A platform for research: civil engineering, architecture and urbanism
A platform for research: civil engineering, architecture and urbanism
Connected and autonomous vehicles: A cyber-risk classification framework
Abstract The proliferation of technologies embedded in connected and autonomous vehicles (CAVs) increases the potential of cyber-attacks. The communication systems between vehicles and infrastructure present remote attack access for malicious hackers to exploit system vulnerabilities. Increased connectivity combined with autonomous driving functions pose a considerable threat to the vast socioeconomic benefits promised by CAVs. However, the absence of historical information on cyber-attacks mean that traditional risk assessment methods are rendered ineffective. This paper proposes a proactive CAV cyber-risk classification model which overcomes this issue by incorporating known software vulnerabilities contained within the US National Vulnerability Database into model building and testing phases. This method uses a Bayesian Network (BN) model, premised on the variables and causal relationships derived from the Common Vulnerability Scoring Scheme (CVSS), to represent the probabilistic structure and parameterisation of CAV cyber-risk. The resulting BN model is validated with an out-of-sample test demonstrating nearly 100% prediction accuracy of the quantitative risk score and qualitative risk level. The model is then applied to the use-case of GPS systems of a CAV with and without cryptographic authentication. In the use case, we demonstrate how the model can be used to predict the effect of risk reduction measures.
Connected and autonomous vehicles: A cyber-risk classification framework
Abstract The proliferation of technologies embedded in connected and autonomous vehicles (CAVs) increases the potential of cyber-attacks. The communication systems between vehicles and infrastructure present remote attack access for malicious hackers to exploit system vulnerabilities. Increased connectivity combined with autonomous driving functions pose a considerable threat to the vast socioeconomic benefits promised by CAVs. However, the absence of historical information on cyber-attacks mean that traditional risk assessment methods are rendered ineffective. This paper proposes a proactive CAV cyber-risk classification model which overcomes this issue by incorporating known software vulnerabilities contained within the US National Vulnerability Database into model building and testing phases. This method uses a Bayesian Network (BN) model, premised on the variables and causal relationships derived from the Common Vulnerability Scoring Scheme (CVSS), to represent the probabilistic structure and parameterisation of CAV cyber-risk. The resulting BN model is validated with an out-of-sample test demonstrating nearly 100% prediction accuracy of the quantitative risk score and qualitative risk level. The model is then applied to the use-case of GPS systems of a CAV with and without cryptographic authentication. In the use case, we demonstrate how the model can be used to predict the effect of risk reduction measures.
Connected and autonomous vehicles: A cyber-risk classification framework
Sheehan, Barry (author) / Murphy, Finbarr (author) / Mullins, Martin (author) / Ryan, Cian (author)
Transportation Research Part A: Policy and Practice ; 124 ; 523-536
2018-01-01
14 pages
Article (Journal)
Electronic Resource
English
Connected and autonomous vehicles , Intelligent transport systems , Cyber-risk , Cyber liability , Risk assessment , Auto insurance , Bayesian networks , CAV , Connected and Autonomous Vehicle , BN , Bayesian Network , ECU , Electronic Control Units , NVD , National Vulnerability Database , CVSS , Common Vulnerability Scoring Scheme , OEM , Original Equipment Manufacturer , ASIL , Automotive Safety Integrity Level , GPS , Global Positioning System , TPMS , Tyre Pressure Monitoring Systems , CAN , Controller Area Network , OTA , Over-the-air , EM , Expectation-Maximisation , ML , Maximum Likelihood , ISO , International Organisation of Standardization , SAE , Society of Automotive Engineers , PCI , Payment Card Industry , Mod , Modified , Req , Requirement , Env , Environmental , Temp , Temporal , Adj , Adjacent , Ctrl , Control , Meas , Measurement , Infra , Infrastructure , V2V , Vehicle to Vehicle , V2I , Vehicle to Infrastructure , V2X , Vehicle to Everything , Cmplx , Complexity , Avail , Availability , Conf , Confidentiality , N , None , L , Low , M , Medium , H , High , C , Critical , Vers , Version , P , Probability
Cyber Physical Systems in Transportation: Traffic Management With Connected and Autonomous Vehicles
| Springer Verlag | 2020
Cyber risk assessment of cyber-enabled autonomous cargo vessel
| Elsevier | 2024
A new highway cost allocation framework in the day of connected and autonomous vehicles
| DOAJ | 2024
AI-Driven Cyber Risk Management Framework
| Springer Verlag | 2024