Huarong Zheng,Jun Wu,Weimin Wu,Rudy R. Negenborn

DOI: https://doi.org/10.1049/iet-its.2018.5366

IF: 2.7

2019-01-01

IET Intelligent Transport Systems

Abstract:The rapidly developing computing and communication technologies improve the autonomy of individual vehicles on the one hand and facilitate the coordination among vehicles on the other. In the context of dynamic speed management, this study considers a platoon of intelligent vehicles that are required to maintain desired inter-vehicle spaces and to respond to speed changes in a collision-free, stable and cooperative way. The platoon is modelled as a cascaded network with linear longitudinal vehicle dynamics, independent physical constraints, and coupling safety constraints. In the case of global information sharing, the authors first propose a centralised collision-free solution on the basis of model predictive control that guarantees asymptotic platoon tracking of speed changes and satisfaction of system constraints during the transient process. A cooperative distributed approach is then further proposed on the basis of the alternating direction method of multipliers resulting in a scheme involving communication only with the roadside infrastructure, e.g. the speed manager. Vehicles in a platoon conduct parallel computation while still achieving global optimal performance and coordination with respect to the collision avoidance constraints. Convergence properties of the distributed solutions are established for the concerned vehicle platoon problem. Simulation results show satisfactory platoon performance and demonstrate the effectiveness of the proposed algorithms.

Yongfu Li,Chuancong Tang,Srinivas Peeta,Yibing Wang

DOI: https://doi.org/10.1109/tits.2018.2865546

IF: 8.5

2018-01-01

IEEE Transactions on Intelligent Transportation Systems

Abstract:This paper proposes a distributed nonlinear consensus delay-dependent control algorithm for a connected vehicle (CV) platoon. In particular, considering that the behavior of the following vehicle is associated with the longitudinal inter-vehicle gap with respect to the preceding vehicle, a nonlinear function is designed to characterize the car-following interactions between CVs. Then, a nonlinear consensus algorithm is proposed by incorporating the car-following interactions and heterogeneous time delays. The delay-dependent convergence condition of the proposed control algorithm is analyzed using the Lyapunov-Krasovskii method, and an estimate of the delay bound is provided. Under the proposed algorithm, not only can the consensus of CVs be guaranteed hut also the behavior of vehicles is consistent with traffic flow theory. Finally, an example using a 10-vehicle platoon is provided under three scenarios: no time delays, heterogeneous time delays, and homogeneous time delays. Results from extensive simulations verify the effectiveness of the proposed control algorithm in terms of the position, velocity, and acceleration/deceleration profiles.

Chengcheng Zhao,Ruijie Ma,Mengzhi Wang,Jinming Xu,Lin Cai

DOI: https://doi.org/10.1109/tits.2024.3424687

IF: 8.5

2024-01-01

IEEE Transactions on Intelligent Transportation Systems

Abstract:This paper investigates secure control for homogeneous vehicle platoons in the presence of false data injection attacks with low communication and computation costs. We consider a scenario where each vehicle within the platoon transmits a local state vector to multiple neighboring vehicles. By leveraging these shared vectors from both preceding and following vehicles, we propose a novel and effective resilient controller for vehicle platoons against node/communication link attacks. More specifically, each vehicle determines the local state deviation vectors from neighboring vehicles. It then eliminates the vectors that are farthest from the origin, with the number of removed vectors equivalent to the maximum number of attacks. This approach offers a considerable advantage by mitigating the effects of abnormality and manipulation, making it robust against arbitrary information tampering within a pre-defined upper boundary for manipulated broadcast information. Importantly, we establish specific conditions for the proposed resilient design to guarantee the internal stability of the vehicle platoon under attacks. Extensive simulations and experiments involving four TurtleBot3s are conducted to demonstrate the effectiveness of the proposed resilient controller.

Shunyuan Xiao,Xiaohua Ge,Qing-Long Han,Yijun Zhang

DOI: https://doi.org/10.1109/TCYB.2021.3074318

Abstract:This article deals with the problem of secure distributed adaptive platooning control of automated vehicles over vehicular ad-hoc networks (VANETs) in the presence of intermittent denial-of-service (DoS) attacks. The platoon, which is wirelessly connected via directed vehicle-to-vehicle (V2V) communication, is composed of a group of following vehicles subject to unknown heterogeneous nonlinearities and external disturbance inputs, and a leading vehicle subject to unknown nonlinearity and external disturbance as well as an unknown control input. Under such a platoon setting, this article aims to accomplish secure distributed platoon formation tracking with the desired longitudinal spacing and the same velocities and accelerations guided by the leader regardless of the simultaneous presence of nonlinearities, uncertainties, and DoS attacks. First, a new logical data packet processor is developed on each vehicle to identify the intermittent DoS attacks via verifying the time-stamps of the received data packets. Then, a scalable distributed neural-network-based adaptive control design approach is proposed to achieve secure platooning control. It is proved that under the established design procedure, the vehicle state estimation errors and platoon tracking errors can be regulated to reside in small neighborhoods around zero. Finally, comparative simulation studies are provided to substantiate the effectiveness and merits of the proposed control design approach on maintaining the desired platooning performance and attack tolerance.

Bai‐Fan Yue,Wei‐Wei Che

DOI: https://doi.org/10.1002/rnc.6185

IF: 3.8973

2022-05-22

International Journal of Robust and Nonlinear Control

Abstract:This article addresses the data‐driven resilient platooning control problem for nonlinear vehicular platooning systems with denial‐of‐service attacks. First, the dynamic linearization technique is used for transforming the nonlinear vehicular platooning systems into an equivalent linear data model with robustness. Then, an observer is designed to present the estimation of the pseudo‐partial derivative parameter and a novel model‐free adaptive platooning control (MFAPC) framework is presented by defining a novel vehicular platooning system output. Based on this framework, a novel MFAPC algorithm is designed with an attack compensation mechanism to achieve vehicular platooning control objectives. At last, the effectiveness of the MFAPC algorithm is proved by an example with comparisons.

automation & control systems,engineering, electrical & electronic,mathematics, applied

Peng Zhang,Zhenling Wang,Weiwei Che

DOI: https://doi.org/10.3390/math12213313

IF: 2.4

2024-10-23

Mathematics

Abstract:This article studies a data-driven prescribed performance platooning control method for nonlinear connected automated vehicle systems (CAVs) under aperiodic denial-of-service (DoS) attacks. Firstly, the dynamic linearization technique is employed to transform the nonlinear CAV system into an equivalent linearized data model. Secondly, to improve the system's transient performance, a prescribed performance transformation (PPT) scheme is proposed to transform the constrained output into the unconstrained one. In addition, an attack compensation mechanism is designed to reduce the adverse impact. Combining the PPT scheme and the attack compensation mechanism, the data-driven adaptive platooning control scheme is proposed to achieve the vehicular tracking control task. Lastly, the merits of the developed control method are illustrated by an actual simulation.

mathematics

Salah Zemmoudj,Nabila Bermad,Louiza Bouallouche-Medjkoune

DOI: https://doi.org/10.1016/j.vehcom.2024.100765

IF: 6.7

2024-04-05

Vehicular Communications

Abstract:In response to the escalating challenges posed by traffic bottlenecks, accidents, and intersection delays, the deployment of platooning mechanisms emerges as an imperative remedy. This investigation revolves around a pivotal scenario wherein a closely-knit platoon of cooperative vehicles approaches an intersection. Orchestrated by a lead vehicle, this convoy navigates the traffic light to expedite the journey of its followers towards their respective destinations. However, given that the size of the platoon can be increased, it will become difficult for the leader to manage it smoothly. Therefore, dividing the platoon into small groups led by co-leaders who deal directly with the leader is considered an ideal solution to speed up and facilitate the process of maintaining platoon stability. In this paper, we propose a Cooperative Adaptive Platooning Control Algorithm (CAPCA) for the hybrid communication topology in platooning. In fact, CAPCA aims to achieve stability in the platoon by distributing tasks in a parallel manner to mini-platoons. Moreover, inherent complexities arise as select members within the platoon strive to undermine its stability. Within this context, the research addresses the intricacies of Vehicle Platooning Disruption (VPD) attacks, a menacing phenomenon characterized by deliberate efforts to destabilize or seize control of a platoon. These attacks manifest through tactics such as false data injection (FDI) and replaying of control messages. In response, a robust and multifaceted countermeasure is conceptualized. The Vehicle Platooning Disruption Attacks Detection Protocol (VPD-ADP) takes center stage as a foundational component. By identifying instability within the platoon's dynamics model, VPD-ADP lays the essential groundwork for mitigating the repercussions of FDI and replay attacks. Employing advanced stochastic time series analysis, the impact of VPD attacks is scrutinized via anomalies in the Cartesian coordinates of vehicles deviations from the trajectory anticipated by the platoon. Moreover, the study introduces the Reputation-based Reliable Mitigation Protocol (RRMP), a pioneering approach that leverages collaborative data gleaned from neighboring vehicles. RRMP is devised to assess the veracity of received messages and gauge their reliability in real-time. Through extensive simulations and experiments, the proposed approach's effectiveness in fortifying the resilience of vehicle platooning systems against an array of disruption attacks is convincingly demonstrated.

telecommunications,transportation science & technology

Ning Zhao,Xudong Zhao,Meng Chen,Guangdeng Zong,Huiyan Zhang

DOI: https://doi.org/10.1109/tits.2023.3250402

IF: 8.5

2023-01-01

IEEE Transactions on Intelligent Transportation Systems

Abstract:The security control of a vehicle platoon depends on the network topology and communication quality. Denial of service (DoS) attacks force vehicle formations to destabilize by disrupting digital communications between vehicles. To this end, this paper develops a resilient distributed event-triggered security control strategy to resist the malicious impact of DoS attacks on connected vehicles. By designing a distributed event-triggered mechanism based on sampled data, the controller updating frequency is reduced, thereby promoting utilization rate of network resources. Since the end of the attack is not the sampling instant, this may prolong the duration of the attack. To overcome this problem, a switched sampled-data scheme is proposed to ensure that the control signal acts on the system immediately when the attack ends. Then, a switched system model with artificial delay is established to capture the sampling period, event triggering mechanism and DoS attack purpose. With the analysis methods of switched system and time-delay system, sufficient conditions are obtained to guarantee the same safe distance and speed between vehicles, so that the connected vehicle system can achieve the desired tracking effect. A co-design approach is given with respect to controller gains and triggering parameter. Finally, simulation and experimental studies are provided to demonstrate the effectiveness of the proposed security control method.

engineering, electrical & electronic,transportation science & technology, civil

Jicheng Chen,Hui Zhang,Guodong Yin

DOI: https://doi.org/10.1109/tvt.2022.3215966

IF: 6.8

2023-03-18

IEEE Transactions on Vehicular Technology

Abstract:This paper studies the distributed dynamic event-triggered model predictive control (MPC) of vehicle platoon systems subject to denial-of-service (DoS) attacks and external disturbances. We develop a novel DoS-attack-aware event-triggered mechanism for each vehicle to determine whether the MPC problem should be solved or not at each sampling time instant. If the MPC problem is solved, the constructed vehicular beacon information will be transmitted to its neighbouring vehicles through the vehicular ad-hoc network (VANET). In the DoS-attack-aware event-triggered condition, the dynamic threshold adjusts adaptively according to DoS attack durations, local vehicular data, and beacon information from its neighbours. Then, an exponential-type robustness constraint is introduced in the MPC problem to deal with external disturbances. Subsequently, sufficient conditions are given to guarantee the recursive feasibility of the MPC algorithm and closed-loop platoon system stability. Finally, extensive simulation examples are provided to illustrate the effectiveness of the proposed algorithm in terms of communication efficiency and platoon resilience control performance.

telecommunications,engineering, electrical & electronic,transportation science & technology

Yulei Wang,Ning Bian,Lin Zhang,Yanjun Huang,Hong Chen

DOI: https://doi.org/10.1049/itr2.12114

IF: 2.7

2021-01-01

IET Intelligent Transport Systems

Abstract:An autonomous vehicle (AV) is a cyber-physical system (CPS) incorporating dynamics, perception sensors (e.g. camera and radar), embedded electronic control units (ECUs) and in-vehicle networking (e.g. CAN, LIN and FlexRay).Achieving path-following control of an AV to track a desired path is therefore a highly non-linear task that is naturally vulnerable to denial-of-service (DoS) attacks. Considering that DoS attacks can inhibit the services of a control system by overwhelming the performance capabilities of the ECUs or the bus, this paper investigates the cyber-physical system problem of path-following control for AVs under intermittent DoS attacks. To solve this problem, we propose resilient observer-based non-linear control based on the triple-step approach. The core ideas behind this method are the integrated design of the observer and feedback gains incorporating the DoS duration and the convex design of controller parameters by solving a set of linear matrix inequalities. The proposed control scheme guarantees that the closed-loop system maintains input-to-stable stability, while the error signals theoretically converge to a small neighbourhood of the origin. The effectiveness of the proposed approach is confirmed by the simulation results obtained for a high-fidelity veDYNA full-vehicle model with different driving tests and DoS attacks.

Henglai Wei,Hui Zhang,Kamal AI-Haddad,Yang Shi

DOI: https://doi.org/10.1016/j.eng.2023.10.007

IF: 12.834

2023-01-01

Engineering

Abstract:This study investigates resilient platoon control for constrained intelligent and connected vehicles (ICVs) against F-local Byzantine attacks. We introduce a resilient distributed model-predictive platooning control framework for such ICVs. This framework seamlessly integrates the predesigned optimal control with distributed model predictive control (DMPC) optimization and introduces a unique distributed attack detector to ensure the reliability of the transmitted information among vehicles. Notably, our strategy uses previously broadcasted information and a specialized convex set, termed the “resilience set,” to identify unreliable data. This approach significantly eases graph robustness prerequisites, requiring only an (F + 1)-robust graph, in contrast to the established mean sequence reduced algorithms, which require a minimum (2F + 1)-robust graph. Additionally, we introduce a verification algorithm to restore trust in vehicles under minor attacks, further reducing communication network robustness. Our analysis demonstrates the recursive feasibility of the DMPC optimization. Furthermore, the proposed method achieves exceptional control performance by minimizing the discrepancies between the DMPC control inputs and predesigned platoon control inputs, while ensuring constraint compliance and cybersecurity. Simulation results verified the effectiveness of our theoretical findings.

Xiaofei Zhang,Haiping Du,Zhijuan Jia,Yuchu He,Yanyan Yang

DOI: https://doi.org/10.1049/cth2.12614

IF: 2.67

2024-01-11

IET Control Theory and Applications

Abstract:This paper introduces a novel mechanism for enhancing distributed adaptive platoon control of non‐linear autonomous connected vehicles in the presence of denial of service attacks. The proposed approach includes real‐time detection and rerouting of communication topology, along with a controller adapted to the changing communication topology. This paper presents a novel detection and rerouting mechanism for distributed adaptive platoon control of non‐linear autonomous connected vehicles under denial of service (DoS) attacks. DoS attacks can cause delays or losses of data packets due to blocked communication channels, leading to reducing platoon performance or even collisions among vehicles. To tackle this issue, the proposed mechanism detects and reroutes communication topology depending on the real‐time topology and the number of link failures. Real‐time detection divides the scenario of DoS attacks into three parts. According to the different scenarios, rerouting mechanisms will be utilized. A controller adapted to real‐time variable communication topology is also designed in this scheme. The adjacency matrix of the real‐time communication topology generated by the rerouting mechanism is used to update the controller so that the platoon can remain in a stable state without being affected by DoS attacks. In addition, the sliding mode controller and the observer are designed by solving linear matrix inequalities, and the platoon stability and internal stability are proven. Numerical simulation studies demonstrate that the proposed mechanism and control design can reduce the vehicle state estimate error and platoon‐tracking error to ideal states under DoS attacks. The proposed method solves the problem that the existing methods have not considered the number of link failures and the inability to restore communication when the communication topology is paralyzed.

automation & control systems,engineering, electrical & electronic,instruments & instrumentation

Hassan Mokari,Elnaz Firouzmand,Iman Sharifi,Ali Doustmohammadi

DOI: https://doi.org/10.1016/j.isatra.2023.11.019

Abstract:Intent on the smart vehicles of a platoon to follow their correct routes, they must exchange their state information with each other based on a communication graph. Meanwhile, malicious factors like Denial-of-Service (DoS) attacks, one of the major types of cyber-attacks, can affect vehicles and divert them from their correct routes. Also, spreading the erroneous data induced by a DoS attack from the attacked agent gradually destabilizes the platoon. Therefore, preserving all vehicles' safety is a vital issue for the platoon. In this paper, in the first step, detection and measurement of the DoS attack modeled by a time-varying delay are conducted by exploiting two incremental counters through a DoS detection and measurement algorithm. Also, supplementary to this, a novel vehicular resilient control strategy based on switching systems is proposed to retrieve the attacked agent to the leader-follower consensus. In the end, the capability of the proposed algorithms will be indicated by presenting an illustrative case study.

Tianci Yang,Carlos Murguia,Dragan Nesic,Chau Yuen

2023-06-19

Abstract:By sharing local sensor information via Vehicle-to-Vehicle (V2V) wireless communication networks, Cooperative Adaptive Cruise Control (CACC) is a technology that enables Connected and Automated Vehicles (CAVs) to drive autonomously on the highway in closely-coupled platoons. The use of CACC technologies increases safety and the traffic throughput, and decreases fuel consumption and CO2 emissions. However, CAVs heavily rely on embedded software, hardware, and communication networks that make them vulnerable to a range of cyberattacks. Cyberattacks to a particular CAV compromise the entire platoon as CACC schemes propagate corrupted data to neighboring vehicles potentially leading to traffic delays and collisions. Physics-based monitors can be used to detect the presence of False Data Injection (FDI) attacks to CAV sensors; however, unavoidable system disturbances and modelling uncertainty often translates to conservative detection results. Given enough system knowledge, adversaries are still able to launch a range of attacks that can surpass the detection scheme by hiding within the system disturbances and uncertainty -- we refer to this class of attacks as \textit{stealthy FDI attacks}. Stealthy attacks are hard to deal with as they affect the platoon dynamics without being noticed. In this manuscript, we propose a co-design methodology (built around a series convex programs) to synthesize distributed attack monitors and $H_{\infty}$ CACC controllers that minimize the joint effect of stealthy FDI attacks and system disturbances on the platoon dynamics while guaranteeing a prescribed platooning performance (in terms of tracking and string stability). Computer simulations are provided to illustrate the performance of out tools.

Systems and Control

Hassan Mokari,Yufei Tang

2024-09-06

Abstract:In a platoon, multiple autonomous vehicles engage in data exchange to navigate toward their intended destination. Within this network, a designated leader shares its status information with followers based on a predefined communication graph. However, these vehicles are susceptible to disturbances, leading to deviations from their intended routes. Denial-of-service (DoS) attacks, a significant type of cyber threat, can impact the motion of the leader. This paper addresses the destabilizing effects of DoS attacks on platoons and introduces a novel vehicular resilient control strategy to restore stability. Upon detecting and measuring a DoS attack, modeled with a time-varying delay, the proposed method initiates a process to retrieve the attacked leader. Through a newly designed switching system, the attacked leader transitions to a follower role, and a new leader is identified within a restructured platoon configuration, enabling the platoon to maintain consensus. Specifically, in the event of losing the original leader due to a DoS attack, the remaining vehicles do experience destabilization. They adapt their motions as a cohesive network through a distributed resilient controller. The effectiveness of the proposed approach is validated through an illustrative case study, showing its applicability in real-world scenarios.

Systems and Control

Lorenzo Lyons,Manuel Boldrer,Laura Ferranti

2024-11-07

Abstract:This paper presents a novel distributed vehicle platooning control and coordination strategy. We propose a distributed predecessor-follower CACC scheme that allows to choose an arbitrarily small inter-vehicle distance while guaranteeing no rear-end collisions occur, even in the presence of undetected cyber-attacks on the communication channels such as false data injection. The safety guarantees of the CACC policy are derived by combing a sensor-based ACC policy that explicitly accounts for actuator saturation, and a communication-based predictive term that has state-dependent limits on its control authority, thus containing the effects of an unreliable communication channel. An undetected attack may still however be able to degrade platooning performance. To mitigate it, we propose a tailored Kalman observer-based attack detection algorithm that initially triggers a switch from the CACC policy to the ACC policy. Subsequently, by relying on a high-level coordinator, our strategy allows to isolate a compromised vehicle from the platoon formation by reconfiguring the platoon topology itself. The coordinator can also handle merging and splitting requests. We compare our algorithm in simulation against a state of the art distributed MPC scheme and we extensively test our full method in practice on a real system, a team of scaled-down car-like robots. Furthermore, we share the code to run both the simulations and robotic experiments.

Systems and Control

Angelo Coppola,Dario Giuseppe Lui,Alberto Petrillo,Stefania Santini

DOI: https://doi.org/10.1016/j.ins.2023.01.045

IF: 8.1

2023-01-11

Information Sciences

Abstract:In this work, the leading-tracking control problem for heterogeneous and uncertain nonlinear autonomous vehicles is addressed. These latter communicate their status information over a wireless communication network and engage in cooperative movements in extra-urban traffic environment. The nonlinear vehicle dynamics are affected by time-varying parameter uncertainties, and the air-drag reduction caused by platooning is explicitly considered. The variation of V2V links as a result of cooperative manoeuvres is modelled by incorporating switching into the communication network topology. To this aim, we develop a novel robust distributed Proportional-Integral-Derivative (PID)-like control protocol which ensures that all vehicles within the platoon robustly track the behaviour of the leader, despite the presence of both unknown parameters uncertainties and network switching. The analytical stability of the proposed control strategy is demonstrated using Lyapunov theory. Sufficient stability conditions are expressed as a set of feasible Linear Matrix Inequalities (LMIs) whose solution allows the robust control gains to be properly tuned. The effectiveness of the approach is evaluated via the Mixed Traffic Simulator (MiTraS) co-simulation platform, which combines MATLAB/Simulink with SUMO microscopic traffic simulator. The exhaustive simulation analysis, involving the Monte Carlo method, is carried out considering different cooperative platooning manoeuvres, and confirms the theoretical derivation.

computer science, information systems

Alberto Petrillo,Antonio Pescape,Stefania Santini

DOI: https://doi.org/10.1109/TCYB.2019.2962601

Abstract:The development of autonomous connected vehicles, moving as a platoon formation, is a hot topic in the intelligent transportation system (ITS) research field. It is on the road and deployment requires the design of distributed control strategies, leveraging secure vehicular ad-hoc networks (VANETs). Indeed, wireless communication networks can be affected by various security vulnerabilities and cyberattacks leading to dangerous implications for cooperative driving safety. Control design can play an important role in providing both resilience and robustness to vehicular networks. To this aim, in this article, we tackle and solve the problem of cyber-secure tracking for a platoon that moves as a cohesive formation along a single lane undergoing different kinds of cyber threats, that is, application layer and network layer attacks, as well as network induced phenomena. The proposed cooperative approach leverages an adaptive synchronization-based control algorithm that embeds a distributed mitigation mechanism of malicious information. The closed-loop stability is analytically demonstrated by using the Lyapunov-Krasovskii theory, while its effectiveness in coping with the most relevant type of cyber threats is disclosed by using PLEXE, a high fidelity simulator which provides a realistic simulation of cooperative driving systems.

Jiafa Liu,Di Ma,André Weimerskirch,Haojin Zhu

DOI: https://doi.org/10.1145/3055186.3055193

2017-01-01

Abstract:Cooperative adaptive cruise control (CACC) or platooning recently becomes promising as vehicles can learn of nearby vehicles? intentions and dynamics through wireless vehicle to vehicle (V2V) communication and advanced on-board sensing technologies. Violation of cybersecurity often results in serious safety issues as been demonstrated in recent studies. However, safety and security in a vehicle platoon so far have been considered separately by different sets of experts. Consequently no existing solution solves both safety and security in a coherent way. In this paper, we show cyber attacks on an automated platoon system could have the most severe level of safety impact with large scale car crash and argue the importance of safety-security co-design for safety critical cyber physical systems (CPS). We propose a safety-security co-design engineering process to derive functional security requirements for a safe automated vehicle platoon system based on a deep comprehension on the interrelation of safety and security. To our best knowledge, we are the first to apply the safety-security co-design concept to a concrete application. Through this engineering process, we propose a general approach for designing a safe and secure platooning. Following the general approach, we come up with a new platoon control algorithm that takes into account both safety and security. Our defense mechanism implicitly defends against safety-related cyber-attacks and greatly shortens the safe distance required when the platoon is not protected.

Jiafa Liu,Haojin Zhu

2016-01-01

Abstract:Cooperative adaptive cruise control (CACC) or platooning recently becomes promising as vehicles can learn of nearby vehicles’ intentions and dynamics through wireless vehicle to vehicle (V2V) communication and advanced on-board sensing technologies. The complexity of automated vehicle platoon system opens doors to various malicious cyber attacks. Violation of cybersecurity often results in serious safety issues as been demonstrated in recent studies. However, safety and security in a vehicle platoon so far have been considered separately by different sets of experts. Consequently no existing solution solves both safety and security in a coherent way. In this article, we show cyber attacks on an automated platoon system could have the most severe level of safety impact with large scale car crash and argue the importance of safety-security co-design for safety critical cyber physical systems (CPS). Based on a deep comprehension on the interrelation of safety and security, we present a safety-security co-design engineering process to derive functional security requirements for a safe automated vehicle platoon system. Finally we offer a vision of the future research issues on this important area of automated and connected vehicles.