Review of Risk Assessment Methods for Cybersecurity Attacks on Road Network and Intelligent Transportation System Applications

One of the most discussed infrastructure issues of our time is cybersecurity. A transportation system that connects not only people but also logistics to make the community around the world closer is one of the critical infrastructures requiring cybersecurity to perform its functions. Transportation systems include aviation, maritime, pipeline, railroad, and road networks. This study focuses only on the roadway network system. Cutting-edge technologies related to highway networks, such as variable message signs, vehicular ad hoc networks, and in-vehicle networks, have been developed to improve safety and efficiency. Those technologies make transportation systems more complex and integrated, bringing many potential vulnerabilities and cyber risks. This can attract an adversary to attack and exploit the system. The number of cybersecurity attacks on transportation systems has been growing for many years. However, it is not feasible to protect against all cybersecurity attacks in the system. The risk assessment concept is proposed to prioritize risk resulting from attacks to support decision-makers in formulating appropriate policies or countermeasures. This study reviews risk assessment methods for cybersecurity attacks on road networks and intelligent transportation system applications. Three potential risk assessment methods are examined for road network systems: the National Institute of Standards and Technology Special Publication 800-30, Attack Potential and Damage Potential, and the fuzzy analytic hierarchy process.