APRIL 2015
1930–2015
Transportation and
Urban Revitalization
op/ed |
Stopping Cyber Criminals at the
Traffic Management System Gates
By Gary Duncan
Gary Duncan is currently senior VP and
chief technology oﬃcer at Econolite. In this
position he is responsible for the technical
management of Econolite’s strategic
technology partnerships, research, and
technology business development eﬀorts.
He has more than 40 years of experience
in the transportation industry and has
been involved in the design of both traﬃc
control equipment and traﬃc management
systems, and has been instrumental in
the development of a number of industry
standards including NEMA TS1 & TS2 and the
NTCIP and ATC family of standards.
He is currently serving as co-chairman of
the ITE Connected Vehicle Task Force and
ATC Controller Working Group. He is also
a member of the advisory board of the
University of Idaho’s National Institute for
Advanced Transportation Technology.
Gary has a bachelor of science from the
School of Engineering at the University of
California Los Angeles and is a graduate of
the UCLA Executive Management program.
The traﬃc management industry is fully
mature but over the last two decades a
renaissance in technology has created a new
transportation landscape, spawning solutions that the original developers of traﬃc
signals could never have imagined.
It would be easy to fall into the belief that
our industry doesn’t have a problem, as true
hackers have not yet compromised a trafﬁc management system. The advances in
technology that we are making and contemplating for intersection control come with
tremendous responsibility. The Sony Pictures
cyber-attack on the heels of similar data grabs
at Target, Home Depot, and Anthem has
proven that hackers are relentless, and if there’s
vulnerability, they’ll ﬁnd it. A good example of
this is BMW’s recent need to quietly update
their ConnectedDrive infotainment system as
hackers had found a way into the system and
demonstrated their ability to remotely unlock
a BMW vehicle with a smartphone.
At Econolite, we believe that in order to stay
ahead of the cyber threat, it’s time to consider updating a series of standards that were
developed starting in 1997, and are common
to our industry. The National Transportation
Communications for intelligent transportation system (ITS) Protocol (NTCIP) is a family
of open standards that deﬁne how transportation management systems communicate
with each other and with ﬁeld devices including traﬃc controllers, dynamic message
signs, environmental sensor stations, sensor
systems and video cameras. Many of these
components are built by diﬀerent manufacturers, which made NTCIP’s open standards
the best answer to ensure interoperability
and interchangeability across the ITS ecosystem.However, the world has changed and we
believe it’s time to alter course to keep transportation management systems secure.
Under NTCIP, the overall communications
network security was intended to be the
responsibility of the design and implementation of ﬁeld communications networks. For
years, Econolite, and most other traﬃc control
manufacturers have delivered products with
username and password-protected security
(that is often not used or left with defaults
at the time of installation). But, component
level security is no longer enough. The NTCIP
standards leave a potential entry point for
cyber attackers who can get past the security
measures built into the transportation management system’s communications network
(the ﬁrst line of defense).
There are safety measures (conﬂict monitors
or malfunction management units) built into
traﬃc control cabinet systems that will set
the intersection to a safe, ﬂash mode should
a hacker break into a traﬃc controller and
make an unsafe change to the controllers
database (such as causing conﬂicting movements or setting clearance timing below
safe minimums). So there’s no chance for
an all-green or yellow intersection, but even
changing timing of a controller could cause
gridlock as a worst-case scenario and that’s
not an outcome we want to see happen.
We’re calling on our colleagues in the ITS
community to join us in reexamining the
cyber security threat to traﬃc management
systems, and as a group, take on the task of
updating our industry standards as needed
to enhance security. If anything good
has come out of the recent high proﬁle
cyber-attacks it’s in our own realization that
it may no longer be enough to count on the
security (that may or may not exist) of a trafﬁc management system’s communication
network and that we must be prepared to
stop hackers should they get past the ﬁrst
line of defense. itej
www.ite.org
April 2015
11
Real Life.
Real Solutions.
He may not know it, but today his
commute is safer than ever before.
Safety measures such as Bike Min Green,
delivering enough time for a bicycle to make
it through the intersection, are critical.
Accurate detection and differentiation of
travelers at the intersection—whether car, truck,
or bicycle—make improved road safety possible.
Econolite offers a wide range of detection technologies,
including above-ground video and radar, and in-ground
sensors, to help you meet any detection objective,
creating a safer world.
econolite.com/reallifedetection