Content uploaded by Shah Khalid Khan
Author content
All content in this area was uploaded by Shah Khalid Khan on Mar 12, 2025
Content may be subject to copyright.
Cybersecurity framework for connected and automated vehicles: A
modelling perspective
Shah Khalid Khan
a,b,*
, Nirajan Shiwakoti
b
, Peter Stasinopoulos
b
, Yilun Chen
c
,
Matthew Warren
a,d
a
Centre for Cyber Security Research & Innovation, RMIT University, Australia
b
School of Engineering, RMIT University Melbourne, Australia
c
Simulation and Modelling Team, Transport for New South Wales, Sydney Australia
d
RMIT University Australia & University of Johannesburg, South Africa
ABSTRACT
Connected and Automated Vehicles (CAVs) cybersecurity is an inherently complex, multi-dimensional issue that goes beyond isolated hardware or software vul-
nerabilities, extending to human threats, network vulnerabilities, and broader system-level risks. Currently, no formal, comprehensive tool exists that integrates these
diverse dimensions into a unied framework for CAV cybersecurity assessment. This study addresses this challenge by developing a System Dynamics (SD) model for
strategic cybersecurity assessment that considers technological challenges, human threats, and public cybersecurity awareness during the CAV rollout. Specically,
the model incorporates a novel SD-based Stock-and-Flow Model (SFM) that maps six key parameters inuencing cyberattacks at the system level. These parameters
include CAV communication safety, user adoption rates, log le management, hacker capabilities, understanding of hacker motivations (criminology theory
maturity), and public awareness of CAV cybersecurity.
The SFM’s structure and behaviour were rigorously tested and then used to analyse ve plausible scenarios: i) Baseline (Technological Focus Only), ii) Under-
standing Hacker Motivations, iii) CAV User and OEM Education, iv) CAV Penetration Rate Increase, and v) CAV Penetration Rate Increase with Human behaviour
Analysis. Four metrics are used to benchmark CAV cybersecurity: communication safety, probability of hacking attempts, probability of successful defence, and
number of CAV adopters. The results indicate that while baseline technological advancements strengthen communication framework robustness, they may also create
new vulnerabilities that hackers could exploit. Conversely, a deeper understanding of hacker motivations (Criminology Theory Maturity) effectively reduces hacking
attempts. It fosters a more secure environment for early CAV adopters. Additionally, educating CAV users and OEM increases the probability of defending against
cyberattacks. While CAV penetration increases the likelihood of hack defence due to a corresponding rise in attempts, there is a noticeable decrease in hacking
attempts with CAV penetration when analysing human behaviour. These ndings, when translated into policy instruments, can pave the way for a more optimised
and resilient cyber-safe ITS.
1. Introduction
Deploying Connected and Automated Vehicles (CAVs) is a unique
opportunity for the transport industry’s vendors, regulators, and cus-
tomers to reassess the understanding, interpretation, and architecture of
Intelligent Transportation Systems (ITS). Indeed, CAVs would revolu-
tionise many of the inherent dynamics governing transport systems by
streamlining and optimising their deployment. The key driver behind
these innovations is pervasive external and internal connectivity (data,
controls, and commands). This digital transformation has resulted in
new partnerships between technology companies and traditional auto-
makers, extending illicit activities in both the cyber and physical
spheres. The majority of car network protocols were developed prior to
automobiles being connected and therefore lack cybersecurity
measures.
There is no general characterisation of a cybersecurity breach nor a
denitive list of threats. Sophisticated cybersecurity attacks often do not
have an end. The challenge is to safeguard CAVs against all types of
cyber threats. Any single incident or sequence of events that imperil the
availability, reliability, condentiality, authentication, robustness,
trustworthiness, and integrity of CAV’s digital information could lead to
unexpected attack scenarios, posing severe risks to infrastructure and
CAV users (Khan et al., 2020).
A successful cyber-attack on CAV has two major repercussions: an
invasion of privacy and compromised safety. Safety hazards include
system malfunctions, incorrect speed and location values, failure in
object detection, trafc congestion, deceptive toxic signs, and compro-
mised longitudinal safety and vehicle control (Yan et al., 2016). Privacy
* Corresponding author. School of Engineering, RMIT University, Melbourne, Australia, 3000.
E-mail address: shahkhalid_k@yahoo.com (S.K. Khan).
Contents lists available at ScienceDirect
Transport Policy
journal homepage: www.elsevier.com/locate/tranpol
https://doi.org/10.1016/j.tranpol.2024.11.019
Received 28 May 2024; Received in revised form 23 November 2024; Accepted 23 November 2024
Transport Policy 162 (2025) 47–64
Available online 24 November 2024
0967-070X/© 2024 The Authors. Published by Elsevier Ltd. This is an open access article under the CC BY license (
http://creativecommons.org/licenses/by/4.0/ ).
concerns arise on three fronts. First, at the consumer level: autonomy
and surveillance of CAV users. Secondly, proximity espionage occurs
through monitoring individuals in the vicinity by CAV sensors (radar,
lidar, laser, camera), resulting in a signicant invasion of privacy. The
monitoring encompasses a comprehensive 360-degree observation of
body movement and bio-signalling data, enabling the identication of
individuals (Miller et al., 2020). For example, citing concerns about
sensor spying, the Chinese military banned Tesla cars (Aljazeera, 2021).
Thirdly, the vendor’s intellectual property is at risk, as seen in cases like
the guilty plea of an individual involved in a Tesla ransomware plot in
the United States (BBC, 2021).
Security researchers have demonstrated that the Nissan Leaf is
vulnerable to remote hacking due to weaknesses in the vehicle’s
Application Programming Interfaces (APIs) provided by the manufac-
turer. By exploiting these APIs alongside the easily accessible Vehicle
Identication Number (VIN), attackers could potentially gain control
over features such as climate control and heated seating (Coyne, 2016).
Similarly, Fiat Chrysler issued a safety recall affecting 1.4 million ve-
hicles in the US after security researchers revealed that one of its cars
could be hacked (BBC, 2015).
Software vulnerability in the Tesla AV precipitated leakage of sen-
sitive data (Prevost and Kettani, 2019). Vulnerabilities within the
routing table and non-encrypted communications resulted in erroneous
GPS positioning in the Google vehicle (Hirz and Walzel, 2018). The
Mitsubishi Outlander experienced a breach through an insecure
messaging protocol, leading to arbitrary light activation, deactivation,
and disabling of anti-theft alarms (Jagielski et al., 2018). In a similar
incident, hackers integrated spyware into the on-board diagnostic parts,
disabling the BMW vehicle’s diagnostic system (Tan et al., 2017).
Therefore, cybersecurity for CAVs is essential for mitigating cyber-
attacks and deterring safety and privacy implications.
1.1. The contribution and scope of the study
The cybersecurity of CAVs poses a complex, multifaceted challenge
that extends beyond hardware or software integration. It encompasses a
range of interconnected factors across all CAV-based Intelligent Trans-
portation Systems (ITS) elements. A comprehensive tool for system-level
cybersecurity risk assessment remains absent. Existing models and
mitigation methods typically focus on isolated aspects or specic sce-
narios, failing to capture the broader, interconnected nature of CAVs
within ITS. This study addresses this challenge by developing an SD
model for strategic cybersecurity assessment that considers technolog-
ical challenges, human threats, and public cybersecurity awareness
during the CAV rollout. Specically, the model incorporates a novel SD-
based Stock-and-Flow Model (SFM) that maps six key parameters
inuencing cyberattacks at the system level. These parameters include
CAV communication safety, user adoption rates, log le management,
hacker capabilities, understanding of hacker motivations (criminology
theory maturity), and public awareness of CAV cybersecurity.
While SD is an established modelling approach, its application to this
strategic cybersecurity challenge within the context of CAVs is novel. By
examining these interactions, our model offers valuable insights into the
emergent nature of cybersecurity risks, the long-term indirect effects of
cyber threats, and the role of policy resistance. Furthermore, it provides
actionable recommendations for vendors and regulators, including the
need for enhanced automated protections, robust public awareness
programs, and systematic policies for managing data logs—areas that
have been underexplored in existing models.
This study highlights the critical role of proactive, system-wide risk
management strategies as CAV deployment accelerates, increasing
exposure to potential cyberattacks. Our model identies technological
and human vulnerabilities and emphasises the importance of mitigating
these risks through an integrated, dynamic approach that can evolve
alongside CAV adoption.
1.2. Structure and guide to the acronym
The following section discusses approaches to assessing the cyber-
security of CAVs. Section 3outlines the methodology adopted, elabo-
rating on the dynamic aspects of CAV’s cybersecurity and introducing
SD modelling and its strengths for evaluating CAVs’ cybersecurity. Then,
in Section 4, we described the structure of SFM, i.e., the scope, signi-
cance, relevance, and impact of each factor in the cybersecurity para-
digm of CAVs. Model testing is the focus of Section 5. Furthermore,
Section 6discusses the ndings of the simulations, followed by a dis-
cussion and policy recommendations. Finally, in Section 8, the limita-
tions and future extensions are described.
Table 1 lists the acronyms used in this study.
2. Overview of CAVs cybersecurity assessment approaches
Several academic and industry experts have worked to synthesise the
cybersecurity of automobiles. Typically, two methods may be employed:
simulating cyberattacks or cyber threats on an operational testbed or on
a live system (Van et al., 2010; Veksler et al., 2018). While CAV testing
on public roads is still in its developmental stages globally, companies
such as Waymo and Cruise have launched self-driving taxis for public
use in select locations in the USA, including Arizona and San Francisco
(Chari, 2024). However, large-scale deployment is still to be done.
Therefore, the latter approach is challenging to deploy and unworkable.
Similarly, the former required enhanced data access and collection,
robust behavioural simulation models (Kavak et al., 2021), and security
specialists to create well-designed cyber-attack scenarios (Yoo et al.,
2020).
Schmidt et al. (Schmidt et al., 2014) proposed a security analysis
technique for identifying and prioritising security vulnerabilities.
However, the study takes an analytical approach to networked con-
nections. It lacks an inter-avenue assessment, such as a concurrent
assessment of the technological impact on CAVs’ cybersecurity and
hackers’ capability. Similarly, Ward et al. (Ward et al., 2013) described
an approach for assessing security risks in the automotive sector: threat
analysis and risk assessment based on the HARA. Likewise, the authors
(Macher et al., 2015) proposed a hybrid strategy, SAHARA, combining
the automotive HARA and security domain STRIDE approaches, which
elaborates on the inuence of security concerns on system-level safety
ideas. However, the study lacks a simultaneous assessment of various
parameters from different avenues, such as the impact of CAV data les
Table 1
Abbreviation list.
Abbreviation Explanation
ABM Agent-Based Modelling
APIs Application Programming Interfaces
BDM Bass Diffusion Mode
CAVs Connected and Automated Vehicles
CAVs-CS CAVs Communication Safety
CMT Criminology Theory Maturity
CV Conventional Vehicle
DES Discrete Event Simulation
eSTU eSafety Trafc Unit
HARA Hazard Analysis and Risk Assessment
ITS Intelligent Transportation Systems
MCS Monte Carlo Simulation
NM Network Modelling
PHA Probability of Hacking Attempts
PHD Probability of Hacks Defended
SD System Dynamics
SFM Stock-and-Flow Model
STRIDE Spoong, Tampering, Repudiation, Information disclosure, Denial of
service and Elevation of privilege
TM Technological Maturation
TRM Technology Readiness and Maturity
V2X Vehicle-to-Everything
S.K. Khan et al.
Transport Policy 162 (2025) 47–64
48
on hackers’ capabilities as well as an input to CAV technological
advancement.
Burzio et al. (Burzio et al., 2018) presented a ranking-based high--
level description of CAVs cybersecurity certication by two approaches:
i) vehicle safety, the Euro New Car Assessment Programme assessment,
and ii) a proposed cybersecurity ranking approach: assessment of the
components, subsystems, and topology of the connection will result in a
ranking of the overall system. However, the paper only covers a
high-level hierarchy from a cyber security perspective in the automotive
industry and lacks focused methods for covering this issue in-depth. The
authors (Raiyn, 2018) suggested a cyber-attack defence paradigm based
on iris recognition that utilises biometric data for message authentica-
tion and safe transmission. Nevertheless, the study is focused on ow-
charts and is based on a single avenue of analysis–CAVs communication.
Sheehan et al. (Sheehan et al., 2019) proposed a CAV cyber-risk
classication model by encompassing software vulnerabilities in the
United States Vulnerability Database. However, this is single0narorwd
focus data base and the model’s validity is still to be tested for ranking
and classifying cyberattacks in the ITS. Khan et al. (Khan et al., 2023a)
have recently conducted a dynamic assessment of regulation and CAVs
adoption; however, the study primarily focuses on cyber regulation.
Furthermore, there is a paucity of concurrent research into the inter-
connected characteristics of ITS components. Understanding this is
crucial as CAVs will navigate dynamic environments, presenting sub-
stantial technical hurdles and escalating system complexity.
3. Methodology
The most difcult challenge is developing and implementing a robust
cybersecurity system for CAVs. Addressing this entails numerous inter-
linked factors of diverse nature, absent of empirical data. Developing
future insights amid such uncertainty is an alternate strategy. We have
chosen SFM: an approach used to analyses complex, interrelated, and
uncertain CAV technology and to explore the cybersecurity implications
of CAVs on system-level (Sterman, 2000; Stasinopoulos et al., 2020;
Khan et al., 2024a, 2024b). SD is employed to evaluate the cybersecurity
of Level 4 (and above) CAVs adhering to a functional pathway. The
variables and their correlation in the model are based on established
innovation theory, a meta-investigative quantitative review of the
literature (post-2010), sourced from a various sources, including books,
academic databases, industry reports and PhD theses, supported by
forward and backward snowballing (Hidalgo and Albors, 2008). This
culminated in recognising key domains at the heart of CAVs
cyber-security study: CAVs Communication Safety (CAVs-CS), CAV
Adopters, Hacker’s Capability, Log les, Criminology Theory Maturity
(CMT), and Public CAVs Cyber Safety Awareness.
To benchmark and evaluate cybersecurity in CAVs across different
scenarios, four measures are used: i) CAV adopters, ii) PHA (Probability of
Hacking Attempts), CAVs-CS, and iv) PHD (Probability of Hacks Defended).
The CAVs-CS serves as the primary defense against cyber threats and
demonstrates the increased resilience of technological advancement.
The PHD is important to investigate because a signicant portion of
defended hacks reduces the prevalence of successful cyberattacks. In
addition, the PHA is crucial to synthesise because an increase in hacking
attempts indicates an increase in successful breaches of CAV connec-
tivity, which hinders the adoption of CAVs.
The work on cyber breaches against CAVs (Khan et al., 2020),
cybersecurity evaluation frameworks for CAVs (Khan et al., 2021a,
2023a), and empirical examination of perceived cyber risks to CAV
rollout (Khan et al., 2023b, 2024c) enabled to reconstruct the in-
terrelations of various cybersecurity factors and served as the founda-
tion for the present study. Other aspects, such as regulatory laws or trust,
are beyond the scope of this study. The selection is primarily motivated
by the need for a restricted boundary for assessing a small number of
variables and the non-geographic nature of the SD model; however,
these aspects warrant further study.
3.1. The rationale for using SD-based SFM
CAV technology is evolving, enabling dynamic complexities. It has
the characteristics of paradoxical behaviour: the various components
that facilitate CAV’s cyber protection are interlinked, feedback-driven,
and non-linear; a change in a single parameter triggers further behav-
iour, leading to a new scenario that affects subsequent decisions (Khan
et al., 2021a). Secondly, the cybersecurity of CAVs can be linked to a
chain, wherein the efcacy of the entire link is contingent upon the
robustness of its accompanying links. The robustness of technological
components, human threats, and consumer cyber-behaviour are just a
few of the links in the chain that make up CAV’s cybersecurity (Sarriegi
et al., 2006). "Nested complexity" exists when a well-organised gov-
erning system (, i.e., ITS) and regulatory framework (regulators/policy
makers) regulate a physical system (CAV) that is confronted with
contemporary challenges. An unconditional, technology-driven
deployment of CAVs might conict with social and environmental sus-
tainability goals. Moreover, uncertainty and technical concerns are
incorporated into CAV technology (Tan and Taeihagh, 2021).
Dynamic facets of CAVs cybersecurity could be investigated by
Agent-Based Modelling, simulation-based models (Nazareth and Choi,
2015), queueing theory, risk assessment and threat analysis (Ward et al.,
2013), or security domain STRIDE approaches (Macher et al., 2015).
However, these unidirectional models are incapable of explaining par-
adoxical behaviour, are difcult to apply to large and complex systems,
lack inter-avenue feedback, and are inadequate in design situations
where data is scarce. Therefore, to model the history-dependent, adap-
tive, counter-intuitive, and policy-resistant characteristics of CAVs
cybersecurity, SFM provides a valuable framework for comprehending
and understanding challenges. Indeed, SFM facilitates the exploration of
potential scenarios, fostering the development of a unied array of
potent cybersecurity strategies aimed at addressing uncertain CAV
technological challenges.
SD approaches, developed in the early 1960s, provide a solid theo-
retical foundation for understanding the operation of complex systems
(Sterman, 2000). Notably, SD approaches have been employed to scru-
tinise and evaluate a broad range of complex systems, encompassing
information security (Nazareth and Choi, 2015), cybersecurity (Sarriegi
et al., 2006), and highway congestion (Goodman, 1974). Within the
CAV literature, the application of the SD approach predominantly cen-
tres on the integration of driverless cars into ITS (Stanford, 2015). By
employing the SD approach, Gruel and Stanford (2016) assessed the
long-term consequences of automated vehicles, while Nieuwenhuijsen
et al. (Nieuwenhuijsen et al., 2018) scrutinised the long-term diffusion
of automated vehicle technology. In a similar vein, Puylaert et al.
(Puylaert et al., 2018) examined preliminary forms of automated driving
using SD methodology. Furthermore, Stasinopoulos et al. (Stasinopoulos
et al., 2020) explored the repercussions of CAV adoption on greenhouse
gas emissions.
Table 2compares SD and other potential modelling approaches, such
as Agent-Based Modelling, Discrete Event Simulation, Network Model-
ling, Monte Carlo Simulation, Hazard Analysis and Risk Assessment, and
STRIDE. This comparison illustrates SD is particularly suited for system-
level cybersecurity assessments in CAVs over these other approaches.
4. The development of the SFM
In the realm of system dynamics, two pivotal concepts are the "sys-
tem" itself and the notion of "system change" (Sterman, 2000). A system
is a cohesive whole consisting of various constituent elements that
operate in conjunction to full functions that may not be readily
discernible from the functioning of individual components (Hirsch et al.,
2007). The CAV-based ITS system requires the collaboration of multiple
stakeholders (automakers, communication service providers, and con-
sumers). Notably, the seamless operation of CAVs heavily relies on
interactive coordination and collaboration with ITS communication
S.K. Khan et al.
Transport Policy 162 (2025) 47–64
49
Table 2
SD vs Different Model comparison for CAVs cybersecurity assessment.
Aspect System Dynamics (SD) (
Sterman, 2000; Khan et al.,
2022)
Agent-Based Modelling
(ABM) (Macal and North,
2005)
Discrete Event Simulation
(DES) (Günal and Pidd,
2010)
Network Modelling (NM) (
Smith, 2013)
Monte Carlo Simulation
(MCS) (Fagade et al.,
2017)
Hazard Analysis and
Risk Assessment
(HARA) (Macher et al.,
2015)
Spoong, Tampering,
Repudiation, Information
disclosure, Denial of service
and Elevation of privilege
(STRIDE) (Abuabed et al.,
2023)
Approach Continuous Discontinuous Discrete Discrete or Continuous Stochastic, Random
Sampling
Risk-Based, Structured Threat-Based, Structured
Level Macroscopic Microscopic Both (Micro/Macro) Microscopic or Mesoscopic Macroscopic System-Level Component/Threat-Level
Perspective Aggregated (e.g., overall
cybersecurity trends)
Disaggregated (e.g.,
individual vehicle
behaviours)
Process-Oriented (e.g.,
event sequences in
attacks)
Structural Relationships (e.
g., network topologies)
Probabilistic Outcomes (e.
g., likelihood of breaches)
Safety and Risk
Evaluation
Identifying Threats across
System Components
Central Concept Feedback loops (e.g.,
cybersecurity policies, threat
escalation)
Objectives, rules (e.g.,
attacker and defender
strategies)
Events and Resources (e.
g., intrusion detection,
response times)
Nodes, Edges (e.g., V2X
communication paths,
attack vectors)
Probability Distributions
(e.g., attack success rates)
Potential Hazards (e.g.,
V2X security, vehicle
control systems)
Attack Vectors (e.g.,
communication protocols,
system interfaces)
System
Components
Stocks and ows (e.g., attack
surfaces, threat levels)
Agents and relations (e.g.,
vehicles, attackers, defence
systems)
Entities, Events (e.g.,
cybersecurity incidents,
response protocols)
Nodes, Links (e.g., CAVs,
communication channels)
Variables, Probabilistic
Models (e.g., system
vulnerabilities)
Hazard Identication
and Risk Control
Attack Tree Models, Threat
Matrices
Simulation
Engine
Integration of time steps (e.g.,
gradual evolution of threats)
Event-based scheduling (e.
g., simulation of attack/
defence scenarios)
Event-based scheduling
(e.g., time-triggered cyber
events)
Path-based Analysis (e.g.,
network penetration
analysis)
Random Sampling with
Repeated Trials (e.g.,
scenario testing)
Hazard Analysis, Risk
Prioritisation
Threat Impact Analysis, Risk
Scoring
Mathematics Differential equations (e.g.,
modelling the dynamic
behaviour of threats and
defences)
Objective functions (e.g.,
optimising defence
strategies)
Probability distributions
(e.g., modelling event
likelihoods)
Graph Theory (e.g., network
robustness analysis)
Statistical Analysis (e.g.,
estimating risk exposure)
Risk Formulas, Safety
Margins
Threat Impact Analysis, Risk
Scoring
Behaviour Centralised system behaviour
(e.g., overall system response
to threats)
Decentralised individual
behaviour (e.g., interactions
between vehicles, hackers)
Sequential processing (e.
g., sequence of cyber
events)
Network Formation (e.g.,
communication network
vulnerabilities)
Uncertainty Modelling (e.
g., predicting the success
of cyberattacks)
Identifying and
mitigating potential
failure points
Categorising and addressing
threats based on STRIDE
elements
Suitability for
System-Level
CAV Security
Highly suitable for system-level
cybersecurity assessments
because it models system-wide
feedback loops, accumulations,
and information ows.
Less effective for high-level,
system-wide CAV security
evaluations. Suitable for
exploring specic attacker or
vehicle interactions.
Primarily deals with
discrete events. Effective
for specic incidents but
doesn’t capture broader
system dynamics.
Useful for analysing network
vulnerabilities but lacks
system-wide modelling of
the evolving cybersecurity
landscape.
Effective for estimating
probabilities and risks but
doesn’t provide a holistic
view of system-wide
interactions.
Valuable for risk
assessment but lacks
continuous modelling
of dynamic system
behaviour.
Focused on identifying and
addressing specic threats, not
on modelling the entire CAV
security ecosystem.
S.K. Khan et al.
Transport Policy 162 (2025) 47–64
50
service providers, underscoring the apparent nature of their
involvement.
"Systems change" refers to changes in a system’s structural, rela-
tional, and institutional makeup and its subsystems that address the root
causes of a problem. From a system dynamics standpoint, efforts to
implement system change must consider how system components are
linked together, not just what they are, because component coupling
enables the identication of fundamental causes of issues (Hirsch et al.,
2007). Moreover, by analysing the connection of system components,
one may explain why certain system change attempts result in no visible
change while others result in change that is contrary to our desires and
intentions (Khan et al., 2021b).
This study introduces an SFM to gauge the impacts of various factors
on CAV cybersecurity, illustrated in Fig. 1, which demonstrates the high-
level interactions among six key elements of the proposed architecture
of CAVs cybersecurity SFM: CAVs Communication Safety, CAV
Adopters, CAVs Logles, CAVs Hacker’s Capability, CAVs Criminology
Theory Maturity (CMT), and Public CAVs Cyber Safety Awareness. Each
element’s detailed architecture description, including the relationships
between different components is explained in detail in respective sub-
sections. The model is developed within the system dynamics frame-
work, with key parameters represented as Stocks (levels) and Flows
(rates), where Stocks accumulate or deplete based on incoming or out-
going Flows over time.
In the SFM, Stocks can be metaphorically envisioned as "reservoirs"
that hold resources or values over time. For instance, in the case of
Technology Readiness and Maturity (TRM), this stock accumulates tech-
nological advancements over time as new technologies are introduced
and mature. Squares symbolise stocks, and their values are determined
by the net effect of the Flows, represented by double-lined arrows. For
example, the Technological Maturation (TM) ow governs the rate at
which TRM changes.
Mathematical relationships between Stocks and Flows govern the
dynamics of the system. The basic equation governing the relationship
between a Stock and its inows and outows is presented in Equation
(4.1). The equation integrates the difference between inows and out-
ows over time alongside the initial value of the stock:
Stock(n) = n
n0[inflow(n) − outflow(n)]dn +Stock(n0)Equation. 4.1
The values of the stocks evolve based on the accumulation of the
inows and outows. Positive inows lead to an increase in the stock’s
value, while negative inows (or positive outows) cause the stock to
decrease. This dynamic behaviour is essential for understanding how
key parameters such as TRM or CAV Adoption change over time and
how they inuence CAV cybersecurity outcomes.
In system dynamics modelling, the differentiation between Stocks
(representing accumulations or states) and Flows (representing activ-
ities or processes that inuence the stock values) is critical. For example,
in the context of this study, stocks such as "CAV Adoption" or "Public
Cyber Safety Awareness" aggregate over time-based on inows like
"Adoption Rate" or "Awareness Campaigns." Meanwhile, exogenous pa-
rameters, such as external policies or technological advancements, are
treated as xed or variable inputs that impact the system but are not part
of the internal feedback mechanisms.
Additionally, the model includes various dependencies between
Fig. 1. The proposed architecture of CAVs cybersecurity SFM.
S.K. Khan et al.
Transport Policy 162 (2025) 47–64
51
variables, indicated by single-lined arrows, representing either positive
(increasing) or negative (decreasing) relationships. The ’tap’ symbol in
the diagrams signies ow rates—how fast certain changes occur—-
while the ’cloud’ symbol represents innite sources or drains, indicating
factors beyond the system boundary, such as external resources or global
technological trends.
In this specic case, the model captures the interactions between
variables like CAV cybersecurity (CAV-CS), log les, hackers’ capabilities,
CAV adoption, CMT, and public cyber safety awareness. The process
through which these variables affect the overall cybersecurity of CAV
systems is elaborated in subsequent sections, detailing the specic
mechanisms by which ows alter the state of the stocks and how system
feedback loops inuence long-term behaviour.
4.1. The CAVs communication safety
The primary enabler of cybersecurity is CAVs Communication Safety
(CAVs-CS). The mechanism by which CAVs-CS mature is illustrated in
Fig. 2. CAVs Technology Readiness and Maturity (TRM) is a fuzzy concept
that lacks direct measurement. Nevertheless, it is conceivable to map
variables to enable the precise measurement of factors inuencing
CAVs’ technological maturity through empirical observations. Albert
(2016) ’s operationalised approach, which is subsequently based on the
S&D Model (Sommerlatte and Deschamps, 1985), is used to assess TRM.
The CAVs Technological Maturation (TM) is the process of continuously
de-risking the operation of CAVs in ITS. TM growth is a function of
Research and Development, Resources, Processes, and Information (Li et al.,
2019).
Businesses and academic institutions make steady progress towards
trial versions of emerging technologies by carefully allocating R&D re-
sources to the most exciting projects and taking calculated risks (Cho
et al., 2016). The proximity of diverse resources and collaborators
within each hub fosters a greater capacity for innovation. The Australian
Defence Science and Technology Group identied nine maturity levels
for gauging technologies during a program’s acquisition phase
(Australia- Goverment, 2020). CAVs Communication Cyber Safety Stock
Max enables diminishing returns, i.e., increasing input results in
diminishing gains in output. CAVs TRM improves V2X Communication
Security, resulting in Robustness Enhancement–the deterrence of cyber-
attacks (Khan et al., 2020; Vimmerstedt et al., 2015). The Log File
Preservation (including lessons learned) is a useful input to Information.
Initial Maturation Availability is the initial non-zero value of the CAVs
TRM.
Schumpeter (1939) classical theory identied three components of
technological change: i) invention-creation of a new concept, ii)
innovation-development of the concept, and iii) diffusion-dissemination
of the product, i.e., deployment of V2X Communication Security for
Robustness Enhancement in Fig. 2. A more resilient network will improve
CAVs-CS, make it difcult for hackers to inltrate, and lower the PHA
(Tu et al., 2019; Qiu et al., 2019). CAVs-CS will enable a CAVs cyber risk
management lifecycle, including automated protection (layering,
patching, and backup) and a risk-based approach to resilience. Addi-
tionally, it insulates against CAVs physical or proximity access attacks.
Furthermore, if institutions that create norms and standards for how to
utilise knowledge do not embrace it effectively, knowledge may be
disregarded or devalued. (Lundvall, 2010). Appendix A outlines the
parameters and expressions of the model.
4.2. CAV adopters
With more CAVs on the road, ITS technology will become mature and
widespread. On the other hand, as more CAVs hit the road, threats will
increase, hackers experiment with new revenue streams. Stasinopoulos
et al. (Stasinopoulos et al., 2020) ’s methodology is employed to mea-
sure CAV Adopters, as depicted in Fig. 3. Regarding adoption, the Bass
Diffusion Mode (BDM) aptly represents CAVs penetration; it permits
individuals to adopt CAVs without discarding them (Sterman, 2000).
CAV Adopters’ assembly depends on non-CV user induction and Conven-
tional Vehicle (CV) approval. The BDM’s two crucial parameters are: i)
the product’s appeal—the innovation coefcient, and ii) product’s
attractiveness — imitation coefcient. The process is comparable to
generating an S-shaped curve, where a sizable segment becomes early
adopters as the technology progresses; once the technology matures
sufciently, another subset of the populace persists in embracing the
technology. The group of CV Adopters hinders Adoption from Innovation
to those embracing CAVs. The CV Adopters are determined by the dif-
ference among the CV adopters
initial
and cumulative shift in adoption.
The impact of Innovation and Imitation on Induction and Adoption
could be depicted as a slow or fast scenario, respectively (Shabanpour
et al., 2018), while the overall quantity of Car Adopters is determined by
summing up the numbers of CAV and CV Adopters. Additionally, Non-car
Adopters are the population segment most prone to adopt CAVs due to
their accessibility. This group encompasses public transport users, cy-
clists, children, and seniors (Stasinopoulos et al., 2020). Furthermore,
successful cyber-attacks will negatively affect the product’s (CAV)
Adoption and Imitation, while CAVs-TRM acts as an incentive for Inno-
vation. Appendix A delineates the model parameters and expressions.
4.3. Log les
The main data sources for network visibility in CAV functioning are
Log Files. These les document all operations of CAVs executed in ITS,
including user behaviour, computing dataow, and communication
signals. Keeping Log Files for a certain amount of time in cloud
computing environments can enhance the cybersecurity resilience of
CAVs, bolster the effectiveness of ADAS, and offer substantial data
Fig. 2. The CAVs communication safety (CAVs-CS).
S.K. Khan et al.
Transport Policy 162 (2025) 47–64
52
inputs for informational purposes (Prasad and Rohokale, 2020), as
demonstrated in Fig. 4. In the same vein, Log Files are crucial data as-
semblies, notably in cyber forensic analysis (Kent, 2016). They could aid
in reducing harm by supporting evidence for assigning insurance re-
sponsibility and advancing future collision prevention tactics
(Dimitriadis et al., 2020). In addition, cyberattacks facilitate Learning
Experiences or the control and essence of hackers’ motivations. A typical
example is the reconguration of vehicle safety after a crime – imple-
menting car alarms, immobilisers, and central locking to deter vehicle
theft. However, the preservation of CAVs Log Files presents a
risk—valuable information for cybercriminals, especially when log les
are leaked. Appendix A describes the model parameters and expressions.
4.4. The Hacker’s capability
The emergence of CAV technology, a mobile CPS, introduces a new
domain where cyber assailants, often called "contemporary pirates,"
would operate. Fig. 5 represents Hackers’ Capability strategies, encom-
passing a diverse spectrum of experts leveraging their technical exper-
tise within a digitised environment to accomplish specic objectives.
Hackers can be classied into three main types: i) those driven by per-
sonal or monetary motives, who breach digital devices and networks,
and may engage in activities such as espionage, exhibitions, or simply
seeking thrills; ii) those contracted or employed by organisations and
governmental entities to serve as technical experts, assessing vulnera-
bilities through ethical hacking practices; and iii) hacktivists, who
employ hacking techniques to further ideological or political causes
(Seebruck, 2015; Zhang et al., 2015). The likelihood of a cyberattack on
CAVs is inuenced by various factors, including the allure of the target,
the motivations of the attackers, the perceived vulnerability of the in-
tellectual assets associated with CAVs, and the preventive measures
implemented within the ITS (Aryee, 2020; Choi et al., 2020). The
Hacker’s Motivation plays a signicant role in enhancing their capabil-
ities. At the same time, other contributing factors include the Capability
per CAV Log File, the Technical Advancements of hackers, and CAVs
Inltration Caveats.
As the count of CAV adopters increases on the road, criminals
relentlessly search for new sources of income, making it easier for
hackers to discover Inltration Caveats (Huq et al., 2017; Ghadi et al.,
2020). The Hacker’s Technical Advancement is an inadvertent aftermath
of CAV-CS, constrained by the Hacker’s Accessibility, as shown in Fig. 5.
Similarly, the Leaked log le enables hackers to conduct cyberattacks.
Hacker’s Capability Max permits diminishing returns; as the maximum
value is reached, the improvement will be minimal at a high cost.
Capability Depreciation refers to the gradual decline in the Hacker’s
Capability over time (Lundvall, 2010), limited by the Capability Lifetime.
Furthermore, an increase in the Hacker’s Capability causes an increase in
the PHA, which CMT may constrain. Appendix A describes the model
Fig. 3. CAVs adopters.
Fig. 4. Log les (CAVs).
S.K. Khan et al.
Transport Policy 162 (2025) 47–64
53
expressions and parameters.
4.5. CAVs criminology theory maturity
Indeed, crime design is often an afterthought for new technology,
and CAV is no different. The pervasiveness of CAVs connectivity expands
the scope of crimes committed in both cyberspace and physical space in
ITS. Various theories illustrating the rapidly changing, dynamic, and
expanding environment for transportation-related criminal possibilities
are: technology life cycles, the social construction of technology, market
replacement approaches, economic path dependency, and the most
straightforward one—Routine Activity Theory (RAT) (Newton, 2017).
The use of RAT is a powerful technique for reducing hacker capabilities
and the cyber risks posed by CAVs (Kennedy et al., 2019).
The Criminology Theory Maturation is contingent on the eSafety Trafc
Unit (eSTU), CAV Users’ Synthesis, and Knowledge of CAV Attackers’
Characteristics, as shown in Fig. 6. The CAV adopter facilitates mounting
up the essential knowledge for synthesising Users’ Synthesis, utilising
their existing expertise and evolving knowledge of CAV operations to
counter criminal activity in the ITS domain through the eSTU. Knowl-
edge of CAV cyberattackers’ characteristics (intentions or behaviours), i.
e., poor socioeconomic position, hyperactivity, dark triad personality
traits, and socialisation towards law-breaking behaviour reduces the
probability of an attack (King et al., 2018; Holt et al., 2010). Further-
more, CAVs CMT provides a good baseline for Awareness Enhancement in
Public CAV Cyber Safety Awareness. Appendix A describes the model
expressions and parameters.
4.6. Public CAVs cyber safety awareness
Road safety now encompasses a new area of concern: the cyberse-
curity of CAVs. In this context, human vulnerability is the most probable
cause of a successful cyberattack. To address this issue, researchers
specialising in human factors and psychology can contribute to
improving CAV cybersecurity by exploring ways to minimise the risk of
successful attacks. This exploration would incorporate a human-centred
approach considering the adversary’s ability to choose the type of as-
sault. According to Trend Micro, a staggering 91 per cent of successful
cyberattacks originate from the weakest link in the system—the human
element (TrendMicro, 2020). Fig. 7 illustrates the mechanism for Public
CAVs Cyber Safety Awareness, visually representing the process. The two
main facilitators of Awareness Enhancement are CAV Users and the OEM’s
Education Effectiveness, and CMT.
The dynamic improvement of CMT would provide the baseline fea-
tures of CAVs cyber-attackers (Holt et al., 2010; Wilson and Hash, 2003).
Education is critical for properly teaching and protecting CAVs and their
customers against cyberattacks. Individuals differ in their capacity to
appropriately recognise cybersecurity hazards; for example, 23 per cent
of people manage less than half of cybersecurity circumstances, while
just 4 per cent handle more than 90 per cent of situations (Katerina and
Nicolaos, 2018). The Harvard Business Review report describes human
error as a primary driver behind the majority of cyber incidents
Fig. 5. The Hacker’s capability.
Fig. 6. CAVs criminology theory maturity.
S.K. Khan et al.
Transport Policy 162 (2025) 47–64
54
(Chamorro-Premuzic, 2023). The absence of accurate information and
awareness among key stakeholders and the general public is a funda-
mental barrier to successful risk management (Cohen et al., 2007;
Christiansen and Piekarz, 2018). The Awareness Depreciation constrained
by Awareness Lifetime could deplete Public CAV Cyber Safety if there is a
lack of adequate guidelines for its use (Lundvall, 2010). Appendix A
describes the model expressions and parameters.
5. Model testing
To ensure the reliability and validity of the proposed SFM, we con-
ducted a rigorous evaluation process following the established guidelines
in the literature. This evaluation included both structural and behavioural
testing (Sterman, 2000; Stasinopoulos et al., 2020; Valencia Arias and
Obando Montoya, 2012)(Sterman, 2000; Stasinopoulos et al., 2020;
Valencia Arias and Obando Montoya, 2012).
5.1. Structural validation
We assessed the SFM’s parameter assessment, boundary adequacy,
dimensional consistency, extreme conditions, and overall structure
during structural testing. Key ndings from this phase included.
•Boundary Adequacy: The model demonstrated high sensitivity to
removing existing endogenous structures while introducing new
endogenous structures, which had a relatively minor impact.
•Dimensional Consistency: It is checked that all expressions in the
model are dimensionally consistent, ensuring that units on both sides
of each expressions match.
•Parameter Evaluation: We conrmed the conceptual alignment of
all model parameters with those of the existing system and ensured
that the units on both sides of each expressions were consistent. For
instance, during parameter evaluation, we scrutinised the conceptual
alignment of all parameters with those of the existing system, such as
adjusting the Hacker’s Motivation to ensure that it positively impacts
the Hacker’s Capability.
The results of these tests provided valuable insights for model
renement and subsequent recalibration.
5.2. Behavioural validation
Behavioural testing involved evaluating the SFM’s performance
under extreme conditions, reproducing known behaviours, assessing
boundary adequacy, and identifying potential anomalies.
•Extreme Conditions: By systematically altering individual param-
eters (e.g., V2X communication security), we veried that the
model’s output (e.g., PHD and PHA) remained within expected
ranges, indicating realistic behaviour.
•Behaviour Reproduction: Due to the lack of historical CAV cyber-
security data, we compared the model’s output with projected
cybersecurity trends for CAVs (Khan et al., 2021a) to assess its ability
to replicate expected behaviours.
•Policy Testing: We also evaluated the model’s response to various
policy interventions that can help assess its usefulness for decision-
making (detailed in the next section)
Overall, the rigorous testing process has strengthened our condence
in the SFM’s ability to accurately represent and predict the dynamics of
CAV cybersecurity.
6. Simulating policy impacts
After model development and testing, the next phase involves
investigating plausible scenarios to determine effective CAV cyberse-
curity policies. SD scenario simulation is conducted in the literature by
incorporating various data sources, such as existing empirical and
theoretical literature, the combination of quantitative or qualitative
data, secondary data analysis, and expert opinion. This comprehensive
approach enables researchers to explore strategies for system change.
For example, Nazareth and Choi (2015) used a normalised scale (0–1)
for various input parameters for information security in addition to
available data; Lounsbury (2002) utilised quantitative data and experts’
opinions to model epidemic changes; and Repenning (2002) developed
an SD model entirely from descriptions of parameters in the literature to
account for companies’ failures and successes with innovations. There-
fore, the model’s scenario simulation data is sourced from two methods:
utilising quantitative data for variables with measurable values and
employing exploratory data to quantify hidden variables to reproduce
the observed behavioural patterns of actors within the system (Hirsch
et al., 2007). Table 3 illustrates the combinations of scenarios simulated.
SD model runs are analysed with enhanced intuition, provide a dy-
namic interaction of variables affecting CAVs’ cybersecurity, and high-
light interventions that could have unintended consequences when
CAVs are deployed in ITS. The aim is to achieve a delicate equilibrium
between promoting CAVs adoption and establishing a resilient cyber-
security framework while systematically envisioning the potential paths
of CAVs deployment, understanding the impact of policies and techno-
logical advancements on CAVs cybersecurity, and highlighting the
interconnected dynamics.
For scenarios simulation, the total Population is scaled to 1, allowing
each component to effectively demonstrate the relative impact of CAVs
by representing a proportion of the total population (Stasinopoulos
et al., 2020). Similarly, the total count of Car Adopters is determined by
summing up the numbers of CAV and CV Adopters. Additionally, Non-car
Adopters comprise the population segment most likely to adopt CAVs
due to their accessibility. This group encompasses public transport users,
cyclists, children, and seniors (Stasinopoulos et al., 2020). CV Adopters
are measured as the difference between the CV adopters
initial
and cu-
mulative changes in adoption. Based on data from the Australian Sta-
tistics Bureau, it is estimated that the total value of CV always and
CV Adopters
initial
constitutes approximately 57% of the overall owner-
ship of passenger vehicles.
Fig. 7. Public CAVs cyber-safety awareness.
S.K. Khan et al.
Transport Policy 162 (2025) 47–64
55
The values for Innovation and Imitation in the speedy scenario are
sourced from (Shabanpour et al., 2018), while the values for the slow
scenario are obtained from the study conducted by (Lavasani et al.,
2016). Non-car Adopters
initial
value in the context of CAVs penetration is
set based on the literature range of 0.02–0.6, as described by (Harper
et al., 2016; Litman, 2020), aiming to achieve CAV induction within that
range, with the market size for CAVs projected to be at least 40%
(Shabanpour et al., 2018; Menon, 2015). The exogenous input variables
are scaled on a normalised range of 0–1, as outlined in Table 3, with the
values selected in the middle to reect a moderate scenario, as suggested
in the literature (Nazareth and Choi, 2015).
The system dynamics are simulated utilising Vensim® Software,
Version 8, employing the Runge-Kutta integration method. The scenario
simulation duration is 50 years, considered sufcient to capture the
hype cycle of CAV technology (Bartl, 2015). This time frame covers the
entire spectrum, from the initial conception of CAVs to their widespread
adoption by a signicant portion of the population. For example, pas-
senger car manufacturers initiated Anti-lock Braking Systems (ABS)
trials in the 1960s. However, it took approximately four decades for ABS
to achieve widespread prevalence, with its adoption becoming promi-
nent during the 1990s.
The Baseline (Technological driven only) scenario assumes that
CAVs-CS is reinforced over time as the technology matures. The crimi-
nology philosophy for countering CAV cyber-crimes is not included.
CAV Users and OEMs Education Effectiveness, and Public CAVs Cyber Safety
Awareness are moderate. The composition of CAV Adopters is from
Adoption only. The change in CAVs-CS is amplied because of a rein-
forcing mechanism that runs through the CAVs TRM. As a result, CAVs-
CS is improved, and PHA increased as well as PHD (as expected),
depicted in Fig. 8. The CMT scenario utilises theory enabled by CAV
Users’ Synthesis, the eSTU, and Knowledge of CAV Attackers’ Character-
istics. The change in PHA is resisted because of a balancing mechanism
that runs through CMT. As shown in Fig. 9, this action results in a sig-
nicant decrease in PHA. There is a slight increase in CAV Adopters when
the Probability of Successful Cyber-attacks decreases.
The CAV users and OEMs education scenario marks an
Table 3
Combinations of scenarios simulated.
Scenarios CAVs technology
readiness and maturity
Criminology Theory Maturity CAV users and
OEMs
education
CAVs
penetration
CAVs penetration
with public
behaviour
analysis
Potential Impact
Baseline The CAVs communication
security is reinforced over
time as the technology
matures.
Not included Moderate Moderate
(Only by
adoption)
Moderate CAVs-CS is improved, and PHA
increased as well as PHD (as
expected).
Criminology Theory
Maturity
The CAVs communication
security is reinforced over
time as the technology
matures.
Utilising the criminology theory,
i.e., the use of RAT is a powerful
technique for reducing hacker
capabilities and cyber-risks
posed by CAVs.
Moderate Moderate
(Only by
adoption)
Moderate Signicant decrease in PHA.
There is a slight increase in CAV
Adopters when the Probability
of Successful Cyber-attacks
decreases.
CAV users and
OEMs education
The CAVs communication
security is reinforced over
time as the technology
matures.
Not included Robust CAVs
user and OEMs
education.
Moderate
(Only by
adoption)
Moderate PHD is augmented through a
reinforcing mechanism that
runs through CAV Users and
OEMs Education Effectiveness.
CAVs penetration The CAVs communication
security is reinforced over
time as the technology
matures.
Not included Moderate Adoption +
induction
Moderate A rise in CAV Adopters
CAVs penetration
with a robust
human behaviour
analysis
The CAVs communication
security is reinforced over
time as the technology
matures.
Not included Moderate Adoption +
induction
Robust public
CAVs behaviour
synthesis
A decrease in PHA and an
decrease in PHD.
Fig. 8. Cyber-safety assessment: Baseline vs. Criminology theory maturity.
S.K. Khan et al.
Transport Policy 162 (2025) 47–64
56
improvement in PHD only, illustrated in Fig. 10. PHD is augmented
through a reinforcing mechanism that runs through CAV Users and OEMs
Education Effectiveness. PHD improvements reduce effective cyber as-
saults, allowing for a rise in CAV Adopters. CAVs penetration occurs via
Adoption and Induction, leading to a rise in CAV Adopters. The change in
PHA is amplied because of a reinforcing mechanism, i.e., more CAV
Inltration Caveats, and a corresponding rise in PHD. Nonetheless, in
CAVs penetration with public behaviour analysis, the change in PHA
is resisted because of a balancing mechanism, i.e., robust public CAVs
behaviour synthesis. As a result, there is a decrease in PHA and an
improvement in PHD.
Similarly, Fig. 11 illustrates the synthesis of the preceding scenarios
using a boxplot. The box plot illustrates the symmetry and skewness of
the behaviour of the four performance metrics under each scenario.
CAVs-CS exhibit nearly identical behaviour in all scenarios. The PHA
decreased in ’CMT’ but increased in ’CAVs penetration’, as the number
of access points grew, making them more susceptible to cyber-attacks.
PHD is enhanced in ’CAV users and OEMs education’. Moreover, in
’CAVs penetration’, the PHD elevated due to a similar rise in PHA; but,
’with human behaviour analysis’, the PHA showed a noticeable
decrease. Due to decreased successful cyberattacks, CAV adopters have
increased in the ’CMT’ and ’CAV users and OEMs education’ scenarios.
7. Discussion
The article initiates a discussion on the quantication of cyberse-
curity in CAVs. This quantitative analysis represents a novel approach
compared to the predominantly qualitative methods employed in pre-
vious studies. By utilising the SD approach, we have constructed a
comprehensive model that captures the essential parameters inuencing
the cybersecurity of CAVs within the ITS. Through systematic simula-
tion, the established model effectively aligns with the primary objective
of developing a robust framework for CAVs cybersecurity. Additionally,
the secondary objective is to illustrate the dynamic nature of
Fig. 9. Cyber-safety assessment: Baseline vs. CAVs user and OEMs education.
Fig. 10. Cyber-safety assessment: Baseline vs. CAVs penetration.
S.K. Khan et al.
Transport Policy 162 (2025) 47–64
57
interactions among variables impacting CAV’s cybersecurity, shedding
light on interventions that may inadvertently yield unintended conse-
quences when CAVs are integrated into the ITS.
In the context of real-world CAV deployment, these ndings have
critical implications for cybersecurity strategies and risk management.
The widespread deployment of CAVs within ITS introduces complex
cybersecurity challenges that must be addressed holistically. Policy
resistance refers to the system’s (ITS) reaction to any intervention (e.g.,
CAV deployment), which can negate the effectiveness of such in-
terventions if not properly managed (Sterman, 2000). The key stake-
holders in CAV deployment include OEMs (original equipment
manufacturers), technology partners, communication and cloud service
Fig. 11. Box plot visualisation of scenarios simulated for CAVs cybersecurity assessment.
Fig. 12. V2X communication (Source: The authors’ synthesis).
S.K. Khan et al.
Transport Policy 162 (2025) 47–64
58
providers, regulators, policymakers, road and infrastructure authorities,
and end-users.
By analysing feedback loops and system interdependencies through
the SD model, this study captures the broader cybersecurity challenges
of CAVs in a way that isolated studies often miss. SFM ndings show that
interdependencies between different system components can produce
non-linear behaviours, making it difcult to predict outcomes when
addressing a single avenue in isolation. This integrated approach pro-
vides a more realistic understanding of how multiple variables affect
CAV cybersecurity across the entire ITS architecture.
The CAVs-CS is designed to act as the rst line of defence against
cyberattacks. CAVs-CS helps develop a CAV’s cyber risk management
lifecycle, encompassing several protective measures, including auto-
mated protection mechanisms (such as multi-layer security, patch
management, system backups, and proximity access security). As CAV
technology matures, the need for a robust CAV cyber risk appetite and a
risk-based approach to resilience becomes evident. The system’s security
maturity can be measured through processes involving Research and
Development (R&D), operational resources, and information-sharing
protocols (Rosenfeld et al., 2007).
The CAV technology Maturation is the de-risking of CAV operations in
ITS. However, innovations also increase vulnerabilities. Given the
inherent uncertainty and technological risk associated with CAV tech-
nology, assessing the potential technical risks associated with CAV
adoption is critical. This can be demonstrated in Fig. 12: Quality of
Service (QoS) vs. security provisions for CAVs wireless technologies in
terms of speed, latency, vulnerabilities, and security performance eval-
uation metrics. For example, the security and privacy challenges evident
after the convergence of the 5G and 6G networks into V2X (Javed et al.,
2022) would include a plethora of cyberattacks, necessitating a proac-
tive security assessment. Similarly, customised designs for ADAS may
aid in lowering the overall risk (Chen et al., 2021). Similarly, the dy-
namic optimisation techniques based on real-time data need further
attention.
The ongoing cybersecurity battle between attackers and defenders in
the context of real-world CAV deployment is heightened by the attrac-
tiveness of CAVs as high-value targets. The likelihood of a cyberattack is
inuenced by the hacker’s perceived opportunities, including Hacker’s
Capability, the existing deterrent measures within the ITS, and the
system’s perceived vulnerabilities (Aryee, 2020). In particular, the
Hacker’s Capability is linked to the Technology Readiness and Maturity
(TRM) of CAV systems, the hacker’s motivation, the level of CAV
penetration in the market, and the effectiveness of log le preservation.
By incorporating criminology theories like Routine RAT, this study seeks
to understand hacker motivations and proles, which can help develop
more effective countermeasures.
The maturation of criminology philosophy plays a signicant role in
advancing the understanding of CAV cybercrime and criminal justice
(Kennedy et al., 2019). For example, incorporating RAT into cyberse-
curity strategies can help reduce Potential Hacker Attacks (PHA), as
depicted in Fig. 8. A decrease in successful cyberattacks can increase
market condence, making the CAV ecosystem more attractive for CAV
Adopters. However, for criminology theory to keep pace with evolving
cyber threats, specialised, i.e., eSTUs, will need to be developed. These
units would focus on understanding the evolving capabilities of CAV
hackers and designing strategies to mitigate their impact.
The study also identies CAV Adopters as a crucial factor in ensuring
widespread acceptance of the technology. As CAVs are deployed, big
data generated by their operations offers critical insights into improving
the security of ITS. Therefore, the safety of CAV-based ITS may be
assessed using data models and applications (Lian et al., 2020). On the
ip side, as the quantity of CAVs on the road increases, hackers can
explore novel models for generating prot. The growing number of ac-
cess points in CAVs raises the PHA (shown in Fig. 10), increasing
cyberattacks. Increased cyberattacks will undoubtedly derail CAV
adoption, necessitating an adaptive, holistic approach to avert this
outcome.
Nonetheless, cybersecurity for CAVs requires upskilling the opera-
tion’s weakest link—the human being (Annarelli et al., 2020). Accord-
ing to the Ponemon Institute’s 2019 Report, employee carelessness is the
underlying cause of 24 per cent of data breaches, which is signicant
(IBM, 2019). Queensland Business Technologies reports human error
infections of 95% in 2017/2018 (QueenslandBusinessTechnologies,
2019), and human error accounts for 90% of data breaches, according to
TechRadar’s ndings (Spadafora, 2019). Introducing a CAV-operated
license and awareness-raising programs tailored to specic stake-
holder groups will benet CAV cybersecurity (illustrated in Fig. 9).
Similarly, proper information dissemination management, test-ride
events and transparency on safety solutions would all have an impact
on CAV’s overall social acceptability, improving cybersecurity. The
scenario ’CAVs penetration with public behaviour analysis’ has a
noticeable decrease in PHA (illustrated in Fig. 10). Characterising in-
dividuals vulnerable to cybersecurity failures, managing the impact of
reduced driver-driving abilities, and understanding the motives and
attributes of CAV cyberattacks (psychological prole) (Kennedy et al.,
2019; Wilson and Hash, 2003; Christiansen and Piekarz, 2018) have the
potential to improve CAV cybersecurity.
8. Policy recommendations
This study provides a comprehensive analysis of cybersecurity in
CAVs through a SD approach, offering a quantitative framework for
understanding and mitigating cyber risks in ITS. The ndings emphasise
the importance of addressing policy resistance, managing the techno-
logical vulnerabilities inherent in CAV deployment, and understanding
hacker motivations through criminology theories.
The CAV Penetration scenario highlights the increased risk posed by
growing access points in CAV systems, which elevates the likelihood of
cyberattacks. Policymakers should implement proactive, multi-layered
cybersecurity frameworks that address these risks early. This involves
formal regulations, technical standards, and fostering cybersecurity
awareness across industries to mitigate potential threats before CAVs
become widespread.
CAV operational logs are also a valuable resource for technological
maturation, yet they present a lucrative target for hackers. Formulating
a systematic policy for CAVs log le preservation is essential, i.e., which
logs should be retained? How long will it last? Who should have access
to the data? The biggest difculty lies in striking a balance between
three key areas: Privacy and Freedom: How much personal data can be
collected from CAV users without infringing on their privacy and
freedom of movement? Business Needs: How much access should CAV
manufacturers and service providers have to operational data and user
information while protecting their investments and innovations? Reg-
ulatory Control: How much control should government regulators have
over CAVs, ensuring safety without stiing development and
innovation?
The CTM scenario shows how advancements in criminological the-
ory can inform the understanding of cybercrime related to CAVs and
guide criminal justice responses. Regulators should adopt a systematic
approach to cybersecurity oversight, requiring regular vulnerability
assessments by manufacturers (OEMs) and ensuring continuous updates
to cybersecurity standards. Criminological insights can enhance policy
strategies to anticipate and reduce hacking attempts.
The CAV Users’ and OEMs’ Education scenarios emphasise that
public awareness and effective communication play crucial roles in
increasing social acceptance of CAVs and strengthening cybersecurity.
Stakeholders should invest in public education programs, such as test-
ride events and transparent safety communications, to build trust and
ensure the public adopts safe behaviours. This will improve overall
cybersecurity resilience as public perception aligns with security
measures.
Across various scenarios, the study identies that addressing CAV
S.K. Khan et al.
Transport Policy 162 (2025) 47–64
59
cybersecurity requires considering technological, human, and social
elements, which involve multiple stakeholders. OEMs, regulators,
cybersecurity experts, and criminologists should collaborate to tackle
the complex, evolving nature of CAV cybersecurity threats. Coordinated
knowledge-sharing and joint risk assessments are essential for a
comprehensive response to these challenges.
The CAV-CS scenario highlights technological challenges in securing
communication channels within CAV systems, alongside the need for
improved log le management and hacker deterrence mechanisms.
Vendors and regulators should promote continuous innovation in
cybersecurity technologies, such as enhancing communication safety,
improving log management, and addressing hacker capabilities (Khan
et al., 2024d). This ensures that CAV systems remain secure as new
vulnerabilities and technologies emerge.
Given the lack of extensive empirical data, the study shows that SD
modelling offers valuable insights for evaluating CAV cybersecurity
despite the data limitations. Policymakers should consider leveraging
SD models to simulate potential cybersecurity threats and scenarios,
aiding in the development of effective, data-informed policies that
anticipate risks and guide security strategies.
9. Future direction and limitations
While this study has made a noteworthy contribution to assessing the
factors that inuence CAVs’ cybersecurity, it is important to recognise
the constraints of the proposed model. One drawback of SD modelling is
the prerequisite of having initial values for all stock variables in the
model before commencing simulations. For Flows that are directly
proportional to their stocks, initiating with a value of zero is impractical
as it would hinder any variation in the ow rate. Hence, a non-zero
initial value is presumed to enable meaningful adjustments in the
ow. Additionally, some relationships in the model describe phenomena
that are difcult to relate directly to the real world. For instance,
quantication of CAVs Technology Maturation through parameters like
processes, resources, etc. Therefore, these variables are depicted on a
normalised scale ranging from 0 to 1, with values chosen towards the
centre to portray a moderate scenario.
SFM can manage greater complexity than conventional social science
modelling methodologies, but it cannot capture the whole complexity of
a process; Modelers must eventually decide which system parts and in-
teractions are relevant to an issue and can be handled in a single model.
For instance, factors like regulatory law and trust are not taken into
account, as they fall outside the scope of this paper. The choice is pri-
marily driven by the desire for a dened scope and the ability to
concentrate on specic parameters through focused analysis. Moreover,
the research being undertaken by leading automotive rms such as
Waymo, Tesla, Mercedes Benz, Baidu, Uber, Google, and Audi (He et al.,
2020; Tesla, 2018), as well as the numerous pilot programs around the
world, such as ’Advanced Connected ACV2 trials,’ ’Austroads Future
Vehicles & Technology Initiative’ in Australia (Vicroads, 2021; Austro-
ads, 2021), would aid in the requisite data set for more robust quanti-
cation of CAVs cybersecurity parameters. Nonetheless, the scarcity of
required empirical data, the subjective nature of cybersecurity, and the
high degree of uncertainty make the semi-quantitative approach the
preferred method for the foreseeable future.
10. Conclusion
Cybersecurity is a process; system designers need to keep abreast of
the developments in cyber-attacks on the CAV-embedded framework
while ascertaining the adoption of autonomous driving. A robust
cybersecurity framework is comprised of three interconnected links:
formal, technical, and cultural. Vulnerability assessment and prior
adaptation of CAV’s cyber-safety knowledge will boost risk assessments
by OEMs and regulators. There is currently less empirical data available
on CAVs’ cyber-safety due to the evolving nature of CAV technology.
The wait-and-see approach will have signicant implications, which
could lead to the introduction of corrective steps by the time adequate
CAVs are in operation. The system-oriented approach is suitable because
of the highly complicated and uncertain nature of CAVs-based ITS, with
many components and stakeholders (Kim et al., 2022) and numerous
interactions among them, frequently involving multiple feedback
mechanisms. This study pioneers the use of SD to facilitate a more
nuanced understanding of the ITS system and the relevant parameters
affecting CAV cybersecurity. Since SD modelling is deterministic (rather
than stochastic), it may aid in useful future insights despite the lack of
empirical data in the cybersecurity paradigm of CAVs.
The proposed SD model aims to help assess cybersecurity opportu-
nities in deploying CAVs within the ITS and to help foster the develop-
ment of effective policy instruments by envisioning how components
interact. The SFM is developed by integrating the main elements that lie
at the heart of CAVs cybersecurity and shape the model’s foundation,
namely: CAVs Communication Safety (CAVs-CS), CAV Adopters, Hacker’s
Capability, Log Files, Criminology Theory Maturity (CMT), and Public CAVs
Cyber Safety Awareness. The established SFM has its structure and
behaviour tested and is used to conduct scenario analyses for CAV
cybersecurity using various plausible scenarios.
The ndings from various scenarios reinforce the study’s conclu-
sions. For instance, the Criminology Theory Maturity scenario illustrates
how advances in criminological theory can enhance the understanding
of CAV-related cybercrime and inform criminal justice strategies, ulti-
mately reducing the likelihood of hacking attempts. Such insights foster
greater market condence in CAV adoption. In contrast, the CAV
Penetration scenario reveals the heightened risks posed by increasing
access points, highlighting the need for a proactive, multi-layered
cybersecurity approach to mitigate threats and sustain public trust in
CAV technology.
Furthermore, the study underscores the importance of effective
communication, public test-ride events, and transparency in safety
measures as pivotal factors in shaping CAV social acceptability and
strengthening cybersecurity, as evidenced by CAV users’ and OEMs’
education scenarios. The CAV Penetration with Public Behaviour Anal-
ysis scenario further emphasises the value of understanding public
perceptions and behaviours to improve CAV cybersecurity resilience.
Importantly, the ndings identify humans as a critical component within
the security framework of CAVs, often referred to as the "weakest link,"
underscoring the urgent need for enhanced public awareness and edu-
cation. While much of the existing literature focus remains on technical
measures and the categorisation of security actors, this study advocates
for a signicant shift toward recognising and emphasising the role of the
general public as an integral part of the CAV cybersecurity ecosystem,
where human involvement plays a crucial role in mitigating risks and
enhancing the security of autonomous vehicles. A new policy horizon
lies in equipping individuals with the awareness, knowledge, and
practical skills to mitigate security risks associated with CAVs. Public
education campaigns, user-friendly guidelines, and targeted training
initiatives can empower individuals to adopt safer digital practices,
recognise potential threats, and contribute to a secure CAV environ-
ment. By integrating the general public into the broader cybersecurity
strategy, policymakers can create secure CAV systems that leverage the
collective vigilance of informed users. Similarly, based on these scenario
ndings, the study advocates for the implementation of strategic mea-
sures by vendors and regulators to strengthen cybersecurity and improve
the resilience of the CAV ecosystem.
CRediT authorship contribution statement
Shah Khalid Khan: Writing – original draft, Validation, Methodol-
ogy, Investigation, Formal analysis, Data curation, Conceptualization.
Nirajan Shiwakoti: Writing – review & editing, Supervision, Method-
ology, Investigation, Conceptualization. Peter Stasinopoulos: Writing –
review & editing, Supervision, Methodology, Investigation, Formal
S.K. Khan et al.
Transport Policy 162 (2025) 47–64
60
analysis, Conceptualization. Yilun Chen: Formal analysis, Conceptual-
ization. Matthew Warren: Supervision.
Acknowledgements
We would like to acknowledge the Australian Government,
Department of Industry, Science, Energy and Resources (DISER) for the
nancial support received for this study through Automotive Engi-
neering Graduate Program (GRANT NO: AEGP000050). The views
expressed in this study by us do not necessarily reect those of the
DISER.
Appendix A. The model parameters and expressions
Name Expression Unit
Adoption from Imitation Imitation * CAVs Adopters * CV Adopters/Total Car Adaptors Vehicle/Year
Adaption from Innovation CV Adopters*Innovation Vehicle/Year
Awareness Enhancement (CAVs User and OEMs Education Effectiveness *Criminology-Theory Maturity) Dmnl/Year
Capability Depreciation Hacker’s Capability/Capability Lifetime Dmnl/Year
Probability of Hacks Defended 0.6 * CAVs Communication Cyber Safety Stack +0.15 * Human CAV Cyber Safety Awareness +0.25 * CAVs Communication
Cyber Safety Stack * Human CAV Cyber Safety Awareness
Dmnl
Adoption (Adaption from Innovation +Adoption from Imitation) *
(1- Probability of Successful Cyber-attacks)
Vehicle/Year
Awareness Lifetime 50 Year
Awareness Depreciation Human CAV Cyber Safety Awareness/Awareness Lifetime Dmnl/Year
Capability Lifetime 50 Year
Capability per Log File Capability per Leaked Log File * Leaked Log Files Dmnl
Capability per Vehicle 0.5 on a {0–1} scale Dmnl/Vehicle
CAVs Adopters CAVs adopters Initial +t
0( − Adoption +Induction) Δt CAVs adopters Initial =0.001 Vehicle
CAVs Communication Cyber Safety
Stack CAVs Communication Cyber Safety Stack Initial +t
0(Robustness Enhancement −Knowledge &Technology Depreciation ) Δt
CAVs Communication Cyber Safety Stack Initial =0
Dmnl
CAVs Inltration Caveats Capability per Vehicle *CAVs Adopters Dmnl
CAVs Technological Maturation Information * Processes * Resources * Research and Development * CAVs Technology Readiness and Maturity * Initial Maturation
Availability
Dmnl/Year
CAVs Technology Readiness and
Maturity CAVs Technology Readiness and Maturity Initial +t
0(CAVs Technological Maturation ) Δt CAVs Technology Readiness and
Maturity Initial =0.1 Non-zero initial value assumption
Dmnl
CAVs User and OEMs Education
Effectiveness
0.5 on a {0–1} scale Dmnl/Year
Criminology Theory Maturation eSafety Trafc Unit * (Human (User) Behaviour Analysis +Knowledge of CAV Attackers’ Motivations and Characteristics) Dmnl/Year
Criminology Theory Maturity Criminology Theory Maturity Initial +t
0(Criminology Theory Maturation) Δt Criminology Theory Maturity Initial =0Dmnl
CV Adopters CV adopters Initial +t
0( − Adoption) ΔtVehicle
CV adopters Initial Population * Ownership initial - CV always - AV adopters initial (Population =1, Ownership initial 0.57, CV always =0.1, AV
adopters initial =0.0001)
Vehicle
Deployment Rate 0.5 1/Year
eSafety Trafc Unit 0.5 on a {0–1} scale Dmnl
Hacker’s Motivation 0.5 on a {0–1} scale Dmnl/Year
Hacker’s Technical advancement CAVs Communication Cyber Safety Stack * Hackers Accessibility Dmnl
Hacker’s Accessibility 0.5 on a {0–1} scale Dmnl
Hacker’s Capability Hacker’s Capability Initial +t
0(Hackers Capability Enhancement −Capability Depreciation ) Δt Hacker’s Capability Initial =
0
Dmnl
Hackers Capability Enhancement (CAVs Inltration Caveats +Capability per Log File +Hacker’s Technical advancement) * Hacker’s Motivation Dmnl/Year
Human (User) Behaviour Analysis CAVs Adopters * Knowledge per User Dmnl/Year
Human CAV Cyber Safety Awareness Human CAV Cyber Safety Awareness Initial +t
0(CAVs Technological Maturation ) Δt Human CAV Cyber Safety Awareness
Initial =0.1
Dmnl
Imitation 0.1 1/Year
Induction from Imitation Imitation * CAVs Adopters * Non-Car Adopters/Total Non-car Adopters Vehicle/Year
Induction (Induction from Imitation +Induction from Innovation) * (1-Probability of Successful Cyber-attacks) Vehicle/Year
Induction from Innovation Innovation*Non-Car Adopters Vehicle/Year
Information Log Files Preservation * Information per Log File Dmnl/Year
Information per Log File 0.4 on a {0–1} scale Dmnl/File
Innovation CAVs Technology Readiness and Maturity * Innovation per Readiness 1/Year
Initial Maturation Availability Initial Maturation Availability Initial - t
0(CAVs Technological Maturation ) Δt Initial Maturation Availability Initial =0.9 Dmnl
Input Log Files 1 File/Year
Knowledge & Technology Depreciation CAVs Communication Cyber Safety Stack/Knowledge & Technology Lifetime Dmnl/Year
Knowledge & Technology Lifetime 20 Year
Knowledge of CAV Attackers’
Motivations and Characteristics
Log Files Preservation * Knowledge per Log File Dmnl/Year
Knowledge per Log File 0.001 Dmnl/File
Knowledge per User 0.5 on a {0–1} scale Dmnl/Vehicle/
Year
Leakage rate 0.0025 1/Year
Leaked Log Files 0+(Leaking) Δt File
Leaking Log Files * Leakage rate File/Year
Log Files Log Files Initial +t
0(Log Files Preservation −Leaking ) Δt Log Files Initial =0.2 File
(continued on next page)
S.K. Khan et al.
Transport Policy 162 (2025) 47–64
61
(continued)
Name Expression Unit
Learning Experiences 0.3 * Probability of Successful Cyber-attacks Dmnl
Log Files Preservation Input Log Files *Learning Experiences File/Year
Non-Car Adopters CAVs adopters Initial +t
0( − Adoption +Induction) ΔtVehicle
Non-car adopters Initial Non-car adopters initial * Induction Scenario Induction Scenario =1 (yes) Induction Scenario =0 (No) Vehicle
Non-car adopters initial Population * (1 - Ownership initial) Vehicle
Probability of Hacking attempts Hacker’s Capability * (1 - Criminology-Theory Maturity) Dmnl
Probability of Successful Cyber-attacks Probability of Hacking attempts * (1- Probability of Hacks defended) Dmnl
Processes 0.5 on a {0–1} scale Dmnl
Research and Development 0.5 on a {0–1} scale Dmnl
Resources 0.5 on a {0–1} scale Dmnl
Robustness Enhancement V2X Communication Security * Deployment Rate Dmnl/Year
Total Car Adaptors CV Adopters +CAVs Adopters Vehicle
Total Non-car Adopters CAVs Adopters +Non-Car Adopters Vehicle
Data availability
Data will be made available on request.
References
Abuabed, Z., Alsadeh, A., Taweel, A., 2023. STRIDE threat model-based framework for
assessing the vulnerabilities of modern vehicles. Comput. Secur. 133, 103391.
Albert, T., 2016. Measuring technology maturity: theoretical aspects. In: Measuring
Technology Maturity. Springer, pp. 9–113.
Aljazeera, 2021. China military bans Tesla cars citing camera, sensor spy concerns. China
military bans Tesla cars citing camera, sensor spy concerns. https://www.aljazeera.
com/economy/2021/3/19/chinas-military-bans-tesla-cars-on-camera-sensor-spy-
concerns. (Accessed 12 March 2022).
Annarelli, A., Nonino, F., Palombi, G., 2020. Understanding the management of cyber
resilient systems. Comput. Ind. Eng. 149, 106829.
Aryee, D., 2020. Cybersecurity Threats to the Hotel Industry and Mitigation Strategies.
Utica College.
Australia-Goverment, 2020. Technology readiness level denition. Defence Science and
Technology Group. https://www.dst.defence.gov.au/sites/default/les/basic_page
s/documents/TRL/20Explanations_1.pdf. (Accessed 12 March 2022).
Austroads, 2021. Austroads’ future vehicles & technology program. Austroads. http
s://austroads.com.au/drivers-and-vehicles/future-vehicles-and-technology/trials.
(Accessed 22 July 2022).
Bartl, M., 2015. The future of autonomous driving–introducing the foresight matrix to
support strategic planning. The making of Innovation 1–7.
BBC, 2015. Fiat Chrysler recalls 1.4 million cars after Jeep hack. https://www.bbc.com/
news/technology-33650491. (Accessed 12 March 2022).
BBC, 2021. Russian pleads guilty to Tesla ransomware plot. https://www.bbc.com/new
s/world-us-canada-56469475. (Accessed 12 March 2022).
Burzio, G., Cordella, G.F., Colajanni, M., Marchetti, M., Stabili, D., 2018. Cybersecurity of
connected autonomous vehicles: a ranking based approach. In: 2018 International
Conference of Electrical and Electronic Technologies for Automotive. IEEE, pp. 1–6.
Chamorro-Premuzic, T., 2023. Human error drives most cyber incidents. Could AI help?
https://australiancybersecuritymagazine.com.au/human-error-leading-cause-of-da
ta-breaches/. (Accessed 13 May 2023).
Chari, M., 2024. Points of reference: robotaxi safety. https://www.apmresearchlab.org/
10x/robotaxi-safety. Nov 24, 2024, August 13.
Chen, Q., Gu, R., Huang, H., Lee, J., Zhai, X., Li, Y., 2021. Using vehicular trajectory data
to explore risky factors and unobserved heterogeneity during lane-changing. Accid.
Anal. Prev. 151, 105871.
Cho, Y., Yoon, S.-P., Kim, K.-S., 2016. An industrial technology roadmap for supporting
public R&D planning. Technol. Forecast. Soc. Change 107, 1–12.
Choi, K.-S., Lee, C.S., Louderback, E.R., 2020. Historical Evolutions of Cybercrime: from
Computer Crime to Cybercrime. The Palgrave Handbook of International Cybercrime
Cyberdeviance, pp. 27–43.
Christiansen, B., Piekarz, A., 2018. Global cyber security labor shortage and international
business risk. IGI Global.
Cohen, J., Mirotchnick, N., Leung, B., 2007. Thousands introduced annually: the
aquarium pathway for non-indigenous plants to the St Lawrence Seaway. Front.
Ecol. Environ. 5 (10), 528–532.
Coyne, A., 2016. Nissan Leaf cars vulnerable to remote hacking. https://www.itnews.
com.au/news/nissan-leaf-cars-vulnerable-to-remote-hacking-415612. Sep 19, 204.
Dimitriadis, A., Ivezic, N., Kulvatunyou, B., Mavridis, I., 2020. D4I-Digital forensics
framework for reviewing and investigating cyber attacks. Array 5, 100015.
Fagade, T., Maraslis, K., Tryfonas, T., 2017. Towards effective cybersecurity resource
allocation: the Monte Carlo predictive modelling approach. Int. J. Crit. Infrastruct.
13 (2–3), 152–167.
Ghadi, M., Sali, ´
A., Szalay, Z., T¨
or¨
ok, ´
A., 2020. A new methodology for analyzing vehicle
network topologies for critical hacking. J. Ambient Intell. Hum. Comput. 1–12.
Goodman, M.R., 1974. Study Notes in System Dynamics Wright. Allen Press, Cambridge,
Mass.
Gruel, W., Stanford, J.M., 2016. Assessing the long-term effects of autonomous vehicles:
a speculative approach. Transport. Res. Procedia 13 (2016), 18–29.
Günal, M.M., Pidd, M., 2010. Discrete event simulation for performance modelling in
health care: a review of the literature. J. Simulat. 4 (1), 42–51.
Harper, C.D., Hendrickson, C.T., Mangones, S., Samaras, C., 2016. Estimating potential
increases in travel with autonomous vehicles for the non-driving, elderly and people
with travel-restrictive medical conditions. Transport. Res. C Emerg. Technol. 72,
1–9.
He, Q., Meng, X., Qu, R., 2020. Towards a severity assessment method for potential cyber
attacks to connected and autonomous vehicles. J. Adv. Transport. 2020.
Hidalgo, A., Albors, J., 2008. Innovation management techniques and tools: a review
from theory and practice. R D Manag. 38 (2), 113–127.
Hirsch, G.B., Levine, R., Miller, R.L., 2007. Using system dynamics modeling to
understand the impact of social change initiatives. Am. J. Community Psychol. 39
(3), 239–253.
Hirz, M., Walzel, B., 2018. Sensor and object recognition technologies for self-driving
cars. Computer-aided design applications 15 (4), 501–508.
Holt, T.J., Burruss, G.W., Bossler, A.M., 2010. Social learning and cyber-deviance:
examining the importance of a full social learning model in the virtual world.
J. Crime Justice 33 (2), 31–61.
Huq, N., Vosseler, R., Swimmer, M., 2017. Cyberattacks against intelligent transportation
systems. TrendLabs Research Paper.
IBM, 2019. How much would a data breach cost your business? IBM. https://www.ibm.
com/security/data-breach. (Accessed 12 March 2022).
Jagielski, M., Jones, N., Lin, C.-W., Nita-Rotaru, C., Shiraishi, S., 2018. Threat detection
for collaborative adaptive cruise control in connected cars. In: Proceedings of the
11th ACM Conference on Security & Privacy in Wireless and Mobile Networks,
pp. 184–189.
Javed, A.R., et al., 2022. Future smart cities requirements, emerging technologies,
applications, challenges, and future aspects. Cities 129, 103794.
Katerina, T., Nicolaos, P., 2018. Mouse behavioral patterns and keystroke dynamics in
End-User Development: what can they tell us about users’ behavioral attributes?
Comput. Hum. Behav. 83, 288–305.
Kavak, H., Padilla, J.J., Vernon-Bido, D., Diallo, S.Y., Gore, R., Shetty, S., 2021.
Simulation for cybersecurity: state of the art and future directions. Journal of
Cybersecurity 7 (1), tyab005.
Kennedy, J., Holt, T., Cheng, B., 2019. Automotive cybersecurity: assessing a new
platform for cybercrime and malicious hacking. J. Crime Justice 1–14.
Kent, A.D., 2016. Cyber security data sources for dynamic network research. In: Dynamic
Networks and Cyber-Security. World Scientic, pp. 37–65.
Khan, S.K., Shiwakoti, N., Stasinopoulos, P., Chen, Y., 2020. Cyber-attacks in the next-
generation cars, mitigation techniques, anticipated readiness and future directions.
Accid. Anal. Prev. 148, 105837.
Khan, S.K., Shiwakoti, N., Stasinopoulos, P., 2021a. A conceptual system dynamics
model for cybersecurity assessment of connected and autonomous vehicles. Accid.
Anal. Prev.
Khan, S.K., Shiwakoti, N., Stasinopoulos, P., Matthew, W., 2021b. Dynamic assessment of
regulation and policy framework in the cybersecurity of Connected and Autonomous
Vehicles. In: Presented at the in Australasian Transport Research Forum, ATRF 2021-
Proceedings.
Khan, S.K., Shiwakoti, N., Stasinopoulos, P., 2022. A conceptual system dynamics model
for cybersecurity assessment of connected and autonomous vehicles. Accid. Anal.
Prev. 165, 106515.
Khan, S.K., Shiwakoti, N., Stasinopoulos, P., Warren, M., 2023a. Modelling cybersecurity
regulations for automated vehicles. Accid. Anal. Prev. 186, 107054.
Khan, S.K., Shiwakoti, N., Stasinopoulos, P., Warren, M., 2023b. A multinational
empirical study of perceived cyber barriers to automated vehicles deployment. Sci.
Rep. 13 (1), 1842.
Khan, S.K., Shiwakoti, N., Stasinopoulos, P., Chen, Y., Warren, M., 2024a. Exploratory
factor analysis for cybersecurity regulation and consumer data in autonomous
vehicle acceptance: insights from four OECD countries. Transp. Res. Interdiscip.
Perspect. 25, 101084.
S.K. Khan et al.
Transport Policy 162 (2025) 47–64
62
Khan, S.K., Shiwakoti, N., Stasinopoulos, P., Warren, M., 2024b. Driving a safer future:
exploring cross-country perspectives in automated vehicle adoption by considering
cyber risks, liability, and data concerns. IET Intell. Transp. Syst.
Khan, S.K., Shiwakoti, N., Stasinopoulos, P., Chen, Y., Warren, M., 2024c. The impact of
perceived cyber-risks on automated vehicle acceptance: insights from a survey of
participants from the United States, the United Kingdom, New Zealand, and
Australia. Transport Pol.
Khan, S.K., Shiwakoti, N., Diro, A., Molla, A., Gondal, I., Warren, M., 2024d. Space
cybersecurity challenges, mitigation techniques, anticipated readiness, and future
directions. International Journal of Critical Infrastructure Protection, 100724.
Kim, J.H., Lee, G., Lee, J., Yuen, K.F., Kim, J., 2022. Determinants of personal concern
about autonomous vehicles. Cities 120, 103462.
King, Z.M., Henshel, D.S., Flora, L., Cains, M.G., Hoffman, B., Sample, C., 2018.
Characterizing and measuring maliciousness for cybersecurity risk assessment.
Front. Psychol. 9, 39.
Lavasani, M., Jin, X., Du, Y., 2016. Market penetration model for autonomous vehicles on
the basis of earlier technology adoption experience. Transport. Res. Rec. 2597 (1),
67–74.
Li, S., Garces, E., Daim, T., 2019. Technology forecasting by analogy-based on social
network analysis: the case of autonomous vehicles. Technol. Forecast. Soc. Change
148, 119731.
Lian, Y., Zhang, G., Lee, J., Huang, H., 2020. Review on big data applications in safety
research of intelligent transportation systems and connected/automated vehicles.
Accid. Anal. Prev. 146, 105711.
Litman, T., 2020. Autonomous Vehicle Implementation Predictions: Implications for
Transport Planning.
Lounsbury, D.W., 2002. Understanding the Dynamics of Prevention, Care, and
Empowerment: A Systems Approach to HIV/AIDS Policy Innovation. Michigan State
University.
Lundvall, B.-Å., 2010. National Systems of Innovation: toward a Theory of Innovation
and Interactive Learning. Anthem press.
Macal, C.M., North, M.J., 2005. Tutorial on agent-based modeling and simulation. In:
Proceedings of the Winter Simulation Conference. IEEE, p. 14, 2005.
Macher, G., Sporer, H., Berlach, R., Armengaud, E., Kreiner, C., 2015. SAHARA: a
security-aware hazard and risk analysis method. In: 2015 Design, Automation & Test
in Europe Conference & Exhibition (DATE). IEEE, pp. 621–624.
Menon, N., 2015. Consumer Perception and Anticipated Adoption of Autonomous
Vehicle Technology: Results from Multi-Population Surveys. University of South
Florida.
Miller, M.R., Herrera, F., Jun, H., Landay, J.A., Bailenson, J.N., 2020. Personal
identiability of user tracking data during observation of 360-degree VR video. Sci.
Rep. 10 (1), 1–10.
Nazareth, D.L., Choi, J., 2015. A system dynamics model for information security
management. Information Management science 52 (1), 123–134.
Newton, A., 2017. Crime, transport and technology. In: The Routledge Handbook of
Technology, Crime and Justice. Routledge, pp. 281–294.
Nieuwenhuijsen, J., de Almeida Correia, G.H., Milakis, D., van Arem, B., van Daalen, E.,
2018. Towards a quantitative method to analyze the long-term innovation diffusion
of automated vehicles technology using system dynamics. Transport. Res. C Emerg.
Technol. 86, 300–327.
Prasad, R., Rohokale, V., 2020. Cyber Security: the Lifeline of Information and
Communication Technology. Springer.
Prevost, S., Kettani, H., 2019. On data privacy in modern personal vehicles. In:
Proceedings of the 4th International Conference on Big Data and Internet of Things,
pp. 1–4.
Puylaert, S., Snelder, M., van Nes, R., van Arem, B., 2018. Mobility impacts of early forms
of automated driving–A system dynamic approach. Transport Pol. 72, 171–179.
Qiu, T., Liu, J., Si, W., Wu, D.O., 2019. Robustness optimization scheme with multi-
population co-evolution for scale-free wireless sensor networks. IEEE/ACM Trans.
Netw. 27 (3), 1028–1042.
QueenslandBusinessTechnologies, 2019. How do you ensure your business is safe and
secure? Queensland Business Technologies. https://qbtech.com.au/cyber-security/.
(Accessed 12 March 2022).
Raiyn, J., 2018. Data and cyber security in autonomous vehicle networks. Transport and
Telecommunication 19 (4), 325–334.
Repenning, N.P., 2002. A simulation-based approach to understanding the dynamics of
innovation implementation. Organ. Sci. 13 (2), 109–127.
Rosenfeld, S.N., Rus, I., Cukier, M., 2007. Archetypal behavior in computer security.
J. Syst. Software 80 (10), 1594–1606.
Sarriegi, J.M., Santos, J., Torres, J.M., Imizcoz, D., Plandolit, A.L., 2006. Modeling
security management of information systems: analysis of a ongoing practical case. In:
The 24th International Conference of the System Dynamics Society. Nijmegen, The
Netherlands.
Schmidt, K., Tr¨
oger, P., Kroll, H.-M., Bünger, T., Krueger, F., Neuhaus, C., 2014. Adapted
development process for security in networked automotive systems. SAE
International Journal of Passenger Cars-Electronic Electrical Systems 7, 2014-01-
0334.
Schumpeter, J.A., 1939. Business Cycles. McGraw-Hill, New York.
Seebruck, R., 2015. A typology of hackers: classifying cyber malfeasance using a
weighted arc circumplex model. Digit. Invest. 14, 36–45.
Shabanpour, R., Shamshiripour, A., Mohammadian, A., 2018. Modeling adoption timing
of autonomous vehicles: innovation diffusion approach. Transport. Res. Part A:
Policy 45 (6), 1607–1621.
Sheehan, B., Murphy, F., Mullins, M., Ryan, C., 2019. Connected and autonomous
vehicles: a cyber-risk classication framework. Transport. Res. Pol. Pract. 124,
523–536.
Smith, E., 2013. The goals and benets of network modelling in a commercial
environment. Journal of telecommunications and information Technology (1),
25–31.
Sommerlatte, T., Deschamps, J.-P., 1985. Der strategische Einsatz von Technologien
Konzepte und Methoden zur Einbeziehung von Technologien in die
Strategieentwicklung des Unternehmens. In: Management im Zeitalter der
strategischen Führung. Springer, pp. 37–76.
Spadafora, A., 2019. Teach employees these cybersecurity habits to reduce human error.
TechRadar. https://www.techradar.com/news/90-percent-of-data-breaches-a
re-caused-by-human-error. (Accessed 12 March 2022).
Stanford, J., 2015. Possible Futures for Fully Automated Vehicles: Using Scenario
Planning and System Dynamics to Grapple with Uncertainty. Massachusetts Institute
of Technology.
Stasinopoulos, P., Shiwakoti, N., Beining, M., 2020. Use-stage life cycle greenhouse gas
emissions of the transition to an autonomous vehicle eet: a system dynamics
approach. J. Clean. Prod., 123447
Sterman, J., 2000. Business Dynamics: Systems Thinking and Modeling for a Complex
World McGraw Hill NY.
Tan, S.Y., Taeihagh, A., 2021. Adaptive governance of autonomous vehicles: accelerating
the adoption of disruptive technologies in Singapore. Govern. Inf. Q. 38 (2), 101546.
Tan, H., Choi, D., Kim, P., Pan, S., Chung, I., 2017. Comments on “dual authentication
and key management techniques for secure data transmission in vehicular ad hoc
networks”. IEEE Trans. Intell. Transport. Syst. 19 (7), 2149–2151.
Tesla, 2018. "Future of driving, ," inc., san carlos, CA, USA. http://www.tesla.
com/model3. (Accessed 12 March 2022), 2018.
TrendMicro, 2020. Threat reports. Trends Microbiol. https://www.trendmicro.com/vi
nfo/us/security/research-and-analysis/threat-reports. (Accessed 12 March 2022).
Tu, H., Xia, Y., Wu, J., Zhou, X., 2019. Robustness assessment of cyber–physical systems
with weak interdependency. Phys. Stat. Mech. Appl. 522, 9–17.
Valencia Arias, A., Obando Montoya, L., 2012. Aproximaciones a la validaci´
on en
din´
amica de sistemas. Puente. Revista Cientíca.
Van Leeuwen, B., Urias, V., Eldridge, J., Villamarin, C., Olsberg, R., 2010. Cyber security
analysis testbed: combining real, emulation, and simulation. In: 44th Annual 2010
IEEE International Carnahan Conference on Security Technology. IEEE,
pp. 121–126.
Veksler, V.D., Buchler, N., Hoffman, B.E., Cassenti, D.N., Sample, C., Sugrim, S., 2018.
Simulations in cyber-security: a review of cognitive modeling of network attackers,
defenders, and users. Front. Psychol. 9, 691.
Vicroads, 2021. Connected and automated vehicle technology. Vicroads. https://www.vi
croads.vic.gov.au/safety-and-road-rules/vehicle-safety/automated-and-connected-v
ehicles/grants-trials-and-partnerships. (Accessed 22 July 2022).
Vimmerstedt, L.J., Bush, B.W., Peterson, S.O., 2015. Dynamic Modeling of Learning in
Emerging Energy Industries: the Example of Advanced Biofuels in the United States.
NREL (National Renewable Energy Laboratory (NREL).
Ward, D., Ibarra, I., Ruddle, A., 2013. Threat analysis and risk assessment in automotive
cyber security. SAE International Journal of Passenger Cars-Electronic Electrical
Systems 6, 507–513, 2013-01-1415.
Wilson, M., Hash, J., 2003. Building an information technology security awareness and
training program. NIST - Spec. Publ. 800 (50), 1–39.
Yan, C., Xu, W., Liu, J., 2016. Can you trust autonomous vehicles: contactless attacks
against sensors of self-driving vehicle. DEF CON 24.
Yoo, J.D., et al., 2020. Cyber attack and defense emulation agents. Appl. Sci. 10 (6),
2140.
Zhang, X., Tsang, A., Yue, W.T., Chau, M., 2015. The classication of hackers by
knowledge exchange behaviors. Inf. Syst. Front 17, 1239–1251.
Shah Khalid Khan is a Postdoctoral Research Fellow at RMIT University’s Centre for
Cyber Security Research and Innovation, specializes in system-level cybersecurity for
complex Automated Vehicles. His research assesses the interplay among technical aspects,
regulations, and human factors, evaluating the long-term impacts of CPSs/IoTs. Shah is
actively involved in teaching at RMIT, supervising capstone projects, and has a strong
interdisciplinary research background with publications in top journals and conferences,
presentations at industry conferences, accelerated citations, and ongoing patent registra-
tions. He has received prestigious awards, including the "Young Researcher David Willis
Award" and the "Austrafc Worldwide Learning Opportunity Award, and prestigious
reserch grants such as Australia space cybersecurity challenges, anticipated readiness, and
future directions." Before academia, Shah had an eight-year career in the information and
communication industry, advancing from a eld engineer to a team leader through
extensive knowledge and experience in communication networks and intelligent data
analysis.
A. Professor Nirajan Shiwakoti is an associate professor at RMIT University with a
specialisation in sustainable transport and logistics systems. He is also the program di-
rector of the Sustainable Systems Engineering Program at RMIT. He is a key founding
member of the Cyber-Physical and Autonomous Systems (CPAS) research group at RMIT
and leads the Intelligent Transport and Mobility Systems research theme at CPAS. He has
over 180 publications in this eld.
Dr Peter Stasinopoulos is a Senior Lecturer at RMIT University. His research interests
include systems analysis and optimisation and sustainable development.
Dr.Yilun Chen is a senior consultant working in department of transport NSW, Australia.
His research focuses on the adoption of Automated Vehicles and leading researcher in his
domain.
S.K. Khan et al.
Transport Policy 162 (2025) 47–64
63
Professor Matthew Warren is an experienced, proven cyber security and academic
leader. He is the Director of the RMIT University Centre for Cyber Security Research and
Innovation (RMIT CCSRI) and was formally the Deputy Director of the Deakin University
Centre for Cyber Security Research. He is a prolic and passionate cyber security
researcher and has authored and co-authored over 300 books, book chapters, journal
papers, and conference papers. He is the recipient of the ’Cyber Security Researcher of the
Year Award’ from AISA in 2020 and a recipient of an ACS Presidents award for his Cyber
Security contribution.
S.K. Khan et al.
Transport Policy 162 (2025) 47–64
64
