APRIL 2015 1930–2015 Transportation and Urban Revitalization op/ed | Stopping Cyber Criminals at the Traffic Management System Gates By Gary Duncan Gary Duncan is currently senior VP and chief technology officer at Econolite. In this position he is responsible for the technical management of Econolite’s strategic technology partnerships, research, and technology business development efforts. He has more than 40 years of experience in the transportation industry and has been involved in the design of both traffic control equipment and traffic management systems, and has been instrumental in the development of a number of industry standards including NEMA TS1 & TS2 and the NTCIP and ATC family of standards. He is currently serving as co-chairman of the ITE Connected Vehicle Task Force and ATC Controller Working Group. He is also a member of the advisory board of the University of Idaho’s National Institute for Advanced Transportation Technology. Gary has a bachelor of science from the School of Engineering at the University of California Los Angeles and is a graduate of the UCLA Executive Management program. The traffic management industry is fully mature but over the last two decades a renaissance in technology has created a new transportation landscape, spawning solutions that the original developers of traffic signals could never have imagined. It would be easy to fall into the belief that our industry doesn’t have a problem, as true hackers have not yet compromised a traffic management system. The advances in technology that we are making and contemplating for intersection control come with tremendous responsibility. The Sony Pictures cyber-attack on the heels of similar data grabs at Target, Home Depot, and Anthem has proven that hackers are relentless, and if there’s vulnerability, they’ll find it. A good example of this is BMW’s recent need to quietly update their ConnectedDrive infotainment system as hackers had found a way into the system and demonstrated their ability to remotely unlock a BMW vehicle with a smartphone. At Econolite, we believe that in order to stay ahead of the cyber threat, it’s time to consider updating a series of standards that were developed starting in 1997, and are common to our industry. The National Transportation Communications for intelligent transportation system (ITS) Protocol (NTCIP) is a family of open standards that define how transportation management systems communicate with each other and with field devices including traffic controllers, dynamic message signs, environmental sensor stations, sensor systems and video cameras. Many of these components are built by different manufacturers, which made NTCIP’s open standards the best answer to ensure interoperability and interchangeability across the ITS ecosystem.However, the world has changed and we believe it’s time to alter course to keep transportation management systems secure. Under NTCIP, the overall communications network security was intended to be the responsibility of the design and implementation of field communications networks. For years, Econolite, and most other traffic control manufacturers have delivered products with username and password-protected security (that is often not used or left with defaults at the time of installation). But, component level security is no longer enough. The NTCIP standards leave a potential entry point for cyber attackers who can get past the security measures built into the transportation management system’s communications network (the first line of defense). There are safety measures (conflict monitors or malfunction management units) built into traffic control cabinet systems that will set the intersection to a safe, flash mode should a hacker break into a traffic controller and make an unsafe change to the controllers database (such as causing conflicting movements or setting clearance timing below safe minimums). So there’s no chance for an all-green or yellow intersection, but even changing timing of a controller could cause gridlock as a worst-case scenario and that’s not an outcome we want to see happen. We’re calling on our colleagues in the ITS community to join us in reexamining the cyber security threat to traffic management systems, and as a group, take on the task of updating our industry standards as needed to enhance security. If anything good has come out of the recent high profile cyber-attacks it’s in our own realization that it may no longer be enough to count on the security (that may or may not exist) of a traffic management system’s communication network and that we must be prepared to stop hackers should they get past the first line of defense. itej www.ite.org April 2015 11 Real Life. Real Solutions. He may not know it, but today his commute is safer than ever before. Safety measures such as Bike Min Green, delivering enough time for a bicycle to make it through the intersection, are critical. Accurate detection and differentiation of travelers at the intersection—whether car, truck, or bicycle—make improved road safety possible. Econolite offers a wide range of detection technologies, including above-ground video and radar, and in-ground sensors, to help you meet any detection objective, creating a safer world. econolite.com/reallifedetection
© Copyright 2024