Establishing a Cybersecurity Framework and Tools for Roadway Infrastructure
As the transportation and automotive industries prepare for connected and automated vehicles, ensuring that the complex information systems sharing data to perform safety functions are secure from cyber-attacks and unauthorized access is critical to the technology’s successful implementation. ITE, with a long history of leading efforts to provide stakeholder input and intelligent transpor- tation systems standards for the development of connected vehicles, was awarded a contract in October 2016 from the U.S. Department of Transportation (USDOT) to establish a transportation system cyber-security framework and tools. This project is being managed and executed by the ITE Technical Programs Division.
One of the goals of the work is to provide a means for rapid, secure communication of relevant cybersecurity challenges among trusted stakeholders, including the USDOT Federal High- way Administration; regional, state, and municipal traffic system operators; equipment manufacturers and integrators; academia; the cybersecurity community; and law enforcement. The project will provide a common means whereby all of these stakeholder classes may communicate as equals to discuss and develop guidance to address cybersecurity challenges. Based on this communication and sharing, the goal is to then develop guidance that may be imple- mented when cybersecurity threats materialize.
As a first step of phase one of this project, ITE Technical Pro- grams Division staff established a team through a memorandum of understanding with the American Association of State Highway and Transportation Officials (AASHTO), the Intelligent Transportation Society of America (ITS America), the National Electrical Manu- facturers Association (NEMA), and the National Association of City Transportation Officials (NACTO). ITE has been leading this team to work collaboratively in establishing a beta website to assist in build- ing a cybersecurity discussion forum. This beta website is laying the groundwork for the framework that is now being developed for phase two of the project.
Together the partners have established a workgroup of stake- holders from cities, counties, states, and metropolitan planning organizations to identify cybersecurity needs and requirements. ITE has conducted interviews and recorded detailed input to identify cybersecurity needs and issues within agencies in general. In April 2018, ITE headquarters conducted a needs analysis workshop with the agencies to validate cybersecurity needs.
Work is now underway to establish a workgroup of stakeholders from the private sector to help build products and services that are secure from a cybersecurity perspective, as well as the creation of workgroups for law enforcement, hackers, and testers. Phase two of the work will involve creating tools and services to research the dimensions of cybersecurity threats; developing a monitor/alert/ advisory system; and identifying the requirements for a cybersecu- rity vulnerabilities self-assessment tool for agencies.
The partnership established in phase one of the project ensures that the members from each partner association are well repre- sented in developing, validating, and testing the products, tools, and services. The beta website developed in phase one will help identify the needs and requirements of the final outreach website that will be hosted through the National Operations Center of Excellence, which ITE supports with several staff from the ITE Technical Programs Division.
Stay tuned to all of ITE’s communication channels for continual updates related to this work and other efforts being led by the ITE Technical Programs Division.
This is taken from the June 2018 issue of ITE Journal.