Cybersecurity of Traffic Management Systems

With over 400,000 traffic signals deployed throughout the United States, traffic signal operations have a profound impact on the safety and efficiency of traffic flow for all road users on the transportation system. Recent threats in cyber security have made our industry more aware of potential damage that such threats can cause. Multiple researchers have found that our existing traffic signal systems, if not protected properly, can be easily hacked. For example, sometimes systems are used without any encryption for communication between a central traffic control management system and field traffic signal control units, allowing an attacker to directly change traffic signal indications. Another example involves wireless detectors that could be manipulated to feed traffic control systems with fake data and trigger incorrect options in their operations. It is still not clear whether these vulnerabilities can create a critical fault in the system operations, or primarily cause an inconvenience that will jam traffic for a few hours. Even such an “inconvenience” will result in increased crash risk for road users as the systems will be performing with non-optimal settings. It is not easy for agencies to detect potential malicious actions (e.g., fake updating of firmware) and prevent them. Furthermore, this task is complicated by a variety of stakeholders with diverse skill sets and goals, including manufacturers and vendors of system hardware, software and control units; transportation management center staff; traffic engineers; and IT specialists with an increasing variety of specialties (e.g., fiber optics, wireless communications, database experts, software integrators, etc.). Thus, it is necessary to research potential cyber security threats on traffic signal systems and related ITS components, and recommend actions that agencies should follow to protect those systems and properly react in the cases of emergency. The NCHRP Project 03-127: “Cybersecurity of Traffic Management Systems” has produced a Cybersecurity Risk Assessment Web Guidance Tool, which is available at https:\\cyberguidance.transportationops.org as part of the National Operations Center of Excellence. After creating an account, users are led through a series of questions regarding their traffic management system field network. The user then receives a report with specific recommendations for improving their cybersecurity posture. This tool helps agencies make their traffic management systems more resilient to cybersecurity attacks. It gathers information on the devices deployed, calculates risks associated with those devices, and recommends ways to improve security. The objective of this research is to expand on the findings of NCHRP Project 03-127. Potential tasks may include: (1) Update of the Cybersecurity Risk Assessment Web Guidance based on users’ feedback. (2) Best Practice Guide for Cybersecurity Resilience. This would summarize information gained during the previous project and curating best practices (inside and outside of transportation) to produce actionable guidance for agencies and equipment vendors. This may include items such as recommendations for workforce development, development of a controls assessment checklist, recommendations for ways to integrate cybersecurity into equipment designs, methods for hardening legacy systems, and specification recommendations.

Language

  • English

Project

  • Status: Proposed
  • Funding: $750000
  • Contract Numbers:

    Project 03-127(01)

  • Sponsor Organizations:

    National Cooperative Highway Research Program

    Transportation Research Board
    500 Fifth Street, NW
    Washington, DC  United States  20001

    American Association of State Highway and Transportation Officials (AASHTO)

    444 North Capitol Street, NW
    Washington, DC  United States  20001

    Federal Highway Administration

    1200 New Jersey Avenue, SE
    Washington, DC  United States  20590
  • Project Managers:

    Deng, Zuxuan

  • Start Date: 20220607
  • Expected Completion Date: 0
  • Actual Completion Date: 0

Subject/Index Terms

Filing Info

  • Accession Number: 01845600
  • Record Type: Research project
  • Source Agency: Transportation Research Board
  • Contract Numbers: Project 03-127(01)
  • Files: TRB, RIP
  • Created Date: May 16 2022 3:04PM