APRIL 2015 - Econolite Group, Inc.

APRIL 2015
1930–2015
Transportation and
Urban Revitalization
op/ed |
Stopping Cyber Criminals at the
Traffic Management System Gates
By Gary Duncan
Gary Duncan is currently senior VP and
chief technology officer at Econolite. In this
position he is responsible for the technical
management of Econolite’s strategic
technology partnerships, research, and
technology business development efforts.
He has more than 40 years of experience
in the transportation industry and has
been involved in the design of both traffic
control equipment and traffic management
systems, and has been instrumental in
the development of a number of industry
standards including NEMA TS1 & TS2 and the
NTCIP and ATC family of standards.
He is currently serving as co-chairman of
the ITE Connected Vehicle Task Force and
ATC Controller Working Group. He is also
a member of the advisory board of the
University of Idaho’s National Institute for
Advanced Transportation Technology.
Gary has a bachelor of science from the
School of Engineering at the University of
California Los Angeles and is a graduate of
the UCLA Executive Management program.
The traffic management industry is fully
mature but over the last two decades a
renaissance in technology has created a new
transportation landscape, spawning solutions that the original developers of traffic
signals could never have imagined.
It would be easy to fall into the belief that
our industry doesn’t have a problem, as true
hackers have not yet compromised a traffic management system. The advances in
technology that we are making and contemplating for intersection control come with
tremendous responsibility. The Sony Pictures
cyber-attack on the heels of similar data grabs
at Target, Home Depot, and Anthem has
proven that hackers are relentless, and if there’s
vulnerability, they’ll find it. A good example of
this is BMW’s recent need to quietly update
their ConnectedDrive infotainment system as
hackers had found a way into the system and
demonstrated their ability to remotely unlock
a BMW vehicle with a smartphone.
At Econolite, we believe that in order to stay
ahead of the cyber threat, it’s time to consider updating a series of standards that were
developed starting in 1997, and are common
to our industry. The National Transportation
Communications for intelligent transportation system (ITS) Protocol (NTCIP) is a family
of open standards that define how transportation management systems communicate
with each other and with field devices including traffic controllers, dynamic message
signs, environmental sensor stations, sensor
systems and video cameras. Many of these
components are built by different manufacturers, which made NTCIP’s open standards
the best answer to ensure interoperability
and interchangeability across the ITS ecosystem.However, the world has changed and we
believe it’s time to alter course to keep transportation management systems secure.
Under NTCIP, the overall communications
network security was intended to be the
responsibility of the design and implementation of field communications networks. For
years, Econolite, and most other traffic control
manufacturers have delivered products with
username and password-protected security
(that is often not used or left with defaults
at the time of installation). But, component
level security is no longer enough. The NTCIP
standards leave a potential entry point for
cyber attackers who can get past the security
measures built into the transportation management system’s communications network
(the first line of defense).
There are safety measures (conflict monitors
or malfunction management units) built into
traffic control cabinet systems that will set
the intersection to a safe, flash mode should
a hacker break into a traffic controller and
make an unsafe change to the controllers
database (such as causing conflicting movements or setting clearance timing below
safe minimums). So there’s no chance for
an all-green or yellow intersection, but even
changing timing of a controller could cause
gridlock as a worst-case scenario and that’s
not an outcome we want to see happen.
We’re calling on our colleagues in the ITS
community to join us in reexamining the
cyber security threat to traffic management
systems, and as a group, take on the task of
updating our industry standards as needed
to enhance security. If anything good
has come out of the recent high profile
cyber-attacks it’s in our own realization that
it may no longer be enough to count on the
security (that may or may not exist) of a traffic management system’s communication
network and that we must be prepared to
stop hackers should they get past the first
line of defense. itej
www.ite.org
April 2015
11
Real Life.
Real Solutions.
He may not know it, but today his
commute is safer than ever before.
Safety measures such as Bike Min Green,
delivering enough time for a bicycle to make
it through the intersection, are critical.
Accurate detection and differentiation of
travelers at the intersection—whether car, truck,
or bicycle—make improved road safety possible.
Econolite offers a wide range of detection technologies,
including above-ground video and radar, and in-ground
sensors, to help you meet any detection objective,
creating a safer world.
econolite.com/reallifedetection