@article{ref1,
title="Connected and autonomous vehicles: a cyber-risk classification framework",
journal="Transportation research part A: policy and practice",
year="2019",
author="Sheehan, Barry and Murphy, Finbarr and Mullins, Martin and Ryan, Cian",
volume="124",
number="",
pages="523-536",
abstract="The proliferation of technologies embedded in connected and autonomous vehicles (CAVs) increases the potential of cyber-attacks. The communication systems between vehicles and infrastructure present remote attack access for malicious hackers to exploit system vulnerabilities. Increased connectivity combined with autonomous driving functions pose a considerable threat to the vast socioeconomic benefits promised by CAVs. However, the absence of historical information on cyber-attacks mean that traditional risk assessment methods are rendered ineffective. This paper proposes a proactive CAV cyber-risk classification model which overcomes this issue by incorporating known software vulnerabilities contained within the US National Vulnerability Database into model building and testing phases. This method uses a Bayesian Network (BN) model, premised on the variables and causal relationships derived from the Common Vulnerability Scoring Scheme (CVSS), to represent the probabilistic structure and parameterisation of CAV cyber-risk. The resulting BN model is validated with an out-of-sample test demonstrating nearly 100% prediction accuracy of the quantitative risk score and qualitative risk level. The model is then applied to the use-case of GPS systems of a CAV with and without cryptographic authentication. In the use case, we demonstrate how the model can be used to predict the effect of risk reduction measures.<p /> <p>Language: en</p>",
language="en",
issn="0965-8564",
doi="10.1016/j.tra.2018.06.033",
url="http://dx.doi.org/10.1016/j.tra.2018.06.033"
}