The cybersecurity of autonomous vehicles (AVs) is an important emerging area of research in traffic safety. Because human failure is the most common reason for a successful cyberattack, human-factor researchers and psychologists might improve AV cybersecurity by researching how to decrease the probability of a successful attack. We review some areas of research connected to the human factor in cybersecurity and find many potential issues. Psychologists might research the characteristics of people prone to cybersecurity failure, the types of scenarios they fail in and the factors that influence this failure or over-trust of AV. Human behavior during a cyberattack might be researched, as well as how to educate people about cybersecurity. Multitasking has an effect on the ability to defend against a cyberattack and research is needed to set the appropriate policy. Human-resource researchers might investigate the skills required for personnel working in AV cybersecurity and how to detect potential defectors early. The psychological profile of cyber attackers should be investigated to be able to set policies to decrease their motivation. Finally, the decrease of driver's driving skills as a result of using AV and its connection to cybersecurity skills is also worth of research.

Department of Traffic Psychology CDV Transport Research Centre Brno Czechia

Graduate Institute of Injury Prevention and Control College of Public Health Taipei Medical University Taipei Taiwan

See more in PubMed

Al Mamun A., Al Mamun M. A., Shikfa A. (2018). “Challenges and Mitigation of Cyber Threat in Automated Vehicle: An Integrated Approach,” in Proceedings of the 2018 International Conference of Electrical and Electronic Technologies for Automotive, (Milan: IEEE; ).

Anwar M., He W., Ash I., Yuan X., Li L., Xu L. (2017). Gender difference and employees’ cybersecurity behaviors. Comput. Hum. Behav. 69 437–443. 10.1016/j.chb.2016.12.040 DOI

Axelrod C. W. (2017). “Cybersecurity in the age of autonomous vehicles, intelligent traffic controls and pervasive transportation networks,” in Proceedings of the 2017 IEEE Long Island Systems, Applications and Technology Conference LISAT, (Farmingdale, NY: IEEE; ).

Bashir M., Wee C., Memon N., Guo B. (2017). Profiling cybersecurity competition participants: self-efficacy, decision-making and interests predict effectiveness of competitions as a recruitment tool. Comput. Sec. 65 153–165. 10.1016/j.cose.2016.10.007 DOI

Bergin D. L. (2015). Cyber-attack and defense simulation framework. J. Defen. Model. Simul. 12 383–392. 10.1177/1548512915593528 DOI

Blythe J. M., Coventry L. (2018). Costly but effective: comparing the factors that influence employee anti-malware behaviours. Comput. Hum. Behav. 87 87–97. 10.1016/j.chb.2018.05.023 DOI

Bordoff S., Chen Q., Yan Z. (2017). Cyber attacks, contributing factors, and tackling strategies: the current status of the science of cybersecurity. Int. J. Cyber Behav. Psychol. Learn. 7 68–82. 10.4018/ijcbpl.2017100106 DOI

Brase G. L., Vasserman E. Y., Hsu W. (2017). Do different mental models influence cybersecurity behavior? Evaluations via statistical reasoning performance. Front. Psychol. 8:1929. 10.3389/fpsyg.2017.01929 PubMed DOI PMC

Buchler N., La Fleur C. G., Hoffman B., Rajivan P., Marusich L., Lightner L. (2018). Cyber teaming and role specialization in a cyber security defense competition. Front. Psychol. 9:2133. 10.3389/fpsyg.2018.02133 PubMed DOI PMC

Burzio G., Cordella G. F., Colajanni M., Marchetti M., Stabili D. (2018). “Cybersecurity of Connected Autonomous Vehicles: A ranking based approach,” in Proceedings of the 2018 International Conference of Electrical and Electronic Technologies for Automotive, (Milan: IEEE; ).

Canetti D., Gross M., Waismel-Manor I., Levanon A., Cohen H. (2017). How cyberattacks terrorize: cortisol and personal insecurity jump in the wake of cyberattacks. Cyberpsychol. Behav. Soc. Network. 20 72–77. 10.1089/cyber.2016.0338 PubMed DOI

Checkoway S., McCoy D., Kantor B., Anderson D., Shacham H. (2011). “Comprehensive experimental analyses of automotive attack surfaces,” in Proceedings of the 20th USENIX conference on Security, (Berkeley: USENIX Association; ).

Cheung-Bluden V., Ju J. (2016). Anxiety as a barrier to information processing in the event of a cyberattack. Polit. Psychol. 37 387–400. 10.1111/pops.12264 DOI

Chong I., Xiong A., Proctor R. W. (2018). Human factors in the privacy and security of the internet of things. Ergon. Des. Q. Hum. Factors Appl. (in press). 10.1177/1064804617750321 DOI

Cowley J. A., Nauer K. S., Anderson B. R. (2015). Emergent relationships between team member interpersonal styles and cybersecurity team performance. Proc. Manufact. 3 5110–5117. 10.1016/j.promfg.2015.07.526 DOI

Dawson J., Thomson R. (2018). The future cybersecurity workforce: going beyond technical skills for successful cyber performance. Front. Psychol. 9:744. 10.3389/fpsyg.2018.00744 PubMed DOI PMC

Derrick D., Chhawri S., Eustice R. M., Ma D., Weimerskirch A. (2016). “Risk assessment for cooperative automated driving,” in Proceedings of the 2nd ACM Workshop on Cyber-Physical Systems Security and Privacy, Vienna, 47–58.

Dixit V. V., Chand S., Nair D. J. (2016). Autonomous vehicles: disengagements, accidents and reaction times. PLoS One 11:e0168054. 10.1371/journal.pone.0168054 PubMed DOI PMC

Dogan E., Rahal M. C., Deborne R., Delhomme P., Kemeny A., Perrin J. (2017). Transition of control in a partially automated vehicle: effects of anticipation and non-driving-related task involvement. Transport. Res. Part F 46 205–215. 10.1016/j.trf.2017.01.012 DOI

Dreibelbis R. C., Martin J., Coovert M. D., Dorsey D. W. (2018). The looming cybersecurity crisis and what it means for the practice of industrial and organizational psychology. Industr. Organ. Psychol. 11 346–365. 10.1017/iop.2018.3 DOI

Evans M., Maglaras L. A., He Y., Janicke H. (2016). Human behaviour as an aspect of cybersecurity assurance. Secur. Commun. Netw. 9 4667–4679. 10.1002/sec.1657 DOI

Fagan M., Khan M. M. H. (2018). To follow or not to follow: a study of user motivations around cybersecurity advice. IEEE Internet Comput. 22 25–34. 10.1109/mic.2017.3301619 DOI

Gcaza N., von Solms R. (2017). “Cybersecurity Culture: An Ill-Defined Problem,” in Information Security Education for a Global Digital Society. WISE 2017. IFIP Advances in Information and Communication Technology Vol. 503 eds Bishop M., Futcher L., Miloslavskaya N., Theocharidou M. (Cham: Springer; ).

Gold C., Dambrock D., Lorenz L., Bengler K. (2013). ,,Take over!” how long does it take to get the driver back into the loop? Proc. Hum. Factors Ergon. Soc. Ann. Meet. 57 1938–1942. 10.1007/s10683-015-9468-6 PubMed DOI PMC

Greitzer F. L., Frincke D. A. (2010). “Combining Traditional Cyber Security Audit Data with Psychosocial Data: Towards Predictive Modeling for Insider Threat Mitigation,” in Insider Threats in Cybersecurity, eds Probst C. H. W., Hunker J., Gollmann D., Bishop M. (Boston: Springer; ), 85–113. 10.1007/978-1-4419-7133-3_5 DOI

Haas R. E., Möller D. P. F. (2017). “Automotive connectivity, cyber attack scenarios and automotive cyber security,” in Proceedings of the 2017 IEEE International Conference on Electro Information Technology, (Lincoln, NE: IEEE; ), 635–639.

Hadlington L. (2017). Human factors in cybersecurity; examining the link between Internet addiction, impulsivity, attitudes towards cybersecurity, and risky cybersecurity behaviours. Heliyon 3:e00346. 10.1016/j.heliyon.2017.e00346 PubMed DOI PMC

Hadlington L. (2018). “The “Human Factor,” in Cybersecurity,” in Psychological and Behavioral Examinations in Cyber Security, eds McAlaney J., Frumkin L. A. (Hershey, PA: IGI Global; ), 46–63.

Hadlington L., Murphy K. (2018). Is media multitasking good for cybersecurity? exploring the relationship between media multitasking and everyday cognitive failures on self-reported risky cybersecurity behaviors. Cyberpsychol. Behav. Soc. Netw. 21 168–172. 10.1089/cyber.2017.0524 PubMed DOI PMC

Hadlington L., Parsons K. (2017). Can cyberloafing and internet addiction affect organizational information security? Cybersecur. Behav. Soc. Netw. 20 567–571. 10.1089/cyber.2017.0239 PubMed DOI

He Q., Meng X., Qu R. (2017). “Survey on Cyber Security of CAV,” in Proceedings of the CPGPS 2017 Forum on Cooperative Positioning and Service, (Harbin: IEEE; ).

Henshel D., Cains M., Hoffman B., Kelley T. (2015). Trust as a human factor in holistic cyber security risk assessment. Proc. Manufact. 3 1117–1124. 10.1016/j.promfg.2015.07.186 DOI

Henshel D., Sample C., Cains M., Hoffman B. (2016). “Integrating cultural factors into human factors framework and ontology for cyber attackers,” in Advances in Human Factors in Cybersecurity, ed. Nicholson D. (Cham: Springer; ), 123–137. 10.1007/978-3-319-41932-9_11 DOI

Juang K., Greenstein J. (2018). Integrating visual mnemonics and input feedback with passphrases to improve the usability and security of digital authentication. Hum. Fact. 60 658–668. 10.1177/0018720818767683 PubMed DOI

King Z. M., Henshel D. S., Flora L., Cains M. G., Hoffman B., Sample C. (2018). Characterizing and measuring maliciousness for cybersecurity risk assessment. Front. Psychol. 9:39. 10.3389/fpsyg.2018.00039 PubMed DOI PMC

Kortschot S. W., Sovilj D., Jamieson G. A., Sanner S., Carrasco C., Soh H. (2018). Measuring and mitigating the costs of attentional switches in active network monitoring for cybersecurity. Hum. Factors 60 962–977. 10.1177/0018720818784107 PubMed DOI

Li L., He W., Xu L., Ash I., Anwar M., Yuan X. (2019). Investigating the impact of cybersecurity policy awareness on employees’ cybersecurity behavior. Int. J. Inform. Manag. 45 13–24. 10.1016/j.ijinfomgt.2018.10.017 DOI

Lim D., Park K., Choi D., Seo J. (2017). “Analysis on attack scenarios and countermeasures for self-driving car and its infrastructures,” in Advances on Broad-Band Wireless Computing, Communication and Applications, Lecture Notes on Data Engineering and Communication Technologies 2, eds Barolli L., et al. (Cham: Springer International Publishing; ), 429–442. 10.1007/978-3-319-49106-6_42 DOI

Lim H. S. M., Taeihagh A. (2018). Autonomous vehicles for smart and sustainable cities: an in-depth exploration of privacy and cybersecurity implications. Energies 11:1062 10.3390/en11051062 DOI

Lima A., Rocha F., Völp M., Esteves-Verissimo P. (2016). “Towards safe and secure autonomous and cooperative vehicle ecosystems,” in Proceedings of the 2nd ACM Workshop on Cyber-Physical Systems Security and Privacy, Vienna, 59–70.

Lin P.-S., Wang Z., Guo R. (2016). “Impact of Connected Vehicles and Autonomous Vehicles on Future Transportation,” in Bridging the East and West: Theories and Practices of Transportation in the Asia Pacific Proceedings of the 11th Asia Pacific Transportation Development Conference and the 29th ICTPA Annual Conference, (Reston: American Society of Civil Engineers; ), 46–53.

Lindsay J. R. (2015). Tipping the scales: the attribution problem and the feasibility of deterrence against cyberattack. J. Cybersecur. 1 53–67.

Macher G., Messnarz R., Armengaud E., Riel A., Brenner E., Kreiner C. (2017). “Integrated safety and security development in the automotive domain,” in Proceedings of the WCXTM 17: SAE World Congress Experience, Detroit.

Marble J. L., Lawless W. F., Mittu R., Coyne J., Abramson M., Sibley C. (2015). “The human factor in cybersecurity: Robust & intelligent defense,” in Cyber Warfare. Building the Scientific Foundation, eds Jajodia S., et al. (Cham: Springer; ), 173–206. 10.1007/978-3-319-14039-1_9 DOI

Messnarz R., Much A., Kreiner C., Biro M., Gorner J. (2017). “Need for the continuous evolution of systems engineering practices for modern vehicle engineering,” in EuroSPI 2017, CCIS 748, eds Stolfa J., et al. (Cham: Springer; ), 439–452. 10.1007/978-3-319-64218-5_36 DOI

Moisan F., Gonzalez C. (2017). Security under uncertainty: adaptive attackers are more challenging to human defenders than random attackers. Front. Psychol. 8:982. 10.3389/fpsyg.2017.00982 PubMed DOI PMC

Noy I. Y., Shinar D., Horrey W. J. (2018). Automated driving: safety blind spots. Safety Sci. 102 68–78. 10.1016/j.ssci.2017.07.018 DOI

Parkinson S., Ward P., Wilson K., Miller J. (2017). Cyber threats facing autonomous and connected vehicles: future challenges. IEEE Trans. Intel. Transport. Syst. 18 2898–2915. 10.1109/tits.2017.2665968 DOI

Parsons K. M., Young E., Butavicius M. A., McCormac A., Pattinson M. R., Jerram C. (2015). The influence of organizational information security culture on information security decision making. J. Cogn. Eng. Decis. Mak. 9 117–129. 10.11124/jbisrir-2015-1072 PubMed DOI

Petit J., Shladover S. E. (2014). Potential cyberattacks on automated vehicles. IEEE Trans. Intel. Trans. Syst. 16 546–556.

Poster W. R. (2018). Cybersecurity needs women. Nature 555 577–580. 10.1038/d41586-018-03327-w PubMed DOI

Proctor R. W., Chen J. (2015). The role of human factors/ergonomics in the science of security: decision making and action selection in cyberspace. Hum. Factors 57 721–727. 10.1177/0018720815585906 PubMed DOI

Quigley K., Burns C., Stallard K. (2015). ‘Cyber Gurus’: a rhetorical analysis of the language of cybersecurity specialists and the implications for security policy and critical infrastructure protection. Govern. Inform. Q. 32 108–117. 10.1016/j.giq.2015.02.001 DOI

Rizvi S., Willet J., Perino D., Marasco S., Condo C. (2017). A threat to vehicular cyber security and the urgency for correction. Proc. Comput. Sci. 114 100–105. 10.1016/j.procs.2017.09.021 DOI

SAE International (2014). Automated Vehicles. Available at: https://web.archive.org/web/20170903105244/https://www.sae.org/misc/pdfs/automated_driving.pdf (accessed October 17, 2017).

Sawyer B. D., Hancock P. A. (2018). Hacking the human: the prevalence paradox in cybersecurity. Hum. Factors 60 597–609. 10.1177/0018720818780472 PubMed DOI

Saxby D. J., Matthews G., Warm J. S., Hitchcock E. M., Neubauer C. (2013). Active and passive fatigue in simulated driving: discriminating styles of workload regulation and their safety impacts. J. Exp. Psychol. Appl. 19 287–300. 10.1037/a0034386 PubMed DOI PMC

Schumacher S., Kleinmann M., Melchers K. G. (2011). Job requirements for control room jobs in nuclear power plants. Saf. Sci. 49 394–405. 10.1016/j.ssci.2010.10.002 DOI

Stavova V., Dedkova L., Matyas V., Just M., Smahel D., Ukrop M. (2018). Experimental large-scale review ofattractors for detection of potentially unwanted applications. Comput. Secur. 76 92–100. 10.1016/j.cose.2018.02.017 DOI

Still J. D., Cain A., Schuster D. (2017). Human-centered authentication guidelines. Inform. Comput. Secur. 25 437–453.

Straub J., McMillan J., Yaniero B., Schumacher M., Almosalami A., Boatey K., et al. (2017). “CyberSecurity considerations for an interconnected self-driving car system of systems,” in Proceedings of the 2017 12th System of Systems Engineering Conference (SoSE), (Waikoloa, HI: IEEE; ).

Taeiagh A., Lim H. S. M. (2018). Governing autonomous vehicles: emerging responses for safety, liability, privacy, cybersecurity, and industry risks. Trans. Rev. 39 103–128. 10.1080/01441647.2018.1494640 DOI

Takahashi J. (2018). An overview of cyber security for connected vehicles. IEICE Trans. Inform. Syst. E101 2561–2575. 10.1587/transinf.2017ici0001 DOI

Thackray H., McAlaney J., Dogan H., Taylor J., Richardson C. (2016). “Social psychology: An under-used tool in cybersecurity,” in Proceedings of the 30th International BCS Human Computer Interaction Conference, HCI ’16, Poole.

Torten R., Reaiche C., Boyle S. (2018). The impact of security awareness on information technology professionals’ behavior. Comput. Secur. 79 68–79. 10.1016/j.cose.2018.08.007 DOI

Trösterer S., Gärtner M., Mirnig A., Meschsterjakov A., McCall R., Louveton N., et al. (2016). “You Never Forget How to Drive: Driver Skilling and Deskilling in the Advent of Autonomous Vehicles,” in Proceedings of the 8th International Conference on Automotive User Interfaces and Interactive Vehicular Applications, Ann Arbor, MI, 209–216.

Welk A. K., Hong K. W., Zielinska O. A., Tembe R., Murphy-Hill E., Mayhorn C. B. (2015). Will the “phisher-men” reel you in? Assessing individual differences in a phishing detection task. Int. J. Cyber Behav. Psychol. Learn. 5 1–16. 10.4018/IJCBPL.2015100101 DOI

Wiederhold B. K. (2014). The role of psychology in enhancing cybersecurity. Cybersecur. Behav. Soc. Netw. 17 131–132. 10.1089/cyber.2014.1502 PubMed DOI

Yan Z., Robertson T., Yan R., Park S. Y., Bordoff S., Chen Q., et al. (2018). Finding the weakes links in the weakest link: how well do undergraduate students make cybersecurity judgment? Comput. Hum. Behav. 84 375–382. 10.1016/j.chb.2018.02.019 DOI