A quantitative methodology for systemic impact assessment of cyber threats in connected vehicles

Jayaratne, Don; Lu, Qian; Rakib, Abdur; Ramli, Muhamad Azfar; Mepparambath, Rakhi Manohar; Shaikh, Siraj; Nguyen, Hoang

doi:10.1016/j.cose.2025.104729

Journal article 166 views 6 downloads

A quantitative methodology for systemic impact assessment of cyber threats in connected vehicles

Don Jayaratne

, Qian Lu

, Abdur Rakib

, Muhamad Azfar Ramli

, Rakhi Manohar Mepparambath

, Siraj Shaikh

, Hoang Nguyen

Computers & Security, Volume: 160, Start page: 104729

Swansea University Authors: Don Jayaratne , Siraj Shaikh , Hoang Nguyen

PDF | Version of Record

© 2025 The Author(s). This is an open access article under the CC BY license.
Download (3.62MB)

Check full text

DOI (Published version): 10.1016/j.cose.2025.104729

Abstract

The increasing integration of digital technologies in connected vehicles introduces cybersecurity risks that extend beyond individual vehicles, with the potential to disrupt entire transportation systems. Current practice (e.g., ISO/SAE 21434 TARA) focuses on threat identification and qualitative im...

Full description

Published in:	Computers & Security
ISSN:	0167-4048 1872-6208
Published:	Elsevier BV 2026
Online Access:	Check full text
URI:	https://cronfa.swan.ac.uk/Record/cronfa70806

first_indexed	2025-10-31T14:11:18Z
last_indexed	2025-11-21T09:53:15Z
id	cronfa70806
recordtype	SURis
fullrecord	<?xml version="1.0"?><rfc1807><datestamp>2025-11-19T11:11:46.0730344</datestamp><bib-version>v2</bib-version><id>70806</id><entry>2025-10-31</entry><title>A quantitative methodology for systemic impact assessment of cyber threats in connected vehicles</title><swanseaauthors><author><sid>187e2e9d4a5bec923bfadcc9313708dc</sid><ORCID>0000-0001-9493-5808</ORCID><firstname>Don</firstname><surname>Jayaratne</surname><name>Don Jayaratne</name><active>true</active><ethesisStudent>false</ethesisStudent></author><author><sid>50117e8faac2d0937989e14847105704</sid><ORCID>0000-0002-0726-3319</ORCID><firstname>Siraj</firstname><surname>Shaikh</surname><name>Siraj Shaikh</name><active>true</active><ethesisStudent>false</ethesisStudent></author><author><sid>cb24d5c5080534dc5b5e3390f24dd422</sid><ORCID>0000-0003-0260-1697</ORCID><firstname>Hoang</firstname><surname>Nguyen</surname><name>Hoang Nguyen</name><active>true</active><ethesisStudent>false</ethesisStudent></author></swanseaauthors><date>2025-10-31</date><deptcode>MACS</deptcode><abstract>The increasing integration of digital technologies in connected vehicles introduces cybersecurity risks that extend beyond individual vehicles, with the potential to disrupt entire transportation systems. Current practice (e.g., ISO/SAE 21434 TARA) focuses on threat identification and qualitative impact ratings at the vehicle boundary, with limited systemic quantification. This study presents a systematic, simulation-based methodology for quantifying the systemic operational and safety impacts of cyber threats on connected vehicles, evaluating cascading effects across the transport network. Three representative scenarios are examined: (I) telematics-induced sudden braking causing a cascading collision, (II) remote disabling on a motorway (M25) segment, and (III) a compromised Roadside Unit (RSU) spoofing Variable Speed Limit (VSL) and phantom lane closure messages to connected and automated vehicles (CAVs). The results highlight the potential for cascading safety incidents and systemic operational degradation, as evidenced by the defined systemic operational and safety vectors, factors that are insufficiently addressed in the current scope of the ISO/SAE 21434 standard, which primarily focuses on individual vehicle-level threats. The findings underscore the need to incorporate systemic evaluation into existing frameworks to enhance cyber resilience across connected vehicle ecosystems. The framework complements ISO/SAE 21434 by supplying quantitative, reproducible evidence for the impact rating step at a systemic scale, reducing assessor subjectivity and supporting policy and operations, enabling more data-driven evaluations of systemic cyber risks.</abstract><type>Journal Article</type><journal>Computers &amp; Security</journal><volume>160</volume><journalNumber/><paginationStart>104729</paginationStart><paginationEnd/><publisher>Elsevier BV</publisher><placeOfPublication/><isbnPrint/><isbnElectronic/><issnPrint>0167-4048</issnPrint><issnElectronic>1872-6208</issnElectronic><keywords>Connected Vehicles; Automotive Cybersecurity; Threat Analysis and Risk Assessment; Impact Assessment; Simulation</keywords><publishedDay>1</publishedDay><publishedMonth>1</publishedMonth><publishedYear>2026</publishedYear><publishedDate>2026-01-01</publishedDate><doi>10.1016/j.cose.2025.104729</doi><url/><notes/><college>COLLEGE NANME</college><department>Mathematics and Computer Science School</department><CollegeCode>COLLEGE CODE</CollegeCode><DepartmentCode>MACS</DepartmentCode><institution>Swansea University</institution><apcterm>Another institution paid the OA fee</apcterm><funders>This work was supported by Coventry University, UK and the A*STAR Research Attachment Programme (ARAP), Singapore.</funders><projectreference/><lastEdited>2025-11-19T11:11:46.0730344</lastEdited><Created>2025-10-31T14:08:18.9593610</Created><path><level id="1">Faculty of Science and Engineering</level><level id="2">School of Mathematics and Computer Science - Computer Science</level></path><authors><author><firstname>Don</firstname><surname>Jayaratne</surname><orcid>0000-0001-9493-5808</orcid><order>1</order></author><author><firstname>Qian</firstname><surname>Lu</surname><orcid>0000-0001-8235-853x</orcid><order>2</order></author><author><firstname>Abdur</firstname><surname>Rakib</surname><orcid>0000-0001-5430-450x</orcid><order>3</order></author><author><firstname>Muhamad Azfar</firstname><surname>Ramli</surname><orcid>0000-0002-6321-0828</orcid><order>4</order></author><author><firstname>Rakhi Manohar</firstname><surname>Mepparambath</surname><orcid>0000-0003-3308-7838</orcid><order>5</order></author><author><firstname>Siraj</firstname><surname>Shaikh</surname><orcid>0000-0002-0726-3319</orcid><order>6</order></author><author><firstname>Hoang</firstname><surname>Nguyen</surname><orcid>0000-0003-0260-1697</orcid><order>7</order></author></authors><documents><document><filename>70806__35660__96d536c5cf584d9ea2a8d0e4407c0559.pdf</filename><originalFilename>70806.VoR.pdf</originalFilename><uploaded>2025-11-19T10:58:38.8334251</uploaded><type>Output</type><contentLength>3796723</contentLength><contentType>application/pdf</contentType><version>Version of Record</version><cronfaStatus>true</cronfaStatus><documentNotes>© 2025 The Author(s). This is an open access article under the CC BY license.</documentNotes><copyrightCorrect>true</copyrightCorrect><language>eng</language><licence>http://creativecommons.org/licenses/by/4.0/</licence></document></documents><OutputDurs/></rfc1807>
spelling	2025-11-19T11:11:46.0730344 v2 70806 2025-10-31 A quantitative methodology for systemic impact assessment of cyber threats in connected vehicles 187e2e9d4a5bec923bfadcc9313708dc 0000-0001-9493-5808 Don Jayaratne Don Jayaratne true false 50117e8faac2d0937989e14847105704 0000-0002-0726-3319 Siraj Shaikh Siraj Shaikh true false cb24d5c5080534dc5b5e3390f24dd422 0000-0003-0260-1697 Hoang Nguyen Hoang Nguyen true false 2025-10-31 MACS The increasing integration of digital technologies in connected vehicles introduces cybersecurity risks that extend beyond individual vehicles, with the potential to disrupt entire transportation systems. Current practice (e.g., ISO/SAE 21434 TARA) focuses on threat identification and qualitative impact ratings at the vehicle boundary, with limited systemic quantification. This study presents a systematic, simulation-based methodology for quantifying the systemic operational and safety impacts of cyber threats on connected vehicles, evaluating cascading effects across the transport network. Three representative scenarios are examined: (I) telematics-induced sudden braking causing a cascading collision, (II) remote disabling on a motorway (M25) segment, and (III) a compromised Roadside Unit (RSU) spoofing Variable Speed Limit (VSL) and phantom lane closure messages to connected and automated vehicles (CAVs). The results highlight the potential for cascading safety incidents and systemic operational degradation, as evidenced by the defined systemic operational and safety vectors, factors that are insufficiently addressed in the current scope of the ISO/SAE 21434 standard, which primarily focuses on individual vehicle-level threats. The findings underscore the need to incorporate systemic evaluation into existing frameworks to enhance cyber resilience across connected vehicle ecosystems. The framework complements ISO/SAE 21434 by supplying quantitative, reproducible evidence for the impact rating step at a systemic scale, reducing assessor subjectivity and supporting policy and operations, enabling more data-driven evaluations of systemic cyber risks. Journal Article Computers & Security 160 104729 Elsevier BV 0167-4048 1872-6208 Connected Vehicles; Automotive Cybersecurity; Threat Analysis and Risk Assessment; Impact Assessment; Simulation 1 1 2026 2026-01-01 10.1016/j.cose.2025.104729 COLLEGE NANME Mathematics and Computer Science School COLLEGE CODE MACS Swansea University Another institution paid the OA fee This work was supported by Coventry University, UK and the A*STAR Research Attachment Programme (ARAP), Singapore. 2025-11-19T11:11:46.0730344 2025-10-31T14:08:18.9593610 Faculty of Science and Engineering School of Mathematics and Computer Science - Computer Science Don Jayaratne 0000-0001-9493-5808 1 Qian Lu 0000-0001-8235-853x 2 Abdur Rakib 0000-0001-5430-450x 3 Muhamad Azfar Ramli 0000-0002-6321-0828 4 Rakhi Manohar Mepparambath 0000-0003-3308-7838 5 Siraj Shaikh 0000-0002-0726-3319 6 Hoang Nguyen 0000-0003-0260-1697 7 70806__35660__96d536c5cf584d9ea2a8d0e4407c0559.pdf 70806.VoR.pdf 2025-11-19T10:58:38.8334251 Output 3796723 application/pdf Version of Record true © 2025 The Author(s). This is an open access article under the CC BY license. true eng http://creativecommons.org/licenses/by/4.0/
title	A quantitative methodology for systemic impact assessment of cyber threats in connected vehicles
spellingShingle	A quantitative methodology for systemic impact assessment of cyber threats in connected vehicles Don Jayaratne Siraj Shaikh Hoang Nguyen
title_short	A quantitative methodology for systemic impact assessment of cyber threats in connected vehicles
title_full	A quantitative methodology for systemic impact assessment of cyber threats in connected vehicles
title_fullStr	A quantitative methodology for systemic impact assessment of cyber threats in connected vehicles
title_full_unstemmed	A quantitative methodology for systemic impact assessment of cyber threats in connected vehicles
title_sort	A quantitative methodology for systemic impact assessment of cyber threats in connected vehicles
author_id_str_mv	187e2e9d4a5bec923bfadcc9313708dc 50117e8faac2d0937989e14847105704 cb24d5c5080534dc5b5e3390f24dd422
author_id_fullname_str_mv	187e2e9d4a5bec923bfadcc9313708dc_*_Don Jayaratne 50117e8faac2d0937989e14847105704__Siraj Shaikh cb24d5c5080534dc5b5e3390f24dd422_**_Hoang Nguyen
author	Don Jayaratne Siraj Shaikh Hoang Nguyen
author2	Don Jayaratne Qian Lu Abdur Rakib Muhamad Azfar Ramli Rakhi Manohar Mepparambath Siraj Shaikh Hoang Nguyen
format	Journal article
container_title	Computers & Security
container_volume	160
container_start_page	104729
publishDate	2026
institution	Swansea University
issn	0167-4048 1872-6208
doi_str_mv	10.1016/j.cose.2025.104729
publisher	Elsevier BV
college_str	Faculty of Science and Engineering
hierarchytype
hierarchy_top_id	facultyofscienceandengineering
hierarchy_top_title	Faculty of Science and Engineering
hierarchy_parent_id	facultyofscienceandengineering
hierarchy_parent_title	Faculty of Science and Engineering
department_str	School of Mathematics and Computer Science - Computer Science{{{_:::_}}}Faculty of Science and Engineering{{{_:::_}}}School of Mathematics and Computer Science - Computer Science
document_store_str	1
active_str	0
description	The increasing integration of digital technologies in connected vehicles introduces cybersecurity risks that extend beyond individual vehicles, with the potential to disrupt entire transportation systems. Current practice (e.g., ISO/SAE 21434 TARA) focuses on threat identification and qualitative impact ratings at the vehicle boundary, with limited systemic quantification. This study presents a systematic, simulation-based methodology for quantifying the systemic operational and safety impacts of cyber threats on connected vehicles, evaluating cascading effects across the transport network. Three representative scenarios are examined: (I) telematics-induced sudden braking causing a cascading collision, (II) remote disabling on a motorway (M25) segment, and (III) a compromised Roadside Unit (RSU) spoofing Variable Speed Limit (VSL) and phantom lane closure messages to connected and automated vehicles (CAVs). The results highlight the potential for cascading safety incidents and systemic operational degradation, as evidenced by the defined systemic operational and safety vectors, factors that are insufficiently addressed in the current scope of the ISO/SAE 21434 standard, which primarily focuses on individual vehicle-level threats. The findings underscore the need to incorporate systemic evaluation into existing frameworks to enhance cyber resilience across connected vehicle ecosystems. The framework complements ISO/SAE 21434 by supplying quantitative, reproducible evidence for the impact rating step at a systemic scale, reducing assessor subjectivity and supporting policy and operations, enabling more data-driven evaluations of systemic cyber risks.
published_date	2026-01-01T18:11:26Z
_version_	1850692900477730816
score	11.08899

A quantitative methodology for systemic impact assessment of cyber threats in connected vehicles

Similar Items