Matthew Warren’s research while affiliated with University of Johannesburg and other places

What is this page?


This page lists works of an author who doesn't have a ResearchGate profile or hasn't added the works to their profile yet. It is automatically generated from public (personal) data to further our legitimate goal of comprehensive and accurate scientific recordkeeping. If you are this author and want this page removed, please let us know.

Publications (44)


Graphical Abstract
visualisation of scenarios simulated for CAVs cybersecurity assessment.
Cyber-safety assessment: Baseline vs. Criminology theory maturity
Cyber-safety assessment: Baseline vs. CAVs user and OEMs education
Cybersecurity Framework for Connected and Automated Vehicles: A Modeling Perspective
  • Article

March 2025

·

18 Reads

·

2 Citations

Transport Policy

·

·

Peter Stasinopoulos

·

[...]

·

Matthew Warren

Connected and Automated Vehicles (CAVs) cybersecurity is an inherently complex, multi-dimensional issue that goes beyond isolated hardware or software vulnerabilities, extending to human threats, network vulnerabilities, and broader system-level risks. Currently, no formal, comprehensive tool exists that integrates these diverse dimensions into a unified framework for CAV cybersecurity assessment. This study addresses this challenge by developing a System Dynamics (SD) model for strategic cybersecurity assessment that considers technological challenges, human threats, and public cybersecurity awareness during the CAV rollout. Specifically, the model incorporates a novel SD-based Stock-and-Flow Model (SFM) that maps six key parameters influencing cyberattacks at the system level. These parameters include CAV communication safety, user adoption rates, log file management, hacker capabilities, understanding of hacker motivations (criminology theory maturity), and public awareness of CAV cybersecurity. The SFM's structure and behaviour were rigorously tested and then used to analyse five plausible scenarios: i) Baseline (Technological Focus Only), ii) Understanding Hacker Motivations, iii) CAV User and OEM Education, iv) CAV Penetration Rate Increase, and v) CAV Penetration Rate Increase with Human Behavior Analysis. Four metrics are used to benchmark CAV cybersecurity: communication safety, probability of hacking attempts, probability of successful defence, and number of CAV adopters. The results indicate that while baseline technological advancements strengthen communication framework robustness, they may also create new vulnerabilities that hackers could exploit. Conversely, a deeper understanding of hacker motivations (Criminology Theory Maturity) effectively reduces hacking attempts. It fosters a more secure environment for early CAV adopters. Additionally, educating CAV users and OEM increases the probability of defending against cyberattacks. While CAV penetration increases the likelihood of hack defence due to a corresponding rise in attempts, there is a noticeable decrease in hacking attempts with CAV penetration when analysing human behaviour. These findings, when translated into policy instruments, can pave the way for a more optimised and resilient cyber-safe ITS.


Cybersecurity Regulations for Automated Vehicles: A Conceptual Model Demonstrating the "Tragedy of the Commons"
  • Article
  • Full-text available

January 2025

·

39 Reads

Transportation Research Procedia

The integration of various stakeholders in the advancement of Automated Vehicles (AVs) has given rise to a range of technical, legal, and social challenges. Among these challenges, deterring cyber-criminal activities through the implementation of robust cybersecurity protocols and regulations stands out as the most urgent. Although individual stakeholders possess a solid understanding of cybersecurity regulations, there is a lack of a comprehensive decision-making tool that can dynamically visualise the macro-level implications of the AVs Cyber Regulatory Framework (CRF) among Intelligent Transportation System (ITS) stakeholders. To bridge this knowledge gap, this study employs the Causal Loop Diagram (CLD) to dynamically evaluate the progress of interdisciplinary ITS stakeholders in cyber-regulatory advancements. The CLD framework formulates the "tragedy of the commons" system archetype, wherein stakeholders prioritise their self-interests in enhancing cybersecurity, making decisions based on their specific needs without fully considering the potential consequences for others, AV adoption, and the long-term implications for CRF. The findings highlight three key leverage points for decision-makers to focus on. Firstly, establishing a CRF grounded in automakers' innovation is crucial. Secondly, sharing risks and addressing negative externalities associated with underinvestment and knowledge asymmetries in cybersecurity are essential. Lastly, capitalising on the vast amount of AV-generated data in AV operations and urban planning holds significant potential. Moreover, achieving an effective CRF requires striking a delicate balance among four factors: i) managing the limitations on data accessibility for AV automakers and ITS service providers; ii) establishing appropriate thresholds for regulatory command and control; iii) ensuring the safeguarding of automakers' business investments; and iv) protecting consumers' data privacy.

Download

Space cybersecurity challenges, mitigation techniques, anticipated readiness, and future directions

December 2024

·

23 Reads

·

2 Citations

International Journal of Critical Infrastructure Protection

Space Cybersecurity (SC) is becoming critical due to the essential role of space in global critical infrastructure – enabling communication, safe air travel, maritime trade, weather monitoring, environmental surveillance, financial services, and defence systems. Simultaneously, involving diverse stakeholders in space operations further amplifies this criticality. Similarly, previous research has identified isolated vulnerabilities in SC and proposed individual solutions to mitigate them. While such studies have provided useful insights, they do not offer a comprehensive analysis of space cyber-attack vectors and a critical evaluation of the effectiveness of mitigation strategies. This study addresses this problem by holistically examining the scope of potential space cyber-attack vectors, encompassing the ground, space, user, cloud, communication channels, and supply chain segments. Furthermore, the study evaluates the effectiveness of legacy security controls and frameworks and outlines SC-vector-aligned counterstrategies and mitigation techniques to tackle the unique SC threats. Based on the analysis, the study proposes future research directions to develop and test advanced technological solutions and regulatory and operational frameworks to establish international standards policies and foster stakeholder collaboration. The study contributes a multi-disciplinary foundation and roadmap that researchers, technology developers, and decision-makers can draw on in shaping a robust and sustainable SC framework.


Driving a safer future: Exploring cross‐country perspectives in automated vehicle adoption by considering cyber risks, liability, and data concerns

August 2024

·

26 Reads

·

3 Citations

There is a significant lack of comprehensive research that systematically examines public perceptions of liability (related to cyber risks), consumer data, and how these factors influence the adoption of automated vehicles (AVs). To fill this knowledge gap, the authors' research used a survey of 2062 adults across Australia, New Zealand, the UK, and the US to develop a scale for Liability, Data concerns, Data sharing and Patching and updates. This analytical approach employed various statistical methods to analyze the data (summarizing, finding patterns, measuring relationships). The results indicate that 70% of respondents express concerns about AV liability based on cyber risks, highlighting a significant level of liability anxiety. Individuals with high liability concerns also exhibit heightened concerns about AV data, are less comfortable sharing AV data, and display lower intent to adopt AVs. Conversely, individuals comfortable with data sharing are more willing to engage in patching and express a greater intent to adopt AVs. Interestingly, individuals with AV data concerns do not exhibit a negative correlation with their intent to adopt AVs. Additionally, those willing for patches also show a stronger intent to adopt AVs, challenging the notion that software updates hinder AV adoption.


Navigating the Cyber Front: Belarus' State Control and Emerging Cyber Threats

June 2024

·

296 Reads

European Conference on Cyber Warfare and Security

This paper provides a comprehensive overview of the cyber landscape in Belarus, with a focus on the Belarus government's use of cyber activities from an offensive and defensive context, the emergence of opposition cyber activities, and the broader implications for cybersecurity and legal compliance. In the course of the research, researchers try to assess Belarus as a source of cyber-threats, both domestically and to neighbouring states (especially those supporting Ukraine). The first section of the paper outlines the Belarusian government's engagement in cybercrimes against its citizens, especially under President Lukashenko's regime, highlighting extensive online surveillance, repression, and the escalation of these activities following the 2020 presidential elections. In this political context, Belarus is also examined as a country initiating and/or contributing to Information Warfare activities, which are mainly directed at western countries. The second section of the paper delves into Belarus's cybersecurity legal framework, examining various national strategies and concepts, the absence of a formal cybersecurity strategy, and the focus on 'information security' as part of national security. The third section presents case studies of cyber activities in Belarus, contrasting government-backed hacking efforts with those of opposition groups like the Belarus Cyber Partisans. It explores the Partisans' attacks on state infrastructure and information leaks as a form of protest against the government, and the pro-government hackers' disinformation / information campaigns website defacements, and data breaches, particularly targeting Ukraine. This section highlights the evolving nature of cyber conflict in Belarus, where both government and opposition forces use cyber tools for political ends, reflecting broader geopolitical tensions in the region. This part of the report compares the Belarusian pro-government hacktivist and Cyber Partisans groups, their activities and manifestations within the country (inside), as well as the cyber threats they pose to foreign countries. The article attempts to answer the question of what kind of threat Belarus as a country poses in the context of cybersecurity, hybrid-cyber threats. This country is often included in Russian hybrid-cyber threats strategies, Belarus entities also work with Russian and sometimes Chinese groups in undertaking cyber activities against other countries.



Exploratory factor analysis for cybersecurity regulation and consumer data in autonomous vehicle acceptance: Insights from four OECD countries

May 2024

·

74 Reads

·

7 Citations

Transportation Research Interdisciplinary Perspectives

No study has systematically investigated the public's perceptions of cybersecurity regulation, data generated by Autonomous Vehicles (AVs), and their relationship with the acceptance of AVs. To fill this knowledge gap, we conducted an exploratory study on public perceptions of cybersecurity regulation and consumer data in AVs acceptance by surveying nationally representative individuals from four OECD countries (US, UK, Australia, and New Zealand). A total of 2062 responses collected from the survey underwent Exploratory Factor Analysis (EFA) to examine constructs such as Cybersecurity Regulation, Data Sharing, Data Usage, Data Concerns, and intention to use AVs. Correlation analysis further explored the relationships between these constructs, while Mann-Whitney U and Kruskal-Wallis H tests assessed the significance of differences across participant groups. The empirical findings indicate that 80% of respondents agreed on the necessity of cybersecurity regulation for AV operations, with 67% perceiving it as a means to enhance AV safety. Surprisingly, 66% supported cybersecurity regulation despite the potential risk of exposing their personal information. Individuals who are more willing to share AV data also expressed a higher likelihood of using AVs. Furthermore, those who agreed more with cybersecurity regulations were more inclined to be compensated for their data transmission while expressing concerns about data storage and processing. Moreover, around 53% of participants feel they should be compensated for sharing their AV data, with 68% expressing concern about AVs' data storage and processing and 71% supporting the destruction of AV data post-sale. Regarding data privacy concerns, “In-vehicle Private Conversation” draws notable attention, rated very important or extremely important by 64% of the participants. The findings highlight the importance of cybersecurity regulation, data sharing, and data concerns in shaping individuals' intentions to use AVs, as well as the influence of socio-technological attributes.


Security concerns influencing the adoption of cloud computing of SMEs: a literature review

January 2024

·

128 Reads

·

11 Citations

In recent times, security issues have been raised as a key factor impacting the adoption of cloud computing by organizations. While adopting cloud computing is known to be cost-effective, agility and scaling for small and medium-sized enterprises (SMEs), there is hesitation amongst SMEs for adopting such technologies. By conducting an extensive review of the literature, this paper examines and identifies the security factors that influence cloud computing adoption specifically by SMEs. The literature review focused on papers published in the last ten years related to the security requirements and associated cloud computing adoption factors. The analysis highlighted various security-related factors that influence the decision by SMEs to adopt cloud computing. In addition, it was identified that these security factors depend upon the external environmental factors, socio-technical issues such as cloud security trust, legal and regulatory compliance.


Cybersecurity Issues and Practices in a Cloud Context: A Comparison Amongst Micro, Small and Medium Enterprises. Full research paper

January 2024

·

121 Reads

·

2 Citations

The advancement and the proliferation of information systems among enterprises have given rise to understanding cybersecurity. Cybersecurity practices provide a set of techniques and procedures to protect the systems, networks, programs and data from attack, damage, or unauthorised access. Such cybersecurity practices vary and are applied differently to different types of enterprises. The purpose of this research is to compare the critical cybersecurity threats and practices in the cloud context among micro, small, and medium enterprises. By conducting a survey among 289 micro, small and medium-sized enterprises in Australia, this study highlights the significant differences in their cloud security practices. It also concludes that future studies that focus on cybersecurity issues and practices in the context of cloud computing should pay attention to these differences.


Social Media Trolling: An fsQCA Approach

January 2024

·

53 Reads

IFIP Advances in Information and Communication Technology

The rise of online social media has fostered increasing instances of deviant online behaviour. One of the most lethal is collective bullying i.e., trolling, which has severe impacts including suicides of victims. Yet, it remains a mystery what kind of factors lead social media users to engage in trolling. To explain social media trolling, we contextualized concepts from deindividuation theory. Using fuzzy-set qualitative comparative analysis technique to analyse survey data from 337 Facebook users, three configurations explaining social media trolling have been developed. The results suggest that social media affordances and deindividuation states together give rise to trolling. Our results offer theoretical and practical implications.


Citations (27)


... Security and Privacy Metrics[7] ...

Reference:

DIGITAL TRANSFORMATION IN THE AUTOMOBILE INDUSTRY: A TECHNICAL ANALYSIS OF CUSTOMER SUCCESS ENHANCEMENT
Cybersecurity Framework for Connected and Automated Vehicles: A Modeling Perspective
  • Citing Article
  • March 2025

Transport Policy

... The potential consequences of cyber risks may include tampering, damage, or privacy breaches of sensitive information, such as consumers' personally identifiable information (PII): names, addresses, phone numbers, credit card information, identity documents, and airline travel history. Additionally, network disruptions could severely impact normal airline operations, potentially causing irreparable harm to aircraft navigation systems [4]. Internal threats from deliberate or inadvertent employee data leaks further compound cybersecurity concerns [5]. ...

Space cybersecurity challenges, mitigation techniques, anticipated readiness, and future directions
  • Citing Article
  • December 2024

International Journal of Critical Infrastructure Protection

... Cybersecurity experts tend to adopt more proactive and strategic approaches to online security compared to non-experts, leveraging their advanced knowledge and experience to mitigate risks effectively [51]. Social factors and cognitive biases affect cybersecurity perceptions and behaviours, with individuals often making mistakes in understanding risks and overestimating their group's abilities [52,53]. Furthermore, divergent viewpoints on cybersecurity exist within groups, ranging from best practices to poor behaviours, highlighting the need for targeted educational interventions in both public and private sectors [54]. ...

Driving a safer future: Exploring cross‐country perspectives in automated vehicle adoption by considering cyber risks, liability, and data concerns

... Airline cybersecurity encompasses a set of practices, policies, and procedures designed to protect systems and data from unauthorised access, use, disclosure, disruption, modification, or destruction [7,8]. Its specific focus lies in safeguarding the PIIs of both passengers and employees [9,10]. ...

The impact of perceived cyber-risks on automated vehicle acceptance: Insights from a survey of participants from the United States, the United Kingdom, New Zealand, and Australia
  • Citing Article
  • May 2024

Transport Policy

... Research by Hadlington [48] suggests that older individuals tend to demonstrate lower levels of cybersecurity awareness and engagement, which may be attributed to limited exposure to digital environments and slower adoption of new technologies compared to younger cohorts. Additionally, Khan and Shiwakoti [49] highlight that in the context of consumer perceptions related to socio-demographic and technological attributes, older participants who have a middle income and low to middle levels of education but possess high cybersecurity knowledge and understanding of autonomous vehicles exhibit heightened anxiety about cyberattacks targeting these vehicles. Conversely, some studies suggest that demographic factors may not consistently influence cybersecurity awareness. ...

Exploratory factor analysis for cybersecurity regulation and consumer data in autonomous vehicle acceptance: Insights from four OECD countries

Transportation Research Interdisciplinary Perspectives

... Established SMEs differ from the other company types due to their focus on geographical and functional niche markets, which they dominate with traditional products (Fabian et al., 2023), prioritizing core business optimization. Their flat hierarchies and short communication channels enable swift decision-making and rapid implementation of management decisions across the organization (Nagahawatta et al., 2021). As a result, organization-wide changes spread throughout the company instead of diffusing through the organizational layers. ...

Security and Privacy Factors Influencing the Adoption of Cloud Computing in Australian SMEs

... The evolving technology landscape requires new competencies. For example, migration to the cloud is gaining momentum among MBs, but it also brings new challenges (Nagahawatta et al., 2021). MBs now need to understand what risks are being transferred to the cloud service provider, what capabilities are available to them in the cloud, and how to integrate the cloud capabilities with their traditional aspects of the business. ...

Cybersecurity Issues and Practices in a Cloud Context: A Comparison Amongst Micro, Small and Medium Enterprises. Full research paper

... Yet, there are worries about cloud computing's security, especially in the distributed denial-of-service (DDoS) attacks. This paper will discuss how DDoS attacks affect Sri Lankan SMEs when adopting to the cloud environment [1]. ...

Security concerns influencing the adoption of cloud computing of SMEs: a literature review

... Different facets of the CRF can enable regulatory advancements [39]. Data protection regulations, for instance, ensure the safe handling of personal and vehicle data, which can address privacy risks and foster trust among consumers, ultimately encouraging broader adoption of AVs [40], subsequently establishing a regulatory environment that incentivises responsible development within the automaker industry. ...

Cybersecurity regulatory challenges for connected and automated vehicles – State-of-the-art and future directions

Transport Policy

... These incidents can disrupt the provision of basic services (water, electricity, health care and mobility services). Štitilis [11] observes that "the globalization of electronic space has created unprecedented opportunities to commit crimes from any point in the world, where there is Internet and threats in electronic space are not only for individuals for consumers, but also for remote countries". ...

Cyber Lessons that the World Can Learn from Lithuania

European Conference on Cyber Warfare and Security