Risk-based Cybersecurity Assessment for Vehicle to Everything (V2X) Communications: A Multi-Tier Experimental Framework

Connected vehicles promise transformative safety improvements through Vehicle to Everything (V2X) wireless communication, yet the broadcast nature of these networks, heterogeneous protocol integration (DSRC, C-V2X, GNSS, CAN), and millisecond latency safety requirements introduce cybersecurity challenges fundamentally different from enterprise IT contexts. Current vulnerability assessment methods fall short in three ways: simulations miss physical layer attack vectors, hardware testbeds cannot scale economically, and conventional IT security frameworks prioritize confidentiality over the availability and integrity critical for preventing collisions. Bridging these gaps demands adapted methodologies validated across multiple experimental paradigms. This central contribution of this research addresses the cybersecurity challenges inherent in heterogeneous Vehicle to Everything (V2X) communication environments, where protocol diversity across DSRC, C-V2X, GNSS, and in-vehicle networks creates complex and exploitable vulnerabilities. To enable realistic and scalable experimentation, a comprehensive multi tier testbed architecture was developed, integrating distinct yet complementary validation layers. The first layer employs Software Defined Radio (SDR) platforms to emulate physical layer attacks that cannot be effectively represented in simulation. The second layer incorporates industrial grade Cohda Wireless equipment to ensure applicability and consistency with commercial V2X deployments, The third layer the CyberVehiCare hardware in the loop testbed, facilitates intermediate scale testing under realistic vehicular operating conditions. The integrated framework revealed multiple cross protocol vulnerabilities that are typically undetected by isolated or single paradigm approaches. To systematically assess their impact, a Safety Impact Scoring (SIS) mechanism was introduced, aligned with ISO/SAE 21434 standards, enabling quantifiable evaluation of the physical consequences of communication breaches. Furthermore, a Graph Neural Network (GNN) based intrusion detection system was developed to operate at the physical layer, thereby supporting real time mitigation. In addition, a hands on cybersecurity training framework strengthening workforce readiness for automotive cybersecurity engineering. Collectively, these contributions span vulnerability discovery, risk quantification, real time detection, and organizational competence development providing holistic V2X cybersecurity solutions bridging academic research and automotive industry deployment needs.