Effective Practices for the Protection of Transportation Infrastructure from Cyber Incidents

Over the past several years, our society has become more "networked," with traditionally isolated control systems connecting to business networks and with each other. Government agency websites and databases have been hacked, and corporate secrets have been compromised. Further, cyber attacks on infrastructure control systems also have the proven potential to cause physical consequences similar to those usually associated with more traditional attacks (such as bombs or equipment sabotage). Transportation is not immune from these changes, and there is the very real possibility that infrastructure such as Traffic Management Centers, signal control systems, and rail control systems may be manipulated via their cyber components (directly or indirectly) to cause crashes, kill and injure the traveling public, and destroy critical systems. The protection of "infostructure" is especially important for transit agencies entrusted by the public to provide safe transportation services. Many transit agencies have been deploying or planning to deploy Transit Intelligent Transportation Systems (ITS) technologies such as Automatic Train Control (ATC) systems for rail transit. Indeed, signal systems are essential for the safe functioning of bus, heavy rail, light rail, and commuter rail systems. As these systems become more "intelligent" through the use of computers and networks, they also grow in complexity and vulnerability. While physical attacks are more likely to be carried out by terrorists or hostile foreign nation-states, cyber attacks may also be carried out by a wide array of adversaries, from teenage hackers and protest groups to organized crime syndicates as well as terrorists. Research is needed to identify effective practices to protect transportation systems from cyber incidents and attacks on signaling and control systems as well as enterprise data systems. The objective of this research is to develop (1) a primer and (2) a briefing for transportation system owners and operators explaining the nature of cyber events and their operational and safety impacts. These products should contain a list of effective practices that can be used to protect transportation systems from cyber events and to mitigate damage should an attack or breach occur. The types of cyber events to be considered include cyber incidents and attacks on transit and traffic control/command centers, electronic security/surveillance systems, signal systems, control systems [such as Supervisory Control and Data Acquisition (SCADA)], and electronic signage; database breaches; phishing; and intranet and website breaches. This research is being coordinated through panel liaisons with (1) American Public Transit Association (APTA) standards working groups on (a) industrial control systems and (b) enterprise cyber security as well as (2) work at the Volpe National Transportation Systems Center and work by DHS/TSA.


  • English


  • Status: Active
  • Contract Numbers:

    Project 20-59(48)

  • Sponsor Organizations:

    Federal Highway Administration

    1200 New Jersey Avenue, SE
    Washington, DC  United States  20590

    American Association of State Highway & Transportation Officials

    444 North Capitol Street, NW, Suite 225
    Washington, DC  United States  20001

    National Cooperative Highway Research Program

    Transportation Research Board
    500 Fifth Street, NW
    Washington, DC  United States  20001
  • Project Managers:

    Parker, Stephan

  • Performing Organizations:

    Countermeasures Assessment & Security Experts, LLC

    527 Cooper Street, Suite 305
    Camden, NJ  United States  08102
  • Principal Investigators:

    Frazier, Ernest

  • Start Date: 20130502
  • Expected Completion Date: 0
  • Actual Completion Date: 20150430
  • Source Data: RiP Project 37807

Subject/Index Terms

Filing Info

  • Accession Number: 01543732
  • Record Type: Research project
  • Source Agency: Transportation Research Board
  • Contract Numbers: Project 20-59(48)
  • Files: TRB, RiP
  • Created Date: Nov 21 2014 1:01AM