Mobility as a service: MAnaging Cybersecurity Risks across Consumers, Organisations and Sectors (MACRO)
Lead Research Organisation:
CRANFIELD UNIVERSITY
Department Name: School of Water, Energy and Environment
Abstract
Mobility as a service (MaaS) concept offers a user a unified service that combines various forms of transport at a single gateway. MaaS carries a promise of reduction of traffic congestion, improvement of customer convenience, reduction of social inequalities and carbon emissions by fostering the use of public transport. Key enablers for MaaS encompass (1) a single application allowing to plan and conduct journeys, (2) software system allowing multiple actors deliver MaaS, and (3) AI-based analytics allowing journey and resource optimisation. All those are susceptible to a wide range of types of cyber-attacks and the complexity of the MaaS ecosystem (customers, transportation providers, data providers, etc.) and its dependence on the data creates a unique challenge from the cyber security perspective.
This interdisciplinary proposal leverages leading research expertise and excellence on energy transitions, infrastructure systems modelling, and artificial intelligence from Cranfield University and cybersecurity and human factors from University of Kent.
The ambition is to develop the world's first agent-based modelling framework that will explicitly focus on the cyber security aspects of the MaaS ecosystem. This shall be achieved by use of agent-based simulation techniques to define a modelling framework that will encompass cross-sector and cross-organizational agent interactions in the context of mobility, data sharing, and cybersecurity threats. While our ambition is defining a comprehensive view of the MaaS ecosystem, the proposal intends to focus on a MaaS customers' perspective: incentives, behaviours in both terms of transportation needs and cybersecurity behaviours and attitudes - this will be achieved by developing agent-based simulation with complex, adaptive agents who are capable optimise their behaviour.
One of key enablers of the MaaS ecosystem is exploitation of data by means of predictive Artificial Intelligence (AI) models. It has been widely accepted that machine learning and AI algorithms can be exploited by malicious actors using sophisticated cyber attacks. One of the proposed work streams will explore how the rapid deployment of new deep learning algorithms by service providers can be adversarially fooled to create unfairness and failures in the individual sectors and in the wider MaaS ecosystem and how this can be effectively mitigated in a wide range of case studies.
The practical value of the framework and its ability to capture interdependencies between physical aspects of MaaS and cyber domain will be validated by means of integration of case studies data. The validity of model definition and produced outputs will be reviewed during a series of expert workshops and knowledge dissemination activities. These would be attended by stakeholders and subject matter experts comprising a mix of representatives of academics, government, regulators and industry, including our past/ current collaborators such as Ofgem, National Rail, local authorities, bus operators, Data Communications Company, and commercial providers developing integrated technologies or services (e.g. IBM). The public acceptability of the developed MaaS scenarios and strategies to make them secure will be analysed in focus groups.
The final report will discuss insights and lessons learned from development of a cross-sector cyber security framework, the fitness of existing institutional landscape for the development of MaaS and opportunities, barriers and risks for the alignment of policy and regulatory frameworks across communications, transport and energy systems to address potential conflicts and vulnerabilities from the cyber security perspective.
This interdisciplinary proposal leverages leading research expertise and excellence on energy transitions, infrastructure systems modelling, and artificial intelligence from Cranfield University and cybersecurity and human factors from University of Kent.
The ambition is to develop the world's first agent-based modelling framework that will explicitly focus on the cyber security aspects of the MaaS ecosystem. This shall be achieved by use of agent-based simulation techniques to define a modelling framework that will encompass cross-sector and cross-organizational agent interactions in the context of mobility, data sharing, and cybersecurity threats. While our ambition is defining a comprehensive view of the MaaS ecosystem, the proposal intends to focus on a MaaS customers' perspective: incentives, behaviours in both terms of transportation needs and cybersecurity behaviours and attitudes - this will be achieved by developing agent-based simulation with complex, adaptive agents who are capable optimise their behaviour.
One of key enablers of the MaaS ecosystem is exploitation of data by means of predictive Artificial Intelligence (AI) models. It has been widely accepted that machine learning and AI algorithms can be exploited by malicious actors using sophisticated cyber attacks. One of the proposed work streams will explore how the rapid deployment of new deep learning algorithms by service providers can be adversarially fooled to create unfairness and failures in the individual sectors and in the wider MaaS ecosystem and how this can be effectively mitigated in a wide range of case studies.
The practical value of the framework and its ability to capture interdependencies between physical aspects of MaaS and cyber domain will be validated by means of integration of case studies data. The validity of model definition and produced outputs will be reviewed during a series of expert workshops and knowledge dissemination activities. These would be attended by stakeholders and subject matter experts comprising a mix of representatives of academics, government, regulators and industry, including our past/ current collaborators such as Ofgem, National Rail, local authorities, bus operators, Data Communications Company, and commercial providers developing integrated technologies or services (e.g. IBM). The public acceptability of the developed MaaS scenarios and strategies to make them secure will be analysed in focus groups.
The final report will discuss insights and lessons learned from development of a cross-sector cyber security framework, the fitness of existing institutional landscape for the development of MaaS and opportunities, barriers and risks for the alignment of policy and regulatory frameworks across communications, transport and energy systems to address potential conflicts and vulnerabilities from the cyber security perspective.
Publications
Yuan H
(2022)
Cyber Security Risks of Net Zero Technologies
Chu K
(2023)
Deep reinforcement learning of passenger behavior in multimodal journey planning with proportional fairness
in Neural Computing and Applications
Balta-Ozkan N
(2024)
Place-Based Decarbonisation in Low and Middle Income Countries: A whole systems view
in Transport Policy
Chu K
(2024)
Privacy-Preserving Federated Deep Reinforcement Learning for Mobility-as-a-Service
in IEEE Transactions on Intelligent Transportation Systems
Zou M
(2023)
Uncertainty quantification of multi-scale resilience in networked systems with nonlinear dynamics using arbitrary polynomial chaos.
in Scientific reports
| Description | Our findings are as follows: • The Agent-Based Modeling (ABM) approach can help characterize more comprehensive scenarios of MaaS ecosystems beyond simple pricing strategies. • In an economy undergoing digital transformation, the emergence of cyber-physical systems like the MaaS ecosystem will inevitably bring about cyber security risk. • Federated Deep Deterministic Policy Gradient (FDDPG) could enhance MaaS utility and foster passenger trust and participation in data-driven transportation systems. • Transparency, trust, and clear communication emerged as significant contributors to user confidence and acceptance of MaaS services. • Awareness of phishing attacks was notably high, with the public acknowledging cyber security as an inherent aspect of modern life. • The results of an online survey indicate that some cyber security and privacy-related factors do have an effect on travellers' adoption of MaaS services, but their effect is outweighed by costs and benefit-related factors when all factors are considered together. |
| Exploitation Route | Our findings could help local authorities to help developing MaaS solutions. We will keep further opportunities to share our findings with them. |
| Sectors | Communities and Social Services/Policy Energy Transport |
| Description | We shared MAAS concepts with Oxfordshire County Council. We have also worked with Connected Places Catapult. We will look to seek further opportunities to apply our findings in actual MaaS projects. |
| First Year Of Impact | 2023 |
| Sector | Transport |
| Impact Types | Societal Policy & public services |
| Description | MACRO project dissemination workshop (6/2/2024) |
| Geographic Reach | National |
| Policy Influence Type | Contribution to new or improved professional practice |
| Impact | On 6/2/2024, in London, the MACRO project team shared the following project findings: • The factors determining the users' and organisations' understanding of cyber security risks. • The impact of incentives on users' MaaS choices and emerging travel patterns under alternative cyber security risks using a novel agent-based model • Public perceptions and attitudes towards data sharing for MaaS services and their dependency on geographical factors and journey types • The management of risks from the use of deep learning algorithms in the wider MaaS ecosystem The discussions and presented led to the following conclusions: • The Agent-Based Modeling (ABM) approach can help characterize more comprehensive scenarios of MaaS ecosystems beyond simple pricing strategies. • In an economy undergoing digital transformation, the emergence of cyber-physical systems like the MaaS ecosystem will inevitably bring about cyber security risk. • Federated Deep Deterministic Policy Gradient (FDDPG) could enhance MaaS utility and foster passenger trust and participation in data-driven transportation systems. • Transparency, trust, and clear communication emerged as significant contributors to user confidence and acceptance of MaaS services. • Awareness of phishing attacks was notably high, with the public acknowledging cyber security as an inherent aspect of modern life. • The results of an online survey indicate that some cyber security and privacy-related factors do have an effect on travellers' adoption of MaaS services, but their effect is outweighed by costs and benefit-related factors when all factors are considered together. |
| URL | https://www.eventbrite.co.uk/e/mobility-as-a-service-and-cyber-security-dissemination-event-tickets-... |
| Description | PhD training |
| Geographic Reach | Europe |
| Policy Influence Type | Influenced training of practitioners or researchers |
| Description | PhD training |
| Geographic Reach | Europe |
| Policy Influence Type | Influenced training of practitioners or researchers |
| Description | PhD training |
| Geographic Reach | Europe |
| Policy Influence Type | Influenced training of practitioners or researchers |
| Impact | A PhD student at the University of Kent has been involved in part-time research of the EPSRC funded project PriVELT (EP/R033749/1, EP/R033609/1), recruited by the University of Kent. The main research is developing open-source software to construct B2B relationships using open-source data. |
| Description | Technical report for Department for Digital, Culture, Media & Sport (DCMS) |
| Geographic Reach | National |
| Policy Influence Type | Contribution to a national consultation/review |
| URL | https://cyber.kent.ac.uk/reports/2022_DCMS_report_Cyber_Security_Risks_NZ_Technologies.pdf |
| Description | AISA4AI: AI-Assisted Security Analysis For Automotive Industry |
| Amount | £126,043 (GBP) |
| Organisation | Honda Research Institute Europe GmbH |
| Sector | Private |
| Country | Germany |
| Start | 09/2023 |
| End | 07/2024 |
| Description | Improving the Privacy and Security in Federated Learning |
| Amount | £153,347 (GBP) |
| Organisation | Honda Research Institute Europe GmbH |
| Sector | Private |
| Country | Germany |
| Start | 01/2023 |
| End | 06/2026 |
| Title | MaaS adoption model |
| Description | We have developed an agent based model, using AnyLogic software. We're in the process of writing journal papers to share our findings with the wider community. |
| Type Of Material | Computer model/algorithm |
| Year Produced | 2024 |
| Provided To Others? | No |
| Impact | The model is developed in the propriety software, AnyLogic. |
| Description | Partnership with Honda Research Institute Europe (HRI-EU) |
| Organisation | Honda Research Institute Europe GmbH |
| Country | Germany |
| Sector | Private |
| PI Contribution | A research associate is employed to contribute to the project AISA4AI: AI-Assisted Security Analysis For Automotive Industry by utilising the Large Language Model (LLM) and graphical modeling to conduct privacy and security analysis for automotive vehicle centric ecosystem. |
| Collaborator Contribution | A research team consists of scientis from different diciplines are committed to partake regular project meetings for brainstorming, discussion, and research dissemination. |
| Impact | N/A |
| Start Year | 2023 |
| Description | Staff placement at Oxfordshire County Council |
| Organisation | Oxfordshire County Council |
| Country | United Kingdom |
| Sector | Public |
| PI Contribution | Oxfordshire County Council (OCC) was a project partner in the project. Following a number of meetings, they have expressed interest in having a researcher based at the council to inform their planning activities for future mobility services. Dr Ali Alderete Peralta was seconded at OCC during 1-9 September 2022. This has enabled us sharing our knowledge with the council to inform their future project ideas. |
| Collaborator Contribution | This activity enabled us informing Oxfordshire County Council's future mobility initiatives. Dr Peralta is an early career researcher. This secondment has enabled Dr Peralta to understand local policy making process. Dr Peralta is the PDRA based at Cranfield, working on MACRO project |
| Impact | Dr Peralta is an early career research with expertise in agent based modelling. His secondment at the council enabled him to understand local policy making process. |
| Start Year | 2022 |
| Description | Mobility as a service: MAnaging Cyber Security Risks across Consumers, Organisations and Sectors (MACRO) |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Policymakers/politicians |
| Results and Impact | An online workshop was held with academic presentations, breakout discussions and a panel debate that brought together international experts. The workshop had the following objectives: • Help inform the project's research agenda on making MaaS ecosystems more secure for all participating actors. • Co-define criteria for the selection of low-carbon MaaS scenarios where there are significant cyber security risks for various participating actors. • Identify common cyber security risks in the selected MaaS scenarios, considering relevant business models and cyber security-related behaviours of people and organisations. • Gather requirements, preferences, wishes and intents to collaborate from participants representing different sectors on the research agenda. |
| Year(s) Of Engagement Activity | 2021 |
| Description | Oral presentation at the 2022 5th IEEE Conference on Dependable and Secure Computing (IEEE DSC 2022) |
| Form Of Engagement Activity | A talk or presentation |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Professional Practitioners |
| Results and Impact | Haiyue Yuan remotely presented a talk about 'Cyber Security Risks of Net Zero Technologies' at the 2022 5th IEEE Conference on Dependable and Secure Computing (IEEE DSC 2022). |
| Year(s) Of Engagement Activity | 2022 |
| URL | https://attend.ieee.org/dsc-2022/agenda/ |
| Description | Oral presentation at the 26th IEEE International Conference on Intelligent Transportation Systems (ITSC 2023) |
| Form Of Engagement Activity | A talk or presentation |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Professional Practitioners |
| Results and Impact | Maria Heering presented 'The Impact of Privacy and Security Attitudes and Concerns of Travellers on Their Willingness to Use Mobility-as-a-Service Systems' at the Special Session of Mobility-as-a-Service: managing cyber security risks for a seamless smart connectivity at the 26th IEEE International Conference on Intelligent Transportation Systems (ITSC 2023) |
| Year(s) Of Engagement Activity | 2023 |
| URL | https://2023.ieee-itsc.org/detailed-program/ |
| Description | University of Kent launched a public survey for understanding peoples' risk and privacy perceptions of Mobility-as-a-Service (MaaS) |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Public/other audiences |
| Results and Impact | Researchers from University of Kent launched a public survey for understanding peoples' risk and privacy perceptions of Mobility-as-a-Service (MaaS) in early 2023. 320 participants in the UK were recruited to partake the study. |
| Year(s) Of Engagement Activity | 2023 |
| URL | https://kent.onlinesurveys.ac.uk/macro-users-survey-17092022 |