Jayaratne, D. N. D., Kamtam, S. H., Shaikh, S. A., Ramli, M. A., Lu, Q., Mepparambath, R. M., Nguyen, H. N., Rakib, A. (2024). A simulation framework for automotive cybersecurity risk assessment. Simulation Modelling Practice and Theory, 136, 103005. https://doi.org/10.1016/j.simpat.2024.103005
Abstract:
Human-initiated disruptions such as cyberattacks on connected vehicles have the potential to cause cascading failures in transport systems, leading to systemic risks. ‘ISO/SAE 21434:2021 Road vehicles - Cybersecurity engineering’ is the current standard for risk management of road vehicles. However, the threat analysis and risk assessment framework given in the standard focuses on asset-level analysis and assessment. Hence, this study develops a novel simulation-based framework to perform threat analysis and risk assessment on connected vehicles from a transport network perspective. The proposed framework is developed based on the ISO/SAE 21434 threat analysis and risk assessment methodology. We demonstrate the applicability and usefulness of the framework through a remote attack via the cellular network on the in-vehicle communication bus system of a connected vehicle to show the potential impacts on the transport network. Based on the findings of our case studies, we exemplify how cyberattacks on individual system components of a connected vehicle have the potential to cause systemic failures.
License type:
Attribution 4.0 International (CC BY 4.0)
Funding Info:
This work was supported by Coventry University and the A*STAR Research Attachment Programme (ARAP).