Intelligent Transportation System Security: Impact-Oriented Risk Assessment of in-Vehicle Networks

Abstract

The concept of Intelligent Transportation Systems (ITS) was developed in the 1980s when then upcoming technologies and cognitive information were incorporated into the road infrastructures and vehicles. The ITS infrastructure is critical yet not immune to both physical and cyber threats. Vehicles are cyber-physical systems which are a core component of ITS, can be either a target or a launching point for an attack on the ITS network. Unknown vehicle security vulnerabilities trigger a race among adversaries to exploit the weaknesses and security experts to mitigate the vulnerability. In this study, we identified opportunities for adversaries to take control of the in-vehicle network, which can compromise the safety, privacy, reliability, efficiency, and security of the transportation system. This study contributes in three ways to the literature of ITS security and resiliency. First, we aggregate individual risks that are associated with hacking the in-vehicle network to determine system-level risk. Second, we employ a risk-based model to conduct a qualitative vulnerability-oriented risk assessment. Third, we identify the consequences of hacking the in-vehicle network through a risk-based approach, using an impact-likelihood matrix. The qualitative assessment communicates risk outcomes for policy analysis. The outcome of this study would be of interest and usefulness to policymakers and engineers concerned with the potential vulnerabilities of such critical infrastructures.