No Cover Image

Journal article 166 views 6 downloads

A quantitative methodology for systemic impact assessment of cyber threats in connected vehicles

Don Jayaratne Orcid Logo, Qian Lu Orcid Logo, Abdur Rakib Orcid Logo, Muhamad Azfar Ramli Orcid Logo, Rakhi Manohar Mepparambath Orcid Logo, Siraj Shaikh Orcid Logo, Hoang Nguyen Orcid Logo

Computers & Security, Volume: 160, Start page: 104729

Swansea University Authors: Don Jayaratne Orcid Logo, Siraj Shaikh Orcid Logo, Hoang Nguyen Orcid Logo

  • 70806.VoR.pdf

    PDF | Version of Record

    © 2025 The Author(s). This is an open access article under the CC BY license.

    Download (3.62MB)

Check full text

DOI (Published version): 10.1016/j.cose.2025.104729

Abstract

The increasing integration of digital technologies in connected vehicles introduces cybersecurity risks that extend beyond individual vehicles, with the potential to disrupt entire transportation systems. Current practice (e.g., ISO/SAE 21434 TARA) focuses on threat identification and qualitative im...

Full description

Published in: Computers & Security
ISSN: 0167-4048 1872-6208
Published: Elsevier BV 2026
Online Access: Check full text

URI: https://cronfa.swan.ac.uk/Record/cronfa70806
Abstract: The increasing integration of digital technologies in connected vehicles introduces cybersecurity risks that extend beyond individual vehicles, with the potential to disrupt entire transportation systems. Current practice (e.g., ISO/SAE 21434 TARA) focuses on threat identification and qualitative impact ratings at the vehicle boundary, with limited systemic quantification. This study presents a systematic, simulation-based methodology for quantifying the systemic operational and safety impacts of cyber threats on connected vehicles, evaluating cascading effects across the transport network. Three representative scenarios are examined: (I) telematics-induced sudden braking causing a cascading collision, (II) remote disabling on a motorway (M25) segment, and (III) a compromised Roadside Unit (RSU) spoofing Variable Speed Limit (VSL) and phantom lane closure messages to connected and automated vehicles (CAVs). The results highlight the potential for cascading safety incidents and systemic operational degradation, as evidenced by the defined systemic operational and safety vectors, factors that are insufficiently addressed in the current scope of the ISO/SAE 21434 standard, which primarily focuses on individual vehicle-level threats. The findings underscore the need to incorporate systemic evaluation into existing frameworks to enhance cyber resilience across connected vehicle ecosystems. The framework complements ISO/SAE 21434 by supplying quantitative, reproducible evidence for the impact rating step at a systemic scale, reducing assessor subjectivity and supporting policy and operations, enabling more data-driven evaluations of systemic cyber risks.
Keywords: Connected Vehicles; Automotive Cybersecurity; Threat Analysis and Risk Assessment; Impact Assessment; Simulation
College: Faculty of Science and Engineering
Funders: This work was supported by Coventry University, UK and the A*STAR Research Attachment Programme (ARAP), Singapore.
Start Page: 104729

Similar Items