Towards a Severity Assessment Method for Potential Cyber Attacks to Connected and Autonomous Vehicles

,


Introduction
Connected and autonomous vehicle (CAV), as a subset of the Intelligent Transportation System, makes use of different hardware, e.g., electronic control units (ECUs) and sensors, software, e.g., entertainment system and decision-making units, and data fused from multiple sources to conduct driving tasks with different levels of automation. With these components, CAVs could not only drive without human involvement but also communicate with surroundings to navigate and take appropriate reactions. e automation of CAVs is supported by the sensors installed around the vehicle body which gather information of surrounding environments to make decisions. e connectivity is achieved by the communication with other vehicles, infrastructures, and pedestrians on the road to navigate and take relevant reactions.
Currently, a large number of companies investigate and focus on the research and development of CAVs. In China, one of the biggest IT companies Baidu released an open source autonomous driving platform named Apollo, aiming to address the challenging issues of precise sensing and decision-making [1]. In USA, Tesla released their Autopilot for assistant driving and Summon system for assistant parking in 2015 and 2016, respectively [2]. e latest news on Tesla official website [3] introduces the enhanced Autopilot system, which supports autonomous driving in certain scenarios such as highways. Google is also a leading player in connected and autonomous driving. Its subcompany Waymo, set up in 2009, has been focusing on the research and development of CAVs and finished more than 2 million miles road test [4]. Taxi-hailing company Uber also tests their own CAVs on public roads in Arizona [5]. In Europe, traditional vehicle manufactures including Audi and Mercedes Benz also announce their initiatives on CAVs. Audi already conducted 550 km on-road test, based on their own autonomous vehicle "Jack" [6]. Mercedes Benz started to develop CAVs in 1980s; now, their latest S-class Benz vehicles completed 100 km road trials in Germany [7].
To accelerate the CAV development, governments also publish relevant regulations and principles. In USA, regulations and laws on CAV are built at the state level [8]. Chinese government also released a ten-year plan "Made in China 2025" plan, which aims to master the key CAV technologies by 2025 [9]. In addition, Chinese government launched an abundance of CAV demonstration projects and set up Jiading district in Shanghai as the first public test field for CAVs [10]. Moreover, CAV competitions among academic organizations have been held successfully several times around the world. ese include the US DARPA Urban Challenge in 2007 and DARPA Grand challenge in 2004 [11]. In China, the Future Challenges of Intelligent Vehicles competition has been held since 2008, sponsored by the National Natural Science Foundation of China [12]. With the participation of an increasing number of research organizations, these competitions not only provide platforms for researchers to communicate but also raise public interests on CAV developments. According to a survey conducted by Boston Consulting Group, 55% of public would like to try an autonomous vehicle or even buy one [13].
However, all the CAV research works mentioned above focus on the functions of either automation or connectivity. e cyber security of CAVs is not being sufficiently addressed. As a fundamental part of the CAV development, cyber security plays a crucial role on the function safety of CAVs, which will influence public trust and CAV commercialization directly. According to the newly released UK CAV Cyber Security Principles [14], CAV cyber security should be considered at the early stage of CAV development from the design phase, based on which the whole supply chain could then prevent CAVs from cyber security risks and issues in the following phases.
Comparing to traditional networks, mobile network or traditional automobile network, CAV cyber security has specific characteristics including large amount of data, complex functions, and fatal consequences, as shown in Table 1. ese differences indicate that the cyber security of CAVs should be considered specifically and in different ways compared to the cyber security strategies in traditional networks or automobile networks. e main aim of this paper is to investigate different potential cyber attack points of CAV. e specific characteristics of CAV are analysed and potential attack points of CAV are listed. e authors also present new criteria to evaluate the potential attacks to CAVs. e severity of each attack is then analysed and mitigation methods are then suggested.
e main contributions of this paper are listed as below: (1) Definitions and categorization of all the potential attacks for CAVs: the attack categories cover both the autonomous elements such as the in-vehicle system and sensors on the vehicles, and the connected parts or functions such as V2X communication in CAVs. e paper also identifies the gaps and the limitations of current studies. For example, there is a lack of research and developments on cyber security for the connectivity elements of CAVs. In addition, those papers in the literature discussing the attacks to CAVs focus on only some specific attack types. e missing types of attacks require further research. By defining the initial set of all potential attacks to CAVs within a structured category and of different severities, additional unexpected new attacks to CAVs could be added in the future research. at is, the categories of the potential attacks and criteria apply to new attacks; thus, the set of attacks is extendable to include new attacks.
(2) A new severity assessment on potential attacks to CAVs: the assessment criteria used in engineering and information technology are adopted to define the criteria suitable for assessing CAVs attacks. is is a new adoption of such criteria assessing the severity of different CAV attacks. (3) A new categorization of mitigation methods to CAV attacks: the recovery and protection mechanisms are key issues in cyber security of CAVs. Defining mitigation methods presents guidance to future research, including intrusion detection or encryption to protect the overall CAV systems. e mitigation category method categorizes the mitigation methods into prevention, production, acceptance, transference, and contingency. With the establishment of test environments, this categorization could be adopted to respond to different attacks. e paper is structured as follows. Section 2 introduces the related works on cyber security in CAVs and also the related subject of Vehicular Ad hoc Network. Section 3 then describes the methodology to define different criteria to assess the risk of different attacks. In Section 4, the potential cyber attacks are listed to analyse each of their severity with the criteria listed in Section 3. Mitigation methods of cyber security attacks on CAVs are then recommended in Section 5. Section 6 summarizes the paper and discusses the future challenges faced by CAV cyber security research.

Related Work
e SAE International defined "driving automation" as that the system could conduct part of or all DDT (Dynamic Driving Tasks) continuously [20]. DDT are defined as three different levels by the SAE J3061 standard, namely, operational functions, tactical functions, and strategic functions. e relations of these three functions are illustrated in Figure 1. Operational functions include basic motion control such as lateral and longitudinal motion controls. Tactical functions include all the operational functions plus OEDR (Object and Event Detection and Response). In the current DDT performance, the strategic functions such as destination and waypoint planning are not included. e response by either users or the system to perform DDT when a system failure happens is defined as DDT fallback by SAE International. ODD (Operational Design Domain) is considered as the driving system which requires a specific running environment including environmental, geographical, or time restrictions. For example, some autonomous driving vehicles only operate in a closed environment [21], which indicates that the vehicle is still designed under a limited ODD. Based on the DDT performance, DDT fallback, and ODD, SAE International then defines the vehicle automation into 6 different levels, as shown in Table 2.
Besides the automation taxonomy, there are attempts to discuss CAV cyber security. In [22], the authors discussed the possible cyber security attacks on autonomous vehicles. After listing all the possible attacks, the authors then provided mitigation solutions to each attack. It is recommended that it is important to keep sufficient redundancy in autonomous vehicles. Sufficient sensor data could help vehicles to know the surroundings and positions. Among all these attacks, they believed that GNSS spoofing and fake message injection are the most threatening risks, both of which will threaten passengers' lives. It is believed that antispoofing hardware and authentication methods are needed in autonomous vehicles.
In [23], the authors discussed cyber security in connected vehicles and believed that the vehicles would be more vulnerable with the increasing connectivity.
is paper described the possible attack scenarios including USB update attacks, communication attacks, and malicious application installation. A system using machine learning methods is then built to detect the anomaly behaviours in CAN-Bus (Controller Area Network) and the operating system.
In [24], the authors attempted to use the categories of cyber security in computer science to describe the possible attacks in CAVs. e possible attacks are divided into passive attacks and active attacks. e passive attacks are easy to prevent but difficult to detect, while the active attacks are easy to detect but difficult to prevent. Feasible mitigation methods including authentication and encryption were recommended.
In [25], the authors assumed that connected vehicles are similar to all the Internet devices and cyber security should be considered as a fundamental part of their development. e authors then discussed the potential cyber attacks on V2I (Vehicle-to-Infrastructure) Communication and proposed a novel cyber security architecture called CVGuard to detect the attacks in V2I. e CVGuard reduced 60% DDoS (Distributed Denial of Service) attacks which might cause vehicle conflicts.
In [19], it is pointed out that modern cars are already new targets for hackers. Engines, doors, and brakes could all be possible vulnerable points. In addition, nowadays, the attackers do not need to approach the target vehicle physically. All the vehicles in the communication range could be hacked. e authors also listed OBD (On-Board Diagnostics) threat, DSRC communication, Malware, and

Compared to traditional vehicles
Compared to computer network/mobile network 1. ere are more ECUs and more codes in CAVs [15], which means more data to be processed 1. In addition to information leakage, cyberattacks to CAVs could cause physical damage or even fatal injuries 2. ere are multiple communication protocols in CAVs, such as CAN [16], 5G, and DSRC [17]; different communication protocols lead to multiple data formats, which require more preprocessing time 2. CAVs require higher detection accuracy as well as shorter data processing time; in the Europe Metis project, the latency is expected to be less than 5 ms and the accuracy is expected to be 99.999% when transmitting a 1600 bytes data package [18] 3. ere are more connected functions, meaning the number of potential attack points is also increasing [19] 3. e application scenarios are more complicated; CAVs are more likely to drive in unregulated areas such as parking lots, highways, and rural areas  automobile apps as the most vulnerable parts on vehicles. e authors then offered the solutions to address the cyber security issues including OTA solution, cloud based solution, and layer-based solution.
ere are also research attempts in simulation environments to examine the influence of cyber attacks to CAVs. In [26], simulated slight attacks were made to study longitudinal safety of CAVs, i.e., on the positions and speed via GPS communications. An empirical model named PATH CAV from a field test [27,28] and a RCRI (Rear-end Collision Risk Index) based on stopping distance was used to evaluate the safety. e authors found that the slight attacks to the CAV positions are severer than they are to the speed. e slight cyber attacks will also make severer impacts on decelerating than accelerating. In addition, the slight attacks to multiple CAVs are more dangerous than attacks of higher severity to fewer number of vehicles. is research will help to find a more efficient mitigation method to the attacks to V2V communications.
In [29], four possible attack points of the vehicle have been discussed, including signal controllers, vehicle detectors, roadside units, and onboard units. e focus was on the attacks to infrastructures. e authors attacked the traffic signal control systems by sending spoofed data, which showed to increase the delay. Some attacks in the experiments also showed to cause severe congestion. Based on the attacks, an approach was devised to identify this kind of attacks by analysing the attack locations, which helps to design a more stable transportation network.
As a fast emerging research topic, CAV cyber security has just started attracting increasing research attention. In addition to the limited research on cyber security in CAVs, research on VANET (Vehicular Ad hoc Networks) may contribute to the research on the connected functions of CAVs. VANET uses V2V communication and V2I communication to help vehicles gathering traffic information [30], while CAVs extend the boundaries to the wider V2X (Vehicle-to-Everything) communications.
VANET is a mobile ad hoc network, where the vehicles are the mobile nodes [31]. In [31], the authors listed the possible privacy and security challenges to the safety of VANET including the attacks on confidentiality, integrity, or data trust. ey claimed that encryption is important to VANET. In [32], the authors concluded that VANET has three specific characteristics, which are frequent vehicle movement, time critical response, and hybrid architecture. Other attacks listed include bogus information, DoS attacks, Masquerade, and GPS spoofing. e authors also propose several mitigation methods including public key, certificate revocation approaches, and ID-based cryptography.
Research in [33] focused on threats and attacks to vehicular communication.
e authors built a three-layer framework and pointed out the potential threats and attacks to V2X communication such as remote communication protocols including DSRC or Bluetooth. It also suggested machine learning and block chain as countermeasures to detect attacks.
In the literature listed above, the majority of the researchers believe that cyber security is a fundamental part in CAV developments, which demands urgently more research and investigations. e majority of researchers agreed that the increasing connected and autonomous functions will increase the possibilities of cyber attacks. However, existing research mainly focused on the cyber security of autonomous functions. e potential attacks should be considered from both the autonomous and connected aspects. ere are attempts to discuss the most severe attacks, but there is a lack of systematic evaluation criteria in the literature. Some research discussed the mitigation methods including encryption or authentication, but there are still the needs of further investigations to identify comprehensive and systematic mitigation methods to categorized cyber attacks. Overall, the literature on CAV cyber security is limited and requires more investigation and research efforts. Awareness of cyber security in CAV should be raised as well.
is paper significantly extends the existing research by defining potential attacks to both connectivity and autonomy, as well as both in-vehicle and intervehicle potential cyber attacks. Moreover, severity evaluation criteria for cyber attacks are defined and the severity level of each attack is also evaluated based on the criteria defined in this paper. Corresponding mitigation methods are then suggested at the end. is research aims to raise cyber security awareness of consumers, OEMs, researchers, and manufactures and also present a starting point to develop the detection and prevention methods towards CAV cyber attacks.

Potential CAV Cyber Attack Criteria
e potential attack points or attack ports are analysed firstly. For each potential attack, the following criteria will then be adopted to assess its severity. e new CAV assessment criteria are defined based on the widely used formula in engineering risk assessment in different areas including transportation and infrastructure [34], information technology system [35], and civil aviation [36]: (1) e new assessment criteria evaluate three aspects of cyber attacks, namely, the asset of the possible attack targets, vulnerability of the possible risks to the attack targets, and threat of the possible consequences. As mentioned in Section 1, due to several key differences between traditional automobile network cyber security and CAV cyber security, some extra criteria are adapted to our new CAV cyber security assessment. For example, to evaluate the severity of the risk, the assessment criteria of CAVs should consider not only the level of information leakage but also the level of physical damage.

Asset of the Attacked Targets
(1) Asset name: in computer security, ISO/IEC 13335-1: 2004 defines that assets include all the hardware or software components on computers which are exposed to an attack target, e.g., a dataset and one piece of hardware or software code [37]. CAVs are equipped with a large number ECUs and sensors and are thus vulnerable to an abundance of possible attacks. More detailed assets will be explained in Section 4. (2) Asset importance: the importance of each asset is categorized into three levels: (a) Low: the breakdown of this asset will not affect the operational and tactical functions of the whole CAV system. In the SAE J3016 standard [20], operational functions include lateral and longitudinal vehicle motion control, including the most basic functions of starting, stopping, driving, and controlling [38]. e tactical functions include the OEDR as introduced in Section 2. (b) Medium: the breakdown of this asset might influence tactical functions of the vehicle, however would not have direct impacts on the operational functions. In addition, the asset function could be replaced or covered by other assets on the vehicle. For example, if cameras on CAV breakdown, the vehicle could still use other sensors to detect the surroundings. (c) High: the breakdown of this asset may cause damage to operational functions of the vehicle directly. For example, the in-vehicle system, which sends instructions to ECUs to maintain the vehicle speed or stop the vehicle in certain situations, is of high importance.

Vulnerability of the Attacked Targets
(1) Risk name: each asset may be exposed to more than one risk. is criterion assesses specific risks to each asset; more details are presented in Section 4.
(2) Difficulty of conduction: the difficulty of conducting an attack varies depends on its characteristics. Some attacks may require sufficient expertise from the attackers in specific areas such as GPS spoofing or fake identification. Some devices, such as GNSS satellites, are securely protected by the governments.
Hacking into these devices needs not only knowledge but also sufficient time and money. e difficulty of conduction is considered based on the knowledge, time, and budget needed and can be graded into three levels listed as below: (a) Low: attackers do not need to acquire relevant knowledge to conduct the attack or the target asset is easy to be obtained/bought on the market. e attack is not time consuming. (b) Medium: attackers only need to spend a short time (weeks/months) to learn the required knowledge. Hacking into the target asset needs to be purchased at a high price, or the hacking process is time consuming. (c) High: attackers need to have extensive knowledge on the target asset or need to spend years to learn relevant knowledge. e target asset is difficult to find in the market or costs an astronomical figure.
(3) Detection possibilities: this criterion defines the level of possibilities detecting attacks by the users or the CAV system. In computer science, the attacks are divided into two main categories, namely, passive attacks and active attacks [39]. Passive attacks do not interrupt the system but will monitor or eavesdrop it to access information. Active attacks will interrupt the system functions directly by methods such as injecting fake message. In general, passive attacks are difficult to detect but easy to defend, while active attacks are difficult to defend but easy to detect [24]. Although passive attacks may not cause harms on system functions, the information loss could also be a severe risk because CAVs will be the ultimate personal mobile device in the future [40], storing sensitive data including personal home address, contact numbers, and financial information. It is essential to evaluate the detection possibilities of different attacks. e levels of detection possibilities are categorized into three levels as listed below.
(a) Low: the attacks will not affect any function (whether operational or tactical functions) of the CAV system. It is difficult to detect the attack in normal use. e best solution is to prevent the attacks from happening in advance with encryption or authentication. (b) Medium: the attacks will not affect the operational functions of the CAV system so the users would not notice the attacks immediately. However, the attacks would affect some parts of the tactical or strategic functions. e system will detect the abnormal behaviour afterwards and warn users.
Journal of Advanced Transportation (c) High: the attacks will influence the operational function immediately so the users could notice them immediately. For example, if the vehicle suddenly stopped on the road, the users would notice the abnormal situation immediately. In addition, if the cameras around the vehicle breakdown, the system will notice this abnormal situation promptly.

Consequences of the Attacks
(1) Consequence name: to each possible risk, there may be more than one consequence. e consequences will be listed and then be analysed; more details are presented in Section 4.
(2) Severity of information leakage: information leakage has been a major cyber security issue in computer science. Information leakage attacks usually damage the confidentiality, integrity, and availability of the system [37]. e severity is based on the scale and importance of the leaked information.
(a) Low: the attack will not leak any private information. (b) Medium: the attack will leak nonconfidential personal information or unimportant information at a small scale. For example, the attacker may know the preference of the passenger on choosing routes or on the entertainment system. is type of information leakage will not cause further harm directly. (c) High: the attack will leak highly important confidential information such as the financial information, the home address, or the personal ID. With this information, the attackers could conduct further harmful actions to the victims.
In other situations, this information leakage would cause larger scale information leakage such as personal data stored in the cloud.
(3) Severity of physical damage: compared with traditional networks, cyber attacks to CAVs could lead to physical damage or even fatalities directly. Tesla vehicle has already caused fatalities on a straight road with good visibility and in a good weather [41]. On March 2018, an Uber autonomous vehicle struck and killed a pedestrian crossing the road in Arizona, USA [42]. e Uber test vehicle failed to detect the pedestrian in the environment of low visibility and failed to conduct any corresponding actions. As a large machine, CAV could cause hazards or even be exploited as a weapon. With the possible consequences, the severity of physical damage can be categorized as below.
(a) Low: the attacks are not likely to cause physical damage to human or other vehicles, and infrastructures (b) Medium: the attacks are likely to cause small hazards and damage to infrastructures or vehicles, but would not cause fatal injuries to people (c) High: the attacks have a high possibility to cause fatal injuries (4) Combined severity level: a method evaluating the combined severity is adapted from risk management in the information system [35]. In the information system, the risks are determined by the likelihood and impact. To determine the combined severity levels to CAVs, a new severity matrix is built based on the severity of information leakage and physical damage, as shown in Table 3. If the severity of information leakage and physical damage are at the same level, then the combined severity will be at the same level as well. However, considering its importance, if the severity of physical damage is high, the combined severity level will be high as well.
(5) Recovery time: this criterion evaluates the time needed to recover to normal situation after the attack has been detected.
(a) Low: after the detection, the damage caused by the attack can be fixed in a timescale of seconds (b) Medium: after the detection, the damage caused by the attack can be fixed in a timescale of minutes to hours (c) High: after the detection, the damage caused by the attack can be fixed in a timescale of hours to days Based on these criteria, possible attacks in different scenarios are analysed in Section 4. It should also be noticed that this paper aims to discuss the possible cyber security attacks to a full CAV (Level 5), where all the possible attacks could be conducted via wireless communication remotely. e physical access of attacks is not considered when evaluating the severity. ese criteria may not be comprehensive and exclusive, however could be further refined and extended. is research presents the initial attempt to define and rank the severity of possible attacks in CAV scenarios.
is also aims to encourage further research developments to raise public and CAV practitioners' awareness towards CAV cyber security.

Possible Attacks
In this section, possible attacks of CAVs are listed and categorized, as shown in Table 4. Following the criteria defined in Section 3, severity of each attack will be analysed. CAV developments concern mainly two streams of research, which are connectivity and automation, covering in-vehicle and intervehicle components. Detailed potential attacks will be analysed within these two streams.
Different autonomous levels may be exposed to different attacks of different possibilities. is paper focuses on the attacks to a fully automated vehicle (i.e., level 5) according to the SAE automation level [20]. Level 5 CAV is capable of all the DDT under all circumstances. It is also assumed that all the vehicles on the road are CAVs. In real-world situations, there will be a mix of CAVs of different automation and traditional vehicles for a certain period of time. In addition, it is known that CAVs will keep evolving and adapting more technologies. is paper only discusses attacks with existing CAV technologies. However, as the attacks are categorized on automation and connectivity in-vehicle and intervehicle, the list of possible attacks could be extended if new technologies are adapted to CAVs.

Automation in CAVs.
In the current CAV development, all the vehicles from different companies have installed multiple sensors. e mainstream sensors include LiDAR, Radar, and camera [43,44]. For example, Google Waymo vehicles are installed with a 360 degree camera on the roof as the vision system and several LiDAR sensors and Radar sensors around the vehicle body [45]. ere are also supplemental sensors such as the sound detection sensors. e possible attack target assets are analysed as below.
(1) Audio/entertainment devices: audio devices have already been widely used in modern automobiles. It evolved to a colorful touchable screen showing more information in vehicles [46]. In CAVs, the audio/ video system could be used to warn users about anomaly or abnormal behaviours detected in the system or surrounding environments.
(a) Loud volume: the first possible attack is to suddenly increase the volume of the voice such as background music on board. is attack could distract the passengers' attention or even cause panic in certain situations. e severity of information of leakage is low but the severity of physical damage is medium, which means that the overall severity is low. (b) Fake sound: the attacker could use the audio system to make fake noise such as a crash sound. is attack might cause passengers' panic as well, although is not likely to cause information leakage. (c) Remote control: this attack already happened in real world. Two white hackers in the USA hacked into a Jeep Great Cherokee from 10 miles away and then stopped the vehicle on a highway road through the entertainment system [47]. is is because the vehicle CAN and the entertainment system are combined together. If an attacker could control the vehicle remotely through the audio/ entertainment system, the severity of physical damage could be high. In addition, the risk of information leakage will also be severe because the attackers could send remote instructions to gather private information. Moreover, in CAVs, the remote-control attacks might happen on other components leading to severe risks.
(2) Cameras: cameras provide the vision data, an indispensable part in CAV. To detect the surrounding objects and position the vehicle, camera is a fundamental sensor on CAVs. However, the camera's function could be replaced by other sensors when they break down; thus, camera is of medium importance. ere are already successful attacks to cameras to fool vehicles already [48].
(a) Blind vision: blind vision attack could be easily achieved by physical access. However, with the connectivity of the vehicle, it is even easier for the attackers. e attackers could disable the camera by controlling a strong light resource remotely. e attack would not leak the private information of the vehicle. However, this attack would not cause fatal injuries as well because it is easy to be detected, and CAV contains multisensors' data. If the cameras break down, other sensors could still help to 'see' the environment. Based on this, the overall severity level of the attack is low. (b) Mislead camera (fake images): by controlling the cameras remotely, the attackers could inject fake image information to mislead the cameras. is attack is more dangerous than the blind vision attack because the detection possibility is lower. For blind vision attack, the system or the user could easily detect the abnormal situation. While in the mislead camera attack, it may take longer time to detect. In addition, the system might make decisions based on the fake images, the severity of physical attack is thus higher, and the overall severity is high.
(3) Battery system: currently, the number of electric vehicles on road is increasing. As an environmentfriendly transportation method, it is believed that the future CAVs would be electric vehicles. e vehicles' battery system would also then be an attack target. e most possible attack to the battery system is the DoS (Denial of Services) attack. In computer science, the aim of DoS attack is to exhaust all the resources of the target to make the computer, server, or communication channel unavailable. In CAVs, the DoS attack could target the energy sources to exhaust the power sources including heating the seats on the vehicle. DoS attacks could be really dangerous to the battery system. It could trigger different parts to consume battery power in a short time. Sudden battery loss could cause damage to the basic functions of the vehicle. e severity of physical damage is medium, and the combined severity level is medium as well.     [49]. It uses light point cloud to detect the distance and boundaries of surrounding obstacles and environments [50]. e importance of LiDAR is medium. ere are successful attempts to attack the LiDAR by using strong lights in a simulation environment [48].
(a) Jamming: this attack jams the LiDAR by using strong lights to reflect the origin light. e attackers could not gather any information through this attack. However, it may lead to physical damage because the detection performance of LiDAR will decrease. (b) Hidden objects: because LiDAR uses the reflection of light to detect the surrounding environments, the attackers may use special materials to absorb the light to avoid detection. is attack would not cause any information leakage directly. However, in some situations, for example, if the object is covered by special reflection materials, the vehicle would not observe it. is could cause physical damage or even fatal injuries to the target vehicle. e combined severity of this attack is high as it may lead to fatal accident. (c) Fake objects: the attackers could use light reflection to simulate a fake object, e.g., a barrier in front of the vehicle. e target vehicles would stop or change direction based on the false detection. If multiple vehicles detect this fake object, it could cause severe traffic congestion. Moreover, if there are multiple fake objects on the roads, this attack could cause physical damage when CAVs try to avoid those fake objects. With the other detection methods on the vehicle, however, the possibility of fatal injuries of this attack exists but is low. e severity of physical damage is medium and the combined severity is medium as well.
(5) Radar: unlike LiDAR in CAVs, radar uses radio waves instead of light to detect the surroundings. Currently, there are two types of Radar on CAVs, millimeter Radar [51], and Ultrasonic Radar [52]. e millimeter radar is used on object detection [53], and the ultrasonic radar is used in short distance scenarios such as parking assistance system [54]. is is because the speed of ultrasonic radar is slow, which would lead to poor detection rate in high speed movements. Radar is also of medium importance.
(a) Jamming: this attack is similar to the LiDAR jamming attack. In radar jamming attack, the attackers would use noise to degrade the signal of radar. e attacked radar system might not work properly and the vehicle could not detect the surrounding environments. If the noise source influences multiple CAVs, the traffic flow would be disturbed or it could even cause traffic collisions. is attack would not cause information leakage directly but might cause physical damage. e combined severity of this attack is medium. (b) Hidden objects: currently, existing technologies are able to hide objects from radar detection and have been already adapted in the area of military aerospace [55]. e planes or the objects hide themselves by changing the regular reflection shape or using radar absorbing materials. In military, the mitigation method is already developed, which is called Radar Antistealth Technology [55]. is technology will strengthen the radar signal. is attack would not cause information leakage but might cause physical damage, or even hurt people directly. e combined severity level of this attack is high. (c) Fake objects: the attackers broadcast fake radar signals to conduct the attack. Other vehicles would then detect the false signal and take corresponding reactions. is attack would not cause information leakage, however, might cause physical damage to infrastructures, e.g., collisions when vehicles are trying to avoid fake objects. e combined severity of this attack is medium.
(6) GNSS (Global Navigation Satellite System): the most widely used GNSS system is GPS (Global Positioning System) from the USA [56]. Currently, other countries are developing their own GNSS such as Beidou from China, Galileo from Europe Union, and Glonass from Russia [57]. e GNSS system could help to locate and navigate the vehicle. Hacking into this system requires high-level knowledge. e GNSS system is a major resource for positioning and navigation, but as the positioning and navigation are cooperated via V2V communication, the importance of GNSS system is thus medium.
(a) Spoofing: GNSS spoofing attack sends similar GNSS signals to mislead the receivers of the target CAVs. e attackers could use these devices to lead the vehicle to false location or wrong route. In 2013, researchers from the University of Texas at Austin successfully fooled an 80 million dollar super-yacht by their GPS spoofing devices [58]. Compared to the GNSS jamming attack, GNSS spoofing attack would be more dangerous.
Without the GNSS signals, CAVs would use other methods such as V2V communication or SLAM (Simultaneous Localization and Mapping) to navigate and avoid the possible hazards such as collisions. However, if the information is wrong and not detected, CAVs would trust the wrong GNSS information and take wrong reactions, which may lead to collisions and fatal injuries. In addition, a vehicle that has been spoofed successfully could respond with private information such as the location information and historic route information to the attackers, which would also cause information leakage. In that case, the severity of information leakage is medium and the severity of physical damage is high. (b) Jamming: in the GNSS jamming attack, the attackers will send stronger power signal to the CAV receiver. e GNSS signal is normally weak when they approach the receivers, and it could be easily covered by the jamming signal. e real GNSS signal will then be ignored. In addition, it is also difficult to detect the jamming attack because the GNSS signal is likely to decrease due to interference or limited number of satellites [59]. CAVs could not navigate and locate without the GNSS signal. However, V2V communication could help to navigate coordinately as a backup method. e severity levels of both information leakage and physical damage are medium. (a) Injection: the attackers would inject nonexisting information or even malware to the system through ports such as USB ports. With the fake information, CAVs might make wrong decisions leading to physical damage. As an active attack, injection could also cause leakage of sensitive data. e combined severity of this attack is medium. (b) Eavesdropping: eavesdropping is a passive attack and is difficult to be noticed. e main objective of this attack is not to cause physical damage but to gain access to valuable data. us, the severity of information leakage is high and the severity of physical damage is low. (c) Traffic analysis: traffic analysis is also a passive attack. e attackers will monitor and observe the data and then try to identify the pattern in the data flow. As a passive attack, the traffic analysis attack would not cause physical damage directly and the scale of information leakage is limited. e combined severity of this attack is low. (d) Modification: this attack modifies the messages sent between different components and units. e wrong messages could lead to the wrong decision and action of the vehicle. e severity of this attack is medium.

Connectivity in CAVs.
ere are three main types of vehicle communication in CAV network. V2V (Vehicle-to-Vehicle) communication is between vehicles via wireless network. V2I (Vehicle-to-Infrastructure) communication is between vehicles and infrastructures via wireless network and V2X (Vehicle-to-Everything) includes V2V, V2I, and communications between vehicles and other entities such as cloud database or pedestrians [60]. Compared with traditional automobiles, these communication methods could help to improve the accuracy of location in rural area and prevent accidents efficiently. Meanwhile, some computer cyber attacks might also happen in CAV environment. For example, in a network cyber attack benchmark KDD99 [61], cyber attacks such as DoS attack could be adapted into V2V communication. Nowadays, many communication technologies are being used in CAV network, e.g., DSRC (Dedicated Short Range Communication), LTE (Local ermal Equilibrium), and 5G [62]. e possible attack target assets of connectivity are analysed as below.  (a) Cloud ID dataset: authority is important in CAV network. Each CAV would be assigned a unique ID such as an electronic plate. In order to confirm the reliability of the communication, only the information from the trusted CAVs in the dataset could be accepted. All the communication and information exchange are based on the authority from the CAV cloud. (b) Cloud real-time traffic database: cloud database collects the traffic data to provide transportation guidance. It includes the real-time traffic congestion data and accident data to inform all the CAVs to avoid certain areas. If the attackers inject fake messages or modify messages, all the vehicles in the cloud database would receive wrong information. In addition, the attackers could also access valuable information in the dataset.
With the severity criteria, all the attacks are then grouped into four categories, as shown in Table 5. It can be seen that the critical attacks contain remote control, fake vision on cameras, hidden objects to LiDAR and Radar, spoofing attack to GNSS, and fake identity in cloud authority. It could be summarized that all the critical attacks are related to spoofing and falsify messages. ese attacks are difficult to realize and they could all lead to wrong reaction or even fatal injuries.

Mitigation Methods
For each of the attacks analysed in Section 4, the mitigation methods will be different. By adapting the mitigation methods in information security [35], the main types of mitigation methods could be grouped into five categories. To CAVs, the mitigation methods could be similar but need to be considered based on specific CAV characteristics.
(1) Prevention: these methods prevent the attack from influencing the whole vehicle system negatively. In potential attacks to CAVs, the prevention is for passive attacks such as eavesdropping by encrypting the communication channel and messages. In addition, all the CAV users could be authorized with the credibility of the messages. For example, to the eavesdropping attacks in in-vehicle system, if the communication channel and messages are encrypted, it is much more difficult for attackers to make use of the information.
(2) Reduction: reduction methods reduce the possibility or feasibility of the attack. It could also reduce the possible impacts of the attacks to a controllable level. In CAVs, the reduction methods include the redundant sensors. If one sensor breaks down, the vehicle could still rely on the data from other sensors to reduce the impact of each sensor. For example, to reduce the impact of the blind vision attack to the camera, the vehicle could use other sensors after detecting abnormal attacks.
(3) Transference: transference shares the possible risks with others, such as a reliable third-party organization including governments and insurance companies. For example, in the Cloud of V2X communication, the authority of each CAV's identity should be assigned by the government or relevant legitimate organizations. All the CAVs information should also be stored safely and monitored by the trusted third-party. Not all the Fake objects (LiDAR); fake objects (radar); DoS attack (battery system); injection (in-vehicle system); modification (in-vehicle system); modification (V2V communication); fake/ghost message (V2V communication); change infrastructure sign (V2I communication); injection (cloud dataset); modification (cloud dataset)

Moderate
Blind vision (cameras); jamming (LiDAR); jamming (radar); jamming (GNSS); eavesdropping (in-vehicle system); traffic analysis (in-vehicle system); DoS attack (V2V communication); block/remove sign (infrastructure sign); road line changing (road) 4 Minor Loud volume (audio/video devices); fake sound (audio/video devices) attacks could be resolved by transference. In CAVs, this mitigation method could only be used when a single vehicle manufacturer or a supplier could not handle all the information safely. (4) Acceptance: acceptance is to retain the risks caused by those attacks with limited negative impacts on CAVs. e attack might not have a proper countermeasure and the impact is at an acceptable level. For example, to the traffic analysis attack in invehicle communication, the leaked information could only be the size and timing of the communication package, which is not likely to cause physical damage. In addition, the traffic analysis attack, which is a passive attack, could not be prevented by message and communication channel encryption. In that case, the traffic analysis attack could be tolerated. (5) Contingency: contingency considers the possible reactions if the attacks happen. A contingency plan needs to be prepared to recover the system once attacked. If the CAV system detects an abnormal battery loss due to the DoS attack, it could pull up the CAV to a safe place.

Conclusion
CAV is a fundamental part of intelligent transportation systems and has started attracting increasing research attention in the last few years. Given the importance of CAVs in relation to personal information, physical damages, and passengers' lives, cyber security of CAVs are thus becoming highly important in research developments. is paper has identified some of the most important cyber attacks to CAVs. For each identified cyber attack, the target asset, the possible risks, and the consequences have been analysed. e severity level of information leakage and physical damage are then estimated and considered based on a new criteria adapted from engineering and software developments. Possible mitigation methods are then categorized and suggested to resolve these attacks.
Among the attacks identified in this paper, the spoofing and falsify messages attacks including remote control, fake vision on cameras, hidden objects to LiDAR and Radar, spoofing attack to GNSS, and fake identity in cloud authority have been identified as the most dangerous attacks to CAVs. All of these attacks would cause severe consequences to information leakage and physical damage.
However, it should also be noticed that CAV technologies are fast evolving. is paper discusses the potential cyber attacks in the existing CAVs technologies and derives the potential attacks based on the traditional cyber attacks. Within the scope of CAV hardware, software, and data, the possible attacks listed in Table 4 will be further extended to reflect the latest developments in CAVs. Meanwhile, the overall severity of each attack is only judged by the listed criteria. It could be further discussed based on other criteria. Due to the emerging infrastructures under construction at different countries, and the unique characteristics of real-world environments required, there is a lack of readily complete testing environments compliant to generally adopted standards available in research and practice. Apart from defining and categorizing the potential cyber attacks, it should also be stressed that the evaluations of the severity of each type of attacks also need to be defined and justified carefully based on real-world field tests. Furthermore, the severity assessment of the listed potential attacks only considers single sensor. For example, in real-world tests, if the cameras fail to recognize an obstacle on the road, the LiDAR and Radar might complement and help to recognize and avoid the obstacle. In some extreme situations, all the sensors or backup elements/functions might be ineffective or fail. e assessment of the severity for different attacks should consider and evaluated the integration of multiple sensors and would also be an interesting topic for future research. In addition, the advantage, disadvantage, and application scenarios of each mitigation method are not the focus in this paper. e presented mitigation methods will be extended and refined further in future research on CAVs cyber security.

Data Availability
e data used to support the findings of this study are available from the corresponding author upon request.

Conflicts of Interest
e authors declare no conflicts of interest.