WOLVES: Window of Opportunity attack feasibility likelihood value estimation through a simulation-based approach

The Road Vehicles Cybersecurity Engineering Standard, ISO/SAE 21434, provides a framework for road vehicle Threat Analysis and Risk Assessment (TARA). The TARA framework must include Connected Vehicles (CVs) and their connectivity with external interfaces. However, assessing cyber-attack feasibility on CVs is a significant challenge, as traditionally, qualitative and subjective expert opinions are the norm. Additionally, there is a need for historical data on security-related incidents and dynamically evolving interconnected vehicle-to-everything (V2X) entities for feasibility assessment, which is not readily available. To address this problem, this paper presents, to the best of our knowledge, the first simulation-based TARA framework designed to characterise, quantify, and assess the Window of Opportunity (WO) for attackers—a metric that indicates the likelihood of an attack. A case study involving Bluetooth, with one attacker and one target, is modelled to demonstrate the proposed framework WOLVES’s applicability. Two scenarios have been investigated using different motorway roads in the UK. The primary outcome is the WOLVES framework, which employs a data-driven approach using both prior and likelihood information to estimate the probability of a successful cyber attack on a given technology in CVs. The findings from this research could assist threat analysts, decision-makers, and planners involved in CV risk assessment by enhancing the modelling of attack feasibility for cybersecurity threats in dynamic scenarios and developing appropriate mitigation strategies

A simulation framework for automotive cybersecurity risk assessment

Human-initiated disruptions such as cyberattacks on connected vehicles have the potential to cause cascading failures in transport systems, leading to systemic risks. ‘ISO/SAE 21434:2021 Road vehicles - Cybersecurity engineering’ is the current standard for risk management of road vehicles. However, the threat analysis and risk assessment framework given in the standard focuses on asset-level analysis and assessment. Hence, this study develops a novel simulation-based framework to perform threat analysis and risk assessment on connected vehicles from a transport network perspective. The proposed framework is developed based on the ISO/SAE 21434 threat analysis and risk assessment methodology. We demonstrate the applicability and usefulness of the framework through a remote attack via the cellular network on the in-vehicle communication bus system of a connected vehicle to show the potential impacts on the transport network. Based on the findings of our case studies, we exemplify how cyberattacks on individual system components of a connected vehicle have the potential to cause systemic failures

A Quantitative Methodology for Systemic Impact Assessment of Cyber Threats in Connected Vehicles

The increasing integration of digital technologies in connected vehicles introduces cybersecurity risks that extend beyond individual vehicles, with the potential to disrupt entire transportation systems. Current practice (e.g., ISO/SAE~21434 TARA) focuses on threat identification and qualitative impact ratings at the vehicle boundary, with limited systemic quantification. This study presents a systematic, simulation-based methodology for quantifying the systemic operational and safety impacts of cyber threats on connected vehicles, evaluating cascading effects across the transport network. Three representative scenarios are examined: (I) telematics-induced sudden braking causing a cascading collision, (II) remote disabling on a motorway (M25) segment, and (III) a compromised Roadside Unit (RSU) spoofing Variable Speed Limit (VSL) and phantom lane closure messages to connected and automated vehicles (CAVs). The results highlight the potential for cascading safety incidents and systemic operational degradation, as evidenced by the defined systemic operational and safety vectors, factors that are insufficiently addressed in the current scope of the ISO/SAE 21434 standard, which primarily focuses on individual vehicle-level threats. The findings underscore the need to incorporate systemic evaluation into existing frameworks to enhance cyber resilience across connected vehicle ecosystems. The framework complements ISO/SAE~21434 by supplying quantitative, reproducible evidence for the impact rating step at a systemic scale, reducing assessor subjectivity and supporting policy and operations, enabling more data-driven evaluations of systemic cyber risks

Fluorescence devices for the detection of dental caries

BACKGROUND: Caries is one of the most prevalent and preventable conditions worldwide. If identified early enough then non‐invasive techniques can be applied, and therefore this review focusses on early caries involving the enamel surface of the tooth. The cornerstone of caries detection is a visual and tactile dental examination, however alternative methods of detection are available, and these include fluorescence‐based devices. There are three categories of fluorescence‐based device each primarily defined by the different wavelengths they exploit; we have labelled these groups as red, blue, and green fluorescence. These devices could support the visual examination for the detection and diagnosis of caries at an early stage of decay. OBJECTIVES: Our primary objectives were to estimate the diagnostic test accuracy of fluorescence‐based devices for the detection and diagnosis of enamel caries in children or adults. We planned to investigate the following potential sources of heterogeneity: tooth surface (occlusal, proximal, smooth surface or adjacent to a restoration); single point measurement devices versus imaging or surface assessment devices; and the prevalence of more severe disease in each study sample, at the level of caries into dentine. SEARCH METHODS: Cochrane Oral Health's Information Specialist undertook a search of the following databases: MEDLINE Ovid (1946 to 30 May 2019); Embase Ovid (1980 to 30 May 2019); US National Institutes of Health Ongoing Trials Register (ClinicalTrials.gov, to 30 May 2019); and the World Health Organization International Clinical Trials Registry Platform (to 30 May 2019). We studied reference lists as well as published systematic review articles. SELECTION CRITERIA: We included diagnostic accuracy study designs that compared a fluorescence‐based device with a reference standard. This included prospective studies that evaluated the diagnostic accuracy of single index tests and studies that directly compared two or more index tests. Studies that explicitly recruited participants with caries into dentine or frank cavitation were excluded. DATA COLLECTION AND ANALYSIS: Two review authors extracted data independently using a piloted study data extraction form based on the Quality Assessment of Diagnostic Accuracy Studies 2 (QUADAS‐2). Sensitivity and specificity with 95% confidence intervals (CIs) were reported for each study. This information has been displayed as coupled forest plots and summary receiver operating characteristic (SROC) plots, displaying the sensitivity‐specificity points for each study. We estimated diagnostic accuracy using hierarchical summary receiver operating characteristic (HSROC) methods. We reported sensitivities at fixed values of specificity (median 0.78, upper quartile 0.90). MAIN RESULTS: We included a total of 133 studies, 55 did not report data in the 2 x 2 format and could not be included in the meta‐analysis. 79 studies which provided 114 datasets and evaluated 21,283 tooth surfaces were included in the meta‐analysis. There was a high risk of bias for the participant selection domain. The index test, reference standard, and flow and timing domains all showed a high proportion of studies to be at low risk of bias. Concerns regarding the applicability of the evidence were high or unclear for all domains, the highest proportion being seen in participant selection. Selective participant recruitment, poorly defined diagnostic thresholds, and in vitro studies being non‐generalisable to the clinical scenario of a routine dental examination were the main reasons for these findings. The dominance of in vitro studies also means that the information on how the results of these devices are used to support diagnosis, as opposed to pure detection, was extremely limited. There was substantial variability in the results which could not be explained by the different devices or dentition or other sources of heterogeneity that we investigated. The diagnostic odds ratio (DOR) was 14.12 (95% CI 11.17 to 17.84). The estimated sensitivity, at a fixed median specificity of 0.78, was 0.70 (95% CI 0.64 to 0.75). In a hypothetical cohort of 1000 tooth sites or surfaces, with a prevalence of enamel caries of 57%, obtained from the included studies, the estimated sensitivity of 0.70 and specificity of 0.78 would result in 171 missed tooth sites or surfaces with enamel caries (false negatives) and 95 incorrectly classed as having early caries (false positives). We used meta‐regression to compare the accuracy of the different devices for red fluorescence (84 datasets, 14,514 tooth sites), blue fluorescence (21 datasets, 3429 tooth sites), and green fluorescence (9 datasets, 3340 tooth sites) devices. Initially, we allowed threshold, shape, and accuracy to vary according to device type by including covariates in the model. Allowing consistency of shape, removal of the covariates for accuracy had only a negligible effect (Chi(2) = 3.91, degrees of freedom (df) = 2, P = 0.14). Despite the relatively large volume of evidence we rated the certainty of the evidence as low, downgraded two levels in total, for risk of bias due to limitations in the design and conduct of the included studies, indirectness arising from the high number of in vitro studies, and inconsistency due to the substantial variability of results. AUTHORS' CONCLUSIONS: There is considerable variation in the performance of these fluorescence‐based devices that could not be explained by the different wavelengths of the devices assessed, participant, or study characteristics. Blue and green fluorescence‐based devices appeared to outperform red fluorescence‐based devices but this difference was not supported by the results of a formal statistical comparison. The evidence base was considerable, but we were only able to include 79 studies out of 133 in the meta‐analysis as estimates of sensitivity or specificity values or both could not be extracted or derived. In terms of applicability, any future studies should be carried out in a clinical setting, where difficulties of caries assessment within the oral cavity include plaque, staining, and restorations. Other considerations include the potential of fluorescence devices to be used in combination with other technologies and comparative diagnostic accuracy studies