Privacy Impact Assessment of Cyber Attacks on Connected and Autonomous Vehicles

Connected and autonomous vehicles (CAVs) are vulnerable to secu-rity gaps that can result in serious consequences, including cyber-physical and privacy risks. For example, an attacker can reconstruct a vehicle's location trajectory by knowing the speed and steering wheel position of the vehicle. Such inferences not only lead to safety issues but also significantly threaten privacy. This paper assesses the privacy impacts of cyber threats on vehicular networks. We augment the Privacy Risk Assessment Methodology (PRAM), pro-posed by the National Institute of Standards and Technology, with cyber threats, with cyber threats, which are, in practice, mapped to PRAM impact metrics. We demonstrate the practical application of the enhanced PRAM methodology through a use case that high-lights attacks leading to privacy risks in CAVs. The consideration of cyber attacks for privacy risk assessment addresses a major gap in current practices, which is to integrate privacy risk into cyber risk management.