This paper addresses the lack of quantitative assessment regarding cybersecurity resilience disparities between electric vehicles (EVs) and internal combustion engine vehicles (ICEVs) under communication network attacks in adaptive cruise control (ACC) systems. We construct a circular-road simulation environment, propose six novel message-level attack vectors, and establish a three-layer “attack–control–powertrain” risk classification framework. Through coupled controller-powertrain modeling, parameterized attack scenario generation, and joint analysis of attacker penetration rate and spatial distribution, we first quantitatively demonstrate that EVs—owing to their fast electric drive response, low inertia, and controllable regenerative braking—exhibit smaller speed/spacing fluctuations, shorter recovery times, and superior robustness under cyberattacks compared to ICEVs. These findings provide quantifiable theoretical foundations and empirical evidence for attack detection, resilience-oriented ACC design, and differentiated cybersecurity protection strategies in mixed traffic flows.

Adaptive Cruise Control (ACC) is rapidly proliferating across electric vehicles (EVs) and internal combustion engine (ICE) vehicles, enhancing traffic flow while simultaneously expanding the attack surface for communication-based cyberattacks. Because the two powertrains translate control inputs into motion differently, their cyber-resilience remains unquantified. Therefore, we formalize six novel message-level attack vectors and implement them in a ring-road simulation that systematically varies the ACC market penetration rates (MPRs) and the spatial pattern of compromised vehicles. A three-tier risk taxonomy converts disturbance metrics into actionable defense priorities for practitioners. Across all simulation scenarios, EV platoons exhibit lower velocity standard deviation, reduced spacing oscillations, and faster post-attack recovery compared to ICE counterparts, revealing an inherent stability advantage. These findings clarify how controller-to-powertrain coupling influences vulnerability and offer quantitative guidance for the detection and mitigation of attacks in mixed automated traffic.