Cyber-resilience in cyber-physical systems

The mobility of the future is built on highly interconnected cyber-physical systems, where vehicles, infrastructure and digital services make decisions in real time.

In this environment, a cyber-attack has a systemic effect and not only affects data but can have direct physical consequences, such as altering trajectories, disrupting services or compromising people’s safety.

This reality turns autonomous vehicles, electric charging stations and shared mobility platforms into parts of a critical infrastructure, fully connected to the city and to other key systems, such as the power grid, public administration or telecommunications.

While this integration generates great opportunities, it also broadens the attack surface and even opens the door to the realisation of risks that can impact road safety, user privacy and the continuity of essential services. For this reason, protection across the entire value chain is critical.

It is in this context that cyber-resilience in cyber-physical mobility systems becomes a key element. It is not just about preventing cyber-attacks, but about ensuring that systems are capable of withstanding them, responding to them and recovering effectively and efficiently, all while maintaining their functionality and the trust of users.

Below, we explore three areas that exemplify this challenge: autonomous and connected mobility, electric mobility, and shared mobility.

This approach complements other applications of cyber-resilience in cyber-physical systems such as critical infrastructures.

Cyber-Physical Systems in Autonomous Mobility: Risks and Solutions

Autonomous mobility, known as CCAM (Connected, Cooperative and Automated Mobility), represents a paradigm shift in transport. Autonomous vehicles rely on a combination of sensors such as LiDARs, radars and cameras, as well as artificial intelligence algorithms that process data in real time to make driving decisions.

These vehicles communicate with other vehicles and the infrastructure via V2X (Vehicle-to-Everything) communications. Their continuous communication is essential for safety and efficiency, but it also creates new attack vectors. Any manipulation of these communications could lead to trajectory errors, driving alterations, or collisions, with direct consequences in the physical world.

To address this challenge, the SELFY project, coordinated by Eurecat, has developed self-assessment and self-protection tools that strengthen the cyber-resilience of connected vehicles in urban environments.

Their solutions allow for the real-time monitoring of the status of on-board systems, the detection of vulnerabilities and the application of mitigation measures before a critical incident occurs. The system analyses both the vehicle’s behaviour and its interactions with the urban infrastructure.

Una solución desarrollada por Eurecat ha permitido detectar más del 95 % de los vehículos vulnerables y más del 90 % de las brechas de seguridad durante pruebas piloto en entornos controlados.

The results have been demonstrated in pilot tests carried out in Catalonia and Austria, where the tools developed detected more than 95% of vulnerable vehicles and over 90% of security breaches, highlighting the potential of these technologies to improve the security of connected mobility.

In parallel, the Smart City Manager project expands this vision to an urban scale. By using Big Data, Blockchain and artificial intelligence, this technological solution enables the analysis of anonymised data, traffic flow prediction and the detection of anomalous situations, facilitating safer, more efficient and data-driven management.

Electric mobility: an interconnected network with new challenges

Electric mobility transforms not only the vehicle but the entire associated infrastructure. Vehicles, charging stations and power grids form an ecosystem of connected infrastructures and interconnected digital systems, where any vulnerability can trigger a chain reaction.

Charging stations, for example, can become entry points for attacks that affect both the vehicle and the power grid. Furthermore, mobile applications, web interfaces and management systems can expose critical data and functionalities if they are not designed with security in mind from the outset.

In this context, a cyber-attack could not only compromise data but also cause physical disruption, particularly in systems that manage energy, such as batteries.

Given this complexity, as part of the TWIN LOOP project, Eurecat’s IT&OT Security Unit has developed a virtual environment to launch a series of cyber-attacks to assess which countermeasures are more effective in mitigating them. This approach allows for the optimisation of the vehicle’s performance, while also improving its security and resilience throughout its entire life cycle.

Specifically, Eurecat has provided advanced cybersecurity solutions, such as a virtual environment to simulate attacks and validate cybersecurity solutions in electric vehicles, as well as an identity management system and post-quantum encryption solutions to protect critical vehicle data and communications.

Digital identity as a critical point in shared mobility

Shared mobility services, such as car-sharing, bicycles or electric scooters, rely on digital platforms that manage access through mobile applications and electronic credentials. This makes digital identity a central element of the system.

If this layer is not adequately designed and protected, it can become a weak point. The use of weak passwords, their reuse, or a lack of robust authentication can allow unauthorised access or expose personal data.

To address these risks, in the MADRAS project, Eurecat has developed advanced solutions to ensure the security of digital identification in shared mobility environments, such as electric motorcycles. Among the innovations is the use of fingerprint sensors as an alternative to passwords. This system improves both security and the user experience, reducing the risk of theft or misuse.

Cyber-resilience: the foundation of trust in future mobility

Future mobility will be autonomous, electric, shared and deeply interconnected. This means that the systems that make it possible –vehicles, infrastructure and digital platforms– must be not only efficient but also secure and resilient.

Cyber-resilience thus becomes a key element for ensuring trust, service continuity and the adoption of new technologies. Identifying vulnerabilities, simulating attack scenarios and deploying efficient response mechanisms are essential actions to protect both users and infrastructure.

Through its participation in public R&D&I projects such as SELFY, TWIN LOOP, Smart City Manager and MADRAS, and private projects in direct collaboration with companies, Eurecat demonstrates how applied research can transform these challenges into real-world solutions.

In an increasingly connected world, protecting cyber-physical mobility systems is, ultimately, protecting the future of transport.

Cyber-resilience in cyber-physical systems: protecting the connected mobility of the future

Cyber-Physical Systems in Autonomous Mobility: Risks and Solutions

Electric mobility: an interconnected network with new challenges

Digital identity as a critical point in shared mobility

Cyber-resilience: the foundation of trust in future mobility

Cyber resilience in critical infrastructure: how to protect industrial systems against cyber-attacks

What are PFAS and how to remove them: technologies to reduce these “forever chemicals” in water

Emerging contaminants: a new challenge for water management

Female talent in science and technology, key to innovation and the future

Placing companies at the centre of the innovation ecosystem

Cyber-resilience in cyber-physical systems: protecting the connected mobility of the future