development phase of the CAV life such as operation, maintenance, and decommissioning.