A simulation framework for automotive cybersecurity risk assessment

Human-initiated disruptions such as cyberattacks on connected vehicles have the potential to cause cascading failures in transport systems, leading to systemic risks. 'ISO/SAE 21434:2021 Road vehicles- Cybersecurity engineering' is the current standard for risk management of road vehicles. However, the threat analysis and risk assessment framework given in the standard focuses on asset-level analysis and assessment. Hence, this study develops a novel simulation- based framework to perform threat analysis and risk assessment on connected vehicles from a transport network perspective. The proposed framework is developed based on the ISO/SAE 21434 threat analysis and risk assessment methodology. We demonstrate the applicability and usefulness of the framework through a remote attack via the cellular network on the in-vehicle communication bus system of a connected vehicle to show the potential impacts on the transport network. Based on the findings of our case studies, we exemplify how cyberattacks on individual system components of a connected vehicle have the potential to cause systemic failures.