Secure Operations of Connected and Autonomous Vehicles

With features of collaborative interaction and autonomous decision-making, connected and autonomous vehicles (CAVs) offer a viable solution for a sustainable and efficient future of transportation. However, with the development of CAVs, questions have been raised about weaknesses in cybersecurity and autonomous driving capabilities. In particular, CAVs provide new opportunities for cyberattackers, posing a significant threat to future road and vehicle data security. Therefore, this paper provides a comprehensive analysis of the cybersecurity environment of CAVs. First, we propose a systematic classification of six security threats from cybersecurity principles: false data, information theft, privilege escalation, block communication, and time delay. We review the cybersecurity environment of CAVs from a lifecycle perspective, covering aspects from development to accident, and present the existing cybersecurity countermeasures. These involve security standards designation, verification and validation of vehicle networks, resilient strategies for self-defined driving, and attack detection and digital forensics. Finally, based on our systematic review, we propose a conceptual vehicle security operations center (VSOC) framework that provides valuable inspiration and references for future research and industrial applications for CAVs cybersecurity.