Mobility as a service: MAnaging Cybersecurity Risks across Consumers, Organisations and Sectors (MACRO)

Lead Research Organisation: CRANFIELD UNIVERSITY
Department Name: School of Water, Energy and Environment

Abstract

Mobility as a service (MaaS) concept offers a user a unified service that combines various forms of transport at a single gateway. MaaS carries a promise of reduction of traffic congestion, improvement of customer convenience, reduction of social inequalities and carbon emissions by fostering the use of public transport. Key enablers for MaaS encompass (1) a single application allowing to plan and conduct journeys, (2) software system allowing multiple actors deliver MaaS, and (3) AI-based analytics allowing journey and resource optimisation. All those are susceptible to a wide range of types of cyber-attacks and the complexity of the MaaS ecosystem (customers, transportation providers, data providers, etc.) and its dependence on the data creates a unique challenge from the cyber security perspective.

This interdisciplinary proposal leverages leading research expertise and excellence on energy transitions, infrastructure systems modelling, and artificial intelligence from Cranfield University and cybersecurity and human factors from University of Kent.

The ambition is to develop the world's first agent-based modelling framework that will explicitly focus on the cyber security aspects of the MaaS ecosystem. This shall be achieved by use of agent-based simulation techniques to define a modelling framework that will encompass cross-sector and cross-organizational agent interactions in the context of mobility, data sharing, and cybersecurity threats. While our ambition is defining a comprehensive view of the MaaS ecosystem, the proposal intends to focus on a MaaS customers' perspective: incentives, behaviours in both terms of transportation needs and cybersecurity behaviours and attitudes - this will be achieved by developing agent-based simulation with complex, adaptive agents who are capable optimise their behaviour.

One of key enablers of the MaaS ecosystem is exploitation of data by means of predictive Artificial Intelligence (AI) models. It has been widely accepted that machine learning and AI algorithms can be exploited by malicious actors using sophisticated cyber attacks. One of the proposed work streams will explore how the rapid deployment of new deep learning algorithms by service providers can be adversarially fooled to create unfairness and failures in the individual sectors and in the wider MaaS ecosystem and how this can be effectively mitigated in a wide range of case studies.

The practical value of the framework and its ability to capture interdependencies between physical aspects of MaaS and cyber domain will be validated by means of integration of case studies data. The validity of model definition and produced outputs will be reviewed during a series of expert workshops and knowledge dissemination activities. These would be attended by stakeholders and subject matter experts comprising a mix of representatives of academics, government, regulators and industry, including our past/ current collaborators such as Ofgem, National Rail, local authorities, bus operators, Data Communications Company, and commercial providers developing integrated technologies or services (e.g. IBM). The public acceptability of the developed MaaS scenarios and strategies to make them secure will be analysed in focus groups.

The final report will discuss insights and lessons learned from development of a cross-sector cyber security framework, the fitness of existing institutional landscape for the development of MaaS and opportunities, barriers and risks for the alignment of policy and regulatory frameworks across communications, transport and energy systems to address potential conflicts and vulnerabilities from the cyber security perspective.
 
Description Our findings are as follows:
• The Agent-Based Modeling (ABM) approach can help characterize more comprehensive scenarios of MaaS ecosystems beyond simple pricing strategies.
• In an economy undergoing digital transformation, the emergence of cyber-physical systems like the MaaS ecosystem will inevitably bring about cyber security risk.
• Federated Deep Deterministic Policy Gradient (FDDPG) could enhance MaaS utility and foster passenger trust and participation in data-driven transportation systems.
• Transparency, trust, and clear communication emerged as significant contributors to user confidence and acceptance of MaaS services.
• Awareness of phishing attacks was notably high, with the public acknowledging cyber security as an inherent aspect of modern life.
• The results of an online survey indicate that some cyber security and privacy-related factors do have an effect on travellers' adoption of MaaS services, but their effect is outweighed by costs and benefit-related factors when all factors are considered together.
Exploitation Route Our findings could help local authorities to help developing MaaS solutions. We will keep further opportunities to share our findings with them.
Sectors Communities and Social Services/Policy

Energy

Transport

 
Description We shared MAAS concepts with Oxfordshire County Council. We have also worked with Connected Places Catapult. We will look to seek further opportunities to apply our findings in actual MaaS projects.
First Year Of Impact 2023
Sector Transport
Impact Types Societal

Policy & public services

 
Description MACRO project dissemination workshop (6/2/2024)
Geographic Reach National 
Policy Influence Type Contribution to new or improved professional practice
Impact On 6/2/2024, in London, the MACRO project team shared the following project findings: • The factors determining the users' and organisations' understanding of cyber security risks. • The impact of incentives on users' MaaS choices and emerging travel patterns under alternative cyber security risks using a novel agent-based model • Public perceptions and attitudes towards data sharing for MaaS services and their dependency on geographical factors and journey types • The management of risks from the use of deep learning algorithms in the wider MaaS ecosystem The discussions and presented led to the following conclusions: • The Agent-Based Modeling (ABM) approach can help characterize more comprehensive scenarios of MaaS ecosystems beyond simple pricing strategies. • In an economy undergoing digital transformation, the emergence of cyber-physical systems like the MaaS ecosystem will inevitably bring about cyber security risk. • Federated Deep Deterministic Policy Gradient (FDDPG) could enhance MaaS utility and foster passenger trust and participation in data-driven transportation systems. • Transparency, trust, and clear communication emerged as significant contributors to user confidence and acceptance of MaaS services. • Awareness of phishing attacks was notably high, with the public acknowledging cyber security as an inherent aspect of modern life. • The results of an online survey indicate that some cyber security and privacy-related factors do have an effect on travellers' adoption of MaaS services, but their effect is outweighed by costs and benefit-related factors when all factors are considered together.
URL https://www.eventbrite.co.uk/e/mobility-as-a-service-and-cyber-security-dissemination-event-tickets-...
 
Description PhD training
Geographic Reach Europe 
Policy Influence Type Influenced training of practitioners or researchers
 
Description PhD training
Geographic Reach Europe 
Policy Influence Type Influenced training of practitioners or researchers
 
Description PhD training
Geographic Reach Europe 
Policy Influence Type Influenced training of practitioners or researchers
Impact A PhD student at the University of Kent has been involved in part-time research of the EPSRC funded project PriVELT (EP/R033749/1, EP/R033609/1), recruited by the University of Kent. The main research is developing open-source software to construct B2B relationships using open-source data.
 
Description Technical report for Department for Digital, Culture, Media & Sport (DCMS)
Geographic Reach National 
Policy Influence Type Contribution to a national consultation/review
URL https://cyber.kent.ac.uk/reports/2022_DCMS_report_Cyber_Security_Risks_NZ_Technologies.pdf
 
Description AISA4AI: AI-Assisted Security Analysis For Automotive Industry
Amount £126,043 (GBP)
Organisation Honda Research Institute Europe GmbH 
Sector Private
Country Germany
Start 09/2023 
End 07/2024
 
Description Improving the Privacy and Security in Federated Learning
Amount £153,347 (GBP)
Organisation Honda Research Institute Europe GmbH 
Sector Private
Country Germany
Start 01/2023 
End 06/2026
 
Title MaaS adoption model 
Description We have developed an agent based model, using AnyLogic software. We're in the process of writing journal papers to share our findings with the wider community. 
Type Of Material Computer model/algorithm 
Year Produced 2024 
Provided To Others? No  
Impact The model is developed in the propriety software, AnyLogic. 
 
Description Partnership with Honda Research Institute Europe (HRI-EU) 
Organisation Honda Research Institute Europe GmbH
Country Germany 
Sector Private 
PI Contribution A research associate is employed to contribute to the project AISA4AI: AI-Assisted Security Analysis For Automotive Industry by utilising the Large Language Model (LLM) and graphical modeling to conduct privacy and security analysis for automotive vehicle centric ecosystem.
Collaborator Contribution A research team consists of scientis from different diciplines are committed to partake regular project meetings for brainstorming, discussion, and research dissemination.
Impact N/A
Start Year 2023
 
Description Staff placement at Oxfordshire County Council 
Organisation Oxfordshire County Council
Country United Kingdom 
Sector Public 
PI Contribution Oxfordshire County Council (OCC) was a project partner in the project. Following a number of meetings, they have expressed interest in having a researcher based at the council to inform their planning activities for future mobility services. Dr Ali Alderete Peralta was seconded at OCC during 1-9 September 2022. This has enabled us sharing our knowledge with the council to inform their future project ideas.
Collaborator Contribution This activity enabled us informing Oxfordshire County Council's future mobility initiatives. Dr Peralta is an early career researcher. This secondment has enabled Dr Peralta to understand local policy making process. Dr Peralta is the PDRA based at Cranfield, working on MACRO project
Impact Dr Peralta is an early career research with expertise in agent based modelling. His secondment at the council enabled him to understand local policy making process.
Start Year 2022
 
Description Mobility as a service: MAnaging Cyber Security Risks across Consumers, Organisations and Sectors (MACRO) 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Policymakers/politicians
Results and Impact An online workshop was held with academic presentations, breakout discussions and a panel debate that brought together international experts.
The workshop had the following objectives:
• Help inform the project's research agenda on making MaaS ecosystems more secure for all participating actors.
• Co-define criteria for the selection of low-carbon MaaS scenarios where there are significant cyber security risks for various participating actors.
• Identify common cyber security risks in the selected MaaS scenarios, considering relevant business models and cyber security-related behaviours of people and organisations.
• Gather requirements, preferences, wishes and intents to collaborate from participants representing different sectors on the research agenda.
Year(s) Of Engagement Activity 2021
 
Description Oral presentation at the 2022 5th IEEE Conference on Dependable and Secure Computing (IEEE DSC 2022) 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Professional Practitioners
Results and Impact Haiyue Yuan remotely presented a talk about 'Cyber Security Risks of Net Zero Technologies' at the 2022 5th IEEE Conference on Dependable and Secure Computing (IEEE DSC 2022).
Year(s) Of Engagement Activity 2022
URL https://attend.ieee.org/dsc-2022/agenda/
 
Description Oral presentation at the 26th IEEE International Conference on Intelligent Transportation Systems (ITSC 2023) 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Professional Practitioners
Results and Impact Maria Heering presented 'The Impact of Privacy and Security Attitudes and Concerns of Travellers on Their Willingness to Use Mobility-as-a-Service Systems' at the Special Session of Mobility-as-a-Service: managing cyber security risks for a seamless smart connectivity at the 26th IEEE International Conference on Intelligent Transportation Systems (ITSC 2023)
Year(s) Of Engagement Activity 2023
URL https://2023.ieee-itsc.org/detailed-program/
 
Description University of Kent launched a public survey for understanding peoples' risk and privacy perceptions of Mobility-as-a-Service (MaaS) 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Public/other audiences
Results and Impact Researchers from University of Kent launched a public survey for understanding peoples' risk and privacy perceptions of Mobility-as-a-Service (MaaS) in early 2023. 320 participants in the UK were recruited to partake the study.
Year(s) Of Engagement Activity 2023
URL https://kent.onlinesurveys.ac.uk/macro-users-survey-17092022