Date of Award

Summer 5-7-2026

Access Type

Thesis - Open Access

Degree Name

Master of Science in Civil Engineering

Department

Civil Engineering

Committee Chair

Hongyun Chen

Committee Chair Email

chenh4@erau.edu

Committee Advisor

Hongyun Chen

Committee Advisor Email

chenh4@erau.edu

First Committee Member

Ashok Gurjar

First Committee Member Email

gurjara@erau.edu

Second Committee Member

Scott Parr

Second Committee Member Email

parrs1@erau.edu

College Dean

James W. Gregory

Abstract

Transportation systems are increasingly dependent on digital technologies, networked communications, and cyber-physical integration, making cybersecurity an important issue for operational continuity, resilience, and safety. Although cybersecurity risks in transportation are widely recognized, much of the existing research remains mode-specific and lacks a standardized quantitative framework for comparing risk across transportation systems. This study develops a quantitative, incident-based approach for assessing cybersecurity risk variability across four major transportation modes: Aviation, Maritime, Rail, and Road. The study is based on a manually constructed dataset of 189 publicly reported transportation cybersecurity incidents collected from 2000 to 2025. Each incident was coded into structured variables representing vulnerability, threat, detection speed, cost impact, severity, and success rate. Descriptive statistics, pairwise z-tests, and ordered logistic regression were used to evaluate how cybersecurity risk differs across transportation modes and which factors are associated with higher vulnerability and higher severity outcomes. The results show that transportation mode is a significant predictor of vulnerability. Relative to Maritime, Aviation, Rail, and Road had significantly greater odds of falling into higher vulnerability categories, with Aviation showing the strongest contrast. Threat complexity, slower detection, and greater severity were also associated with higher vulnerability. In contrast, transportation mode was not statistically significant overall in the Severity model after adjustment. Instead, severity was more strongly explained by incident-level characteristics, especially success rate, as well as vulnerability and detection speed. These findings suggest that transportation modes differ more clearly in vulnerability structure than in severity once other predictors are taken into account. This study contributes a cross-modal and data-driven framework for transportation cybersecurity analysis by converting fragmented incident narratives into measurable variables and applying ordinal logistic regression to structured risk outcomes. The findings support the need for transportation agencies to distinguish between exposure-related risk and consequence-related risk, and they highlight the importance of detection capability, incident success prevention, and structured comparative analysis in future transportation cybersecurity planning.

Download

Share

COinS