Connected and autonomous vehicles: A cyber-risk classification framework

Sheehan, Barry; Murphy, Finbarr; Mullins, Martin; Ryan, Cian

doi:10.1016/j.tra.2018.06.033

Cited by 111 publications

(52 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A significant cyber threat assessment methodology is CVSS (Common Vulnerability Scoring System), where a score is given to a cyber vulnerability according to its characteristics (Sheehan et al 2019). The characteristics used for calculation of the score include the impact of the attack (ibid).…”

Section: Introductionmentioning

confidence: 99%

A quantitative bow-tie cyber risk classification and assessment framework

Sheehan

Murphy

Kia

et al. 2021

Journal of Risk Research

Self Cite

View full text Add to dashboard Cite

Cyber-attacks pose a growing threat to global commerce that is increasingly reliant on digital technology to conduct business. Traditional risk assessment and underwriting practices face serious shortcomings when encountered with cyber threats. Conventional assessment frameworks rate risk based on historical frequency and severity of losses incurred, this method is effective for known risks; however, due to the absence of historical data, prove ineffective for assessing cyber risk. This paper proposes a conceptual cyber risk classification and assessment framework, designed to demonstrate the significance of proactive and reactive barriers in reducing companies' exposure to cyber risk and quantify the risk. This method combines a bow-tie model with a risk matrix to produce a rating based on the likelihood of a cyber-threat occurring and the potential severity of the resulting consequences. The model can accommodate both historical data and expert opinion and previously known frameworks to score the Threats, Barriers and Escalators for the framework. The resultant framework is applied to a large city hospital in Europe. The results highlighted both cyber weaknesses and actions that should be taken to bolster cyber defences. The results provide a quick visual guide that is assessable to both experts and management. It also provides a practical framework that allows insurers to assess risks, visualise areas of concern and record the effectiveness of implementing control barriers.

show abstract

Section: Introductionmentioning

confidence: 99%

A quantitative bow-tie cyber risk classification and assessment framework

Sheehan

Murphy

Kia

et al. 2021

Journal of Risk Research

Self Cite

View full text Add to dashboard Cite

show abstract

“…Reliance on cyber components makes CAVs susceptible to cyber-attacks as well as physical attacks whereby an adversary can manipulate shared data, internal sensor readings and GPS signals with the intent of committing fraud or causing harm [2], , [10]. Numerous cyber threats and exploits are reported in the literature, such as hacking ECUs (Engine Control Unit), GPS spoofing, modified traffic signs, CAN (Car Area Network) injection of fake bits and manipulation of sensor values [17] [18]. The available literature on the security attacks to CAVs is quite vast [11], [12], [13].…”

Section: Introductionmentioning

confidence: 99%

“…Some automotive manufacturers suggest the usage of Wi-Fi technology for connected cars communication, though it has been rejected by European Commission in 2019 [16]. Communication between the vehicle and infrastructure, such as road signs, offers remote attack access for a malicious actor to detect and exploit vulnerabilities in the system [17]. Unlike a typical home network, a successful breach of security on a connected vehicle's GPS signal or any of its embedded systems and sensors may not only trigger traffic disruption and waste of time but also directly endanger the safety of its human passengers and environment.…”

Section: Introductionmentioning

confidence: 99%

Vulnerability Assessment Of Vehicle To Infrastructure Communication: A Case Study Of Unmanned Ground Vehicle

Abdullahi

Dargahi

Babaie

2020

2020 IEEE Globecom Workshops (GC WKSHPS

View full text Add to dashboard Cite

In recent years, increase in the development of connected and autonomous vehicles (CAVs) has sparked cyber security concerns. In particular, vehicle-to-everything (V2X) communication, which is essential for CAV and the transportation system, has introduced a new threat landscape and created several attack surfaces for malicious agents. The available literature on cyber-attacks mostly concentrate on sophisticated tools and equipment in performing malicious activities. However, ignorance of simple attack and defense methods, sometimes as simple as defining proper access policies, is among top reasons for cyber-attacks. This paper aims to emphasize on the need for practicing security-bydesign and increase awareness of manufacturers and developers to adopt minimum security measures. A generic network communication vulnerability assessment method is adopted to perform navigational attack through GPS falsification on connected vehicles, using an Unmanned Ground Vehicles (UGV) as a case study. This paper underlines the Wi-Fi security threats if used for V2X communication without proper access control measures in place. The experimental analysis demonstrates exploitation of a vulnerability which allows full control and backend navigation manipulation with respect to the UGV movement.

show abstract

“…While many of the attacks against traditional vehicles could be modelled using this reference architecture, we target L3-L5 autonomous vehicles (which are described in Table 1). These are the new and emerging autonomous vehicles that are beginning to be deployed, and which will encounter new threats compared to L0-L2 vehicles [9]. These new threats may try to manipulate input sensor data [10] in order to affect how and where an autonomous vehicle drives, or may simply try to remotely take control of the vehicle's functions [11].…”

Section: Introductionmentioning

confidence: 99%

A Connected and Autonomous Vehicle Reference Architecture for Attack Surface Analysis

Maple

Bradbury

et al. 2019

Applied Sciences

View full text Add to dashboard Cite

Connected autonomous vehicles (CAVs) will be deployed over the next decade with autonomous functionalities supported by new sensing and communication capabilities. Such functionality exposes CAVs to new attacks that current vehicles will not face. To ensure the safety and security of CAVs, it is important to be able to identify the ways in which the system could be attacked and to build defences against these attacks. One possible approach is to use reference architectures to perform an attack surface analysis. Existing research has developed a variety of reference architectures but none for the specific purpose of attack surface analysis. Existing approaches are either too simple for sufficiently detailed modelling or require too many details to be specified to easily analyse a CAV’s attack surface. Therefore, we propose a reference architecture using a hybrid Functional-Communication viewpoint for attack surface analysis of CAVs, including the Devices, Edge and Cloud systems CAVs interact with. Using two case studies, we demonstrate how attack trees can be used to understand the attack surface of CAV systems.

show abstract

Connected and autonomous vehicles: A cyber-risk classification framework

Cited by 111 publications

References 20 publications

A quantitative bow-tie cyber risk classification and assessment framework

A quantitative bow-tie cyber risk classification and assessment framework

Vulnerability Assessment Of Vehicle To Infrastructure Communication: A Case Study Of Unmanned Ground Vehicle

A Connected and Autonomous Vehicle Reference Architecture for Attack Surface Analysis

Contact Info

Product

Resources

About