The Threat Landscape of Connected Vehicles

Don Nalin Dharshana Jayaratne; Qian Lu; Abdur Rakib; Muhamad Azfar Ramli; Rakhi Manohar Mepparambath; Siraj Ahmed Shaikh; Hoang Nga Nguyen; Suraj Harsha Kamtam

The Threat Landscape of Connected Vehicles

Don Nalin Dharshana Jayaratne, Qian Lu, Abdur Rakib, Muhamad Azfar Ramli, Rakhi Manohar Mepparambath, Siraj Ahmed Shaikh, Hoang Nga Nguyen, Suraj Harsha Kamtam

Centre for Future Transport and Cities

Research output: Chapter in Book/Report/Conference proceeding › Conference proceeding › peer-review

Abstract

As connected vehicles (CVs) play an increasingly pivotal role in modern transportation, cybersecurity threats targeting these systems have become a critical area of concern. This study systematically identifies and classifies vulnerabilities from the National Vulnerability Database (NVD) and the Automotive Attack Database (AAD) using a semi-automated filtering process. Our analysis identifies a total of 508 vulnerabilities across these databases, which are categorised based on ISO/SAE 21434 impact categories: safety, financial, operational, and privacy. A key finding reveals that 14.6\% of these vulnerabilities have systemic implications, meaning they have the potential to cause widespread disruption across multiple vehicles or the broader transportation network. Furthermore, 45\% of the vulnerabilities are associated with remote attack vectors, significantly increasing the risk of large-scale exploitation. This research contributes an updated database of automotive vulnerabilities, providing a valuable resource for the cybersecurity community. The findings highlight the need to enhance current automotive cybersecurity standards, such as ISO/SAE 21434, to address the complex inter-dependencies and systemic risks within connected vehicle ecosystems.

Original language	English
Title of host publication	Poceedings of 16th International Conference on Global Security, Safety & Sustainability
Publisher	Springer
Pages	(In-Press)
Publication status	Accepted/In press - 4 Oct 2024
Event	16th International Conference on Global Security, Safety & Sustainability - Duration: 25 Nov 2024 → 27 Nov 2024

Conference

Conference	16th International Conference on Global Security, Safety & Sustainability
Abbreviated title	ICGS3-24
Period	25/11/24 → 27/11/24

Keywords

Automotive cybersecurity
Connected vehicles
National Vulnerability Database
Vulnerability classification
Vulnerability impact assessment

ASJC Scopus subject areas

Computer Science(all)

Themes

Security and Resilience

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

Embargoed Document

Paper_3___ICGS3_24_manuscript
Accepted author manuscript, 758 KB
Licence: CC BY-ND
Embargo ends: 29/05/25

Cite this

@inproceedings{3493b935c971474b83757c27a5acb661,

title = "The Threat Landscape of Connected Vehicles",

abstract = "As connected vehicles (CVs) play an increasingly pivotal role in modern transportation, cybersecurity threats targeting these systems have become a critical area of concern. This study systematically identifies and classifies vulnerabilities from the National Vulnerability Database (NVD) and the Automotive Attack Database (AAD) using a semi-automated filtering process. Our analysis identifies a total of 508 vulnerabilities across these databases, which are categorised based on ISO/SAE 21434 impact categories: safety, financial, operational, and privacy. A key finding reveals that 14.6\% of these vulnerabilities have systemic implications, meaning they have the potential to cause widespread disruption across multiple vehicles or the broader transportation network. Furthermore, 45\% of the vulnerabilities are associated with remote attack vectors, significantly increasing the risk of large-scale exploitation. This research contributes an updated database of automotive vulnerabilities, providing a valuable resource for the cybersecurity community. The findings highlight the need to enhance current automotive cybersecurity standards, such as ISO/SAE 21434, to address the complex inter-dependencies and systemic risks within connected vehicle ecosystems.",

keywords = "Automotive cybersecurity, Connected vehicles, National Vulnerability Database, Vulnerability classification, Vulnerability impact assessment",

author = "{Dharshana Jayaratne}, {Don Nalin} and Qian Lu and Abdur Rakib and Ramli, {Muhamad Azfar} and Mepparambath, {Rakhi Manohar} and Shaikh, {Siraj Ahmed} and Nguyen, {Hoang Nga} and Kamtam, {Suraj Harsha}",

year = "2024",

month = oct,

day = "4",

language = "English",

pages = "(In--Press)",

booktitle = "Poceedings of 16th International Conference on Global Security, Safety & Sustainability",

publisher = "Springer",

address = "United Kingdom",

note = "16th International Conference on Global Security, Safety & Sustainability, ICGS3-24 ; Conference date: 25-11-2024 Through 27-11-2024",

}

TY - GEN

T1 - The Threat Landscape of Connected Vehicles

AU - Dharshana Jayaratne, Don Nalin

AU - Lu, Qian

AU - Rakib, Abdur

AU - Ramli, Muhamad Azfar

AU - Mepparambath, Rakhi Manohar

AU - Shaikh, Siraj Ahmed

AU - Nguyen, Hoang Nga

AU - Kamtam, Suraj Harsha

PY - 2024/10/4

Y1 - 2024/10/4

N2 - As connected vehicles (CVs) play an increasingly pivotal role in modern transportation, cybersecurity threats targeting these systems have become a critical area of concern. This study systematically identifies and classifies vulnerabilities from the National Vulnerability Database (NVD) and the Automotive Attack Database (AAD) using a semi-automated filtering process. Our analysis identifies a total of 508 vulnerabilities across these databases, which are categorised based on ISO/SAE 21434 impact categories: safety, financial, operational, and privacy. A key finding reveals that 14.6\% of these vulnerabilities have systemic implications, meaning they have the potential to cause widespread disruption across multiple vehicles or the broader transportation network. Furthermore, 45\% of the vulnerabilities are associated with remote attack vectors, significantly increasing the risk of large-scale exploitation. This research contributes an updated database of automotive vulnerabilities, providing a valuable resource for the cybersecurity community. The findings highlight the need to enhance current automotive cybersecurity standards, such as ISO/SAE 21434, to address the complex inter-dependencies and systemic risks within connected vehicle ecosystems.

AB - As connected vehicles (CVs) play an increasingly pivotal role in modern transportation, cybersecurity threats targeting these systems have become a critical area of concern. This study systematically identifies and classifies vulnerabilities from the National Vulnerability Database (NVD) and the Automotive Attack Database (AAD) using a semi-automated filtering process. Our analysis identifies a total of 508 vulnerabilities across these databases, which are categorised based on ISO/SAE 21434 impact categories: safety, financial, operational, and privacy. A key finding reveals that 14.6\% of these vulnerabilities have systemic implications, meaning they have the potential to cause widespread disruption across multiple vehicles or the broader transportation network. Furthermore, 45\% of the vulnerabilities are associated with remote attack vectors, significantly increasing the risk of large-scale exploitation. This research contributes an updated database of automotive vulnerabilities, providing a valuable resource for the cybersecurity community. The findings highlight the need to enhance current automotive cybersecurity standards, such as ISO/SAE 21434, to address the complex inter-dependencies and systemic risks within connected vehicle ecosystems.

KW - Automotive cybersecurity

KW - Connected vehicles

KW - National Vulnerability Database

KW - Vulnerability classification

KW - Vulnerability impact assessment

M3 - Conference proceeding

SP - (In-Press)

BT - Poceedings of 16th International Conference on Global Security, Safety & Sustainability

PB - Springer

T2 - 16th International Conference on Global Security, Safety & Sustainability

Y2 - 25 November 2024 through 27 November 2024

ER -

The Threat Landscape of Connected Vehicles

Abstract

Conference

Keywords

ASJC Scopus subject areas

Themes

UN SDGs

Embargoed Document

Fingerprint

Cite this