Abstract
The increasing connectivity and complexity of modern systems, from Industrial Control Systems (ICS) to Internet of Things (IoT) networks, have dramatically expanded the attack surface for cyber threats. Traditional security frameworks struggle to adapt to the dynamic nature of these environments and often rely on static perimeter-based defenses or rigid policy enforcement. This study introduces the Cognitive Zero-Trust Resilience Framework (CZTRF), a novel approach that integrates cognitive computing capabilities with zero-trust architectural principles to create a self-evolving security posture. Unlike conventional frameworks, CZTRF continuously analyzes the operational environment, threat intelligence, and system vulnerabilities to dynamically adjust security controls. By leveraging machine learning to refine the Integrated Cyber Risk Management (ICRM) equation variables in real time, the framework quantifies risk more accurately and automatically implements proportional countermeasures. CZTRF extends beyond traditional zero-trust by incorporating resilience metrics that measure a system's ability to prepare for, absorb, recover from, and adapt to adverse cyber events. The simulation results demonstrate that CZTRF significantly improves threat prediction accuracy, reduces response time, and enhances system resilience compared with static security frameworks. This study presents the theoretical foundations, architectural components, implementation methodology, and validation results of the CZTRF, offering a comprehensive approach to securing increasingly complex connected systems against evolving cyber threats.
Keywords: adaptive cybersecurity; cognitive computing; connected systems; machine learning, OT/ICS security; quantitative risk assessment; resilience; zero-trust architecture
References
- Ahmed Mohiuddin M., et al. “AI to V2X Privacy and Security Issues in Autonomous Vehicles: Survey”. MATEC Web of Conferences 392 (2024): 01097.
- Vinay Rishiwal., et al. “Exploring Secure V2X Communication Networks for Human-centric Security and Privacy in Smart Cities”. IEEE Access 1 (2024): 1-1.
- Jabeen S and Potturu SR. “Survey on Security and Privacy of Connected Vehicles and Cloud Platforms for Communication”. AIP Conference Proceedings (2024).
- Ardebili AA, Lezzi M and Pourmadadkar M. “Risk Assessment for Cyber Resilience of Critical Infrastructures: Methods, Governance, and Standards”. Applied Sciences 14 (2024): 11807.
- Rose S., et al. “NIST Special Publication 800-207: Zero Trust Architecture”. National Institute of Standards and Technology (2020).
- Ying Z., et al. “A Literature Review on V2X Communications Security: Foundation, Solutions, Status, and Future”. IET Communications (2024).
- Farmer M. “Reinforcement Learning for Autonomous Resilient Cyber Defence”. Frazer-Nash Consultancy (2024).
- NIST. “Cybersecurity Framework Version 2.0”. National Institute of Standards and Technology (2024).
- ISO/IEC 27001:2022. “Information Security Management Systems — Requirements”. International Organization for Standardization (2022).
- ISA/IEC 62443 Series. “Industrial Automation and Control Systems Security”. International Society of Automation.
- Borchert O., et al. “NIST Special Publication 1800-35 (Draft): Implementing a Zero Trust Architecture”. NIST (2024).
- Ivanti Blog. “NIST and Zero Trust Architecture Evolution”. (2024).
- Strata.io. “What is Zero Trust Security? 2025 Overview”. (2025).
- Mande S and Ramachandran N. “Challenges and Issues in V2X and V2V Communication in 6G”. Ingénierie Des Systèmes D’Information 29.3 (2024): 951-960.
- Muslam MMA. “Enhancing Security in Vehicle-to-Vehicle Communication: A Comprehensive Review”. Vehicles 6.1 (2024): 450-467.
- Al-Janabi M, Al-Sultan A and Al-Dabbagh SR. “Adaptive Cybersecurity Neural Networks”. Applied Sciences 14 (2024): 9142.
- Ali W., et al. “State of the Art, Reliable, and Trusted Communication in V2X Networks”. Journal of Information Assurance and Security 19.1 (2024): 1-14.
- IIoT World. “Quantifying ICS Risk: A Key to Informed Decision Making”. (2024).
- Hamamreh JM and Furkan Solaija. “Adaptable Secure Communication Framework for ITS”. RS Open Journal on Innovative Communication Technologies 4.11 (2024).
- Langer L., et al. “Quantitative Security Risk Assessment for Industrial Control Systems”. Journal of Information Security and Applications 9.3 (2019).
- Abuarqoub A., et al. “Measuring Cyber Resilience in Industrial IoT”. Service Business (2025).
- Adnan Yusuf S, Khan A and Souissi R. “Vehicle-to-everything (V2X) Technical Review”. Transportation Research Interdisciplinary Perspectives 23 (2024): 100980.
- Marwa Alghawi and Jinane Mounsef. “Overview of Vehicle-to-Vehicle Energy Sharing Infrastructure”. IEEE Access 1 (2024): 1-1.
- Takacs A and Haidegger T. “Mapping V2X Communication Requirements”. Future Internet 16.4 (2024): 108.
- Khan, A. R., et al. “DSRC Technology for V2V and V2I Systems: A Review”. Lecture Notes in Electrical Engineering (2021): 97-106.
- Yoshizawa T., et al. “A Survey of Security and Privacy Issues in V2X Communication”. ACM Computing Surveys (2022).
- Asma Alfardus and Rawat DB. “Machine Learning-Based Anomaly Detection for In-Vehicle Networks”. Electronics 13.10 (2024): 1962.
- Zrikem M, Hasnaoui I and Elassali R. “Vehicle-to-Blockchain (V2B) Communication: Integrating Blockchain into V2X and IoT for Next-Generation Transportation Systems”. Electronics 12.16 (2023): 3377.
- Sun Y-T., et al. “A Multi-Layer Blockchain Simulator and Performance Evaluation of Social Internet of Vehicles with Multi-Connectivity Management”. arXiv preprint arXiv:2411.14000 (2024).
- Ali SA and Din S. “Collaborative Approaches to Enhancing Smart Vehicle Cybersecurity by AI-Driven Threat Detection”. arXiv preprint arXiv:2501.00261 (2024).
- Zhou A, Li Z and Shen Y. “Anomaly Detection of CAN Bus Messages Using a Deep Neural Network for Autonomous Vehicles”. Applied Sciences 9.15 (2019): 3174.