• Home
• Media
• News
• 2026
• Securing the human behind the wheel: Western Engineering researchers advance cybersecurity for semi-autonomous vehicles

Securing the human behind the wheel: Western Engineering researchers advance cybersecurity for semi-autonomous vehicles

(L to R) Apurva Narayan and Atrisha Sarkar, professors in the department of electrical and computer engineering, and Mohamed Zaki, a professor in the department of civil and environmental engineering, are working on a project to examine how cyberattacks could exploit human behaviour in semi-autonomous vehicles. (Jacob Arts / Western Engineering)

Today’s vehicles can steer, brake and change lanes on their own. But in critical moments, they still rely on a human driver to take control.

What happens if a cyberattack doesn’t target the vehicle’s software but instead exploits the driver’s behaviour?

That question sits at the heart of a newly funded research project at Western Engineering, where three researchers are working to close a critical gap in the cybersecurity of semi-autonomous vehicles.

With support from the National Cybersecurity Consortium (NCC), project lead Atrisha Sarkar, professor in the department of electrical and computer engineering, Mohamed Zaki, professor in the department of civil and environmental engineering and Apurva Narayan, professor in the department of electrical and computer engineering, are examining how adversarial actors could exploit human behavioural patterns in vehicles equipped with Level-2 Advanced Driver Assistance Systems (ADAS).

Their work represents a shift in how automotive cybersecurity is understood, moving beyond code and hardware to include the human driver as part of the security system.

A new kind of vulnerability

Many vehicles currently on Canadian roads feature Level-2 automation, meaning they can assist with steering, braking and lane changes. However, they still depend on the driver to remain attentive and ready to take over when prompted.

“This dependency creates a novel class of vulnerabilities,” explains Sarkar. “Modern cybersecurity frameworks focus on software and hardware. But they don’t adequately address risks rooted in driver behaviour, attention, and trust in automation.”

For example, if an attacker understands how drivers typically respond to alerts or how long it takes them to re-engage, that information could be exploited to maximize disruption or risk during a takeover request.

Instead of treating the human as an external variable, Sarkar’s project integrates human behaviour directly into cybersecurity modelling.

Her team is developing models and simulations that treat driver behaviour as part of the cybersecurity system.
The goal is to design new safety protocols and defensive strategies that anticipate these risks before they manifest on public roads.

(L to R) PhD students Mayar Nour and Nour ElGharably test different driving scenarios using a simulator for semi-autonomous vehicles. (Jacob Arts / Western Engineering)

Collaboration at the intersection of smart mobility and security

Zaki’s research focuses on transportation infrastructure and next-generation mobility systems, an emerging field often referred to as smart mobility.

“My research asks how we measure, improve and verify safety in next-generation transportation systems,” says Zaki. “The NCC project extends that work by introducing cybersecurity risks, a critical issue that is not yet fully understood in the context of smart mobility.”

As vehicles become increasingly digitized, essentially “computers on wheels,” they inherit vulnerabilities similar to smartphones and other connected technologies.

“When we think about future cars, we must think about them as highly advanced computing systems,” Zaki explains. “Just like a home computer can be vulnerable to hacking, so can a connected vehicle.”

Zaki believes this project demonstrates the strength of interdisciplinary collaboration at Western Engineering.

“By combining cybersecurity expertise with transportation systems research, we are addressing a challenge that neither field can solve alone.”

Impact beyond the laboratory

The implications of the research extend far beyond academia.

Drivers and road users stand to benefit directly from safer alert systems and improved takeover mechanisms that better reflect real human capabilities under stress.

Manufacturers will gain new tools and frameworks to identify and mitigate behavioural attack vectors, an area not clearly addressed in current standards.

Sarkar is also working to align the project outcomes with existing automotive cybersecurity standards, including ISO/SAE 21434, helping ensure the research translates into practical tools for industry and regulators.

Regulatory bodies such as Transport Canada may benefit from evidence-based guidance as they navigate the evolving landscape of semi-autonomous vehicle deployment.

Public trust is another critical dimension.

“The safe deployment of autonomous vehicles depends not only on technical capability, but on public confidence,” says Zaki. “Cybersecurity and safety remain key bottlenecks for widespread adoption.”

The research also aligns with broader road safety initiatives, including Vision Zero efforts across Canada, which aim to eliminate traffic fatalities and serious injuries.

In Southwestern Ontario, a region deeply connected to Canada’s automotive industry, the findings could support original equipment manufacturers (OEMs) and policymakers exploring domestic vehicle innovation.

Redefining automotive cybersecurity

For Sarkar, the project represents a deeply meaningful convergence of technology, human behaviour and public safety.

“I feel a strong sense of responsibility working at the intersection of these areas,” she says. “This research has the potential to inform policy and ultimately make everyday technologies safer for people.”

By reframing cybersecurity to include human behaviour as a core component, not an afterthought, the team is helping redefine how safe semi-autonomous vehicles can be.