Abstract
The proliferation of technologies embedded in connected and autonomous vehicles (CAVs) increases the potential of cyber-attacks. The communication systems between vehicles and infrastructure present remote attack access for malicious hackers to exploit system vulnerabilities. Increased connectivity combined with autonomous driving functions pose a considerable threat to the vast socioeconomic benefits promised by CAVs. However, the absence of historical information on cyber-attacks mean that traditional risk assessment methods are rendered ineffective. This paper proposes a proactive CAV cyber-risk classification model which overcomes this issue by incorporating known software vulnerabilities contained within the US National Vulnerability Database into model building and testing phases. This method uses a Bayesian Network (BN) model, premised on the variables and causal relationships derived from the Common Vulnerability Scoring Scheme (CVSS), to represent the probabilistic structure and parameterisation of CAV cyber-risk. The resulting BN model is validated with an out-of-sample test demonstrating nearly 100% prediction accuracy of the quantitative risk score and qualitative risk level. The model is then applied to the use-case of GPS systems of a CAV with and without cryptographic authentication. In the use case, we demonstrate how the model can be used to predict the effect of risk reduction measures.
Highlights
The multiplicity of enabling technologies embedded within connected and autonomous vehicles (CAVs) promises prevention and mitigation of accidents, reduction in greenhouse gas emissions and more efficient utility of energy and infrastructure (Hult et al, 2016)
We present a Bayesian network (BN) cyber-risk classification model and demonstrate its ability to rank the risk of a CAV Global Positioning System (GPS) system vulnerability
A Bayesian Network (BN) model is proposed which utilizes the large collection of known software vulnerabilities stored in the National Vulnerability Database (NVD) and the standardised Common Vulnerability Scoring System (CVSS) scoring mechanisms to classify cyber-risk for CAV systems
Summary
The multiplicity of enabling technologies embedded within connected and autonomous vehicles (CAVs) promises prevention and mitigation of accidents, reduction in greenhouse gas emissions and more efficient utility of energy and infrastructure (Hult et al, 2016). A primary goal of driver-less vehicles is the reduction of road fatalities predominately caused by human error It is again humans who pose the greatest threat to CAVs. The creators of the enabling technologies may unwittingly. We present a Bayesian network (BN) cyber-risk classification model and demonstrate its ability to rank the risk of a CAV GPS system vulnerability. This model can be used by insurers, vehicle manufacturers and suppliers to classify the risk of CAVs using known system vulnerabilities. It can be used to forecast future vulnerabilities using scenario analysis To our knowledge, this is the first application of a probabilistic risk assessment of CAVs cyber systems using a significant data set
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
