Factors influencing driver response toward an instrument cluster cyberattack: experience, awareness, and training

Abstract

Commercial Motor Vehicles (CMVs) and the trucking industry are often referred to as the backbone to the supply chain in the United States. With this has come efforts to modernize heavy vehicles just like their passenger vehicle counterparts in order to improve the safety, performance, and efficiency of the transportation of goods and materials. However, the introduction of advanced cyber-physical systems in heavy vehicles makes available a new vulnerability not previously encountered: cyberattacks. The objective of this thesis is to (1) evaluate drivers' responses to an unexpected cyberattack, (2) evaluate how awareness of the cybersecurity threat on their vehicle influences driver behavior, and (3) evaluate how the provision of a cyberattack response protocol influences driver performance. An on-road driving study with 50 participants was conducted to measure drivers' response to an unexpected cyberattack while operating a medium heavy-duty vehicle (GVWR 26,000lbs; Class 6). Each participant was randomly assigned to one of three experimental groups which received varying levels of information prior to the start of the drive. The Control group received no information regarding a possible cyberattack threat on their vehicle. The Aware group received a warning regarding a possible cyberattack threat on their vehicle. The Aware + Protocol group received the same warning as the Aware group along with a basic cyberattack response protocol. Within each group, six to seven of the participants were professional drivers (e.g., commercial truck driver, firefighter, bus driver), while the remaining 10 to 11 participants in each group were standard licensed drivers. Each of the participants experienced the same driving route and cyberattack scenario with regard to type, location, timing, and execution. Participant driving responses were measured using data collected from the vehicle CAN bus, and Racelogic VBOX3i GNSS and IMU sensors. Participant physiological responses (heart rate and electrodermal activity) were measured using an Empatica E4 wearable. Additionally, participants completed a survey at the end of the experimental session to assess their driving experience, risk taking tendencies, and interpretation of the cyberattack. The findings highlight the essential role of awareness and response protocols in enhancing a driver's response to an unexpected vehicle cyberattack. The Aware + Protocol group achieved a 100\% stop rate among both Standard and Professional drivers, showcasing the transformative impact of awareness and clear response guidelines compared to the Control group stop rate of 9\% for Standard and 83\% for Professional drivers. The Aware + Protocol group also traveled the shortest distance during the cyberattack, with Standard drivers covering 224 meters (0.139 miles) and Professional drivers 254 meters (0.158 miles), compared to the Control group's 828 meters (0.514 miles) for Standard drivers and 520 meters (0.323 miles) for Professional drivers. Furthermore, the Aware + Protocol group demonstrated the shortest reaction times, averaging 7.53 seconds, versus 16.12 seconds in the Aware group and 30.29 seconds in the Control group. These results emphasize that awareness alone is insufficient; explicit instructions significantly enhance drivers' ability to respond promptly and effectively to cybersecurity threats. By informing drivers and providing response protocols, their ability to respond appropriately to cyberattacks can be significantly improved. This information can be applied in several practical ways, such as developing cyberattack response training programs for all drivers, especially those operating heavy vehicles. Additionally, public service announcements and in-vehicle alerts could be effective in increasing awareness of cyberattack vulnerabilities. Public service announcements broadcasted through various media channels can inform a wide audience about the risks of vehicle cyberattacks and inform drivers on how to recognize and respond to such threats. In-vehicle alerts can offer real-time information and instructions, guiding drivers on immediate actions to take when a cybersecurity threat is detected.