The Transportation Research Board has awarded a $750,000 contract to the Southwest Research Institute to help state and local agencies assess cybersecurity risks on current and future transportation systems.
SwRI will lead the two-year project with support from Praetorian, a cybersecurity assessment and advisory firm. The team will conduct an audit of traffic management systems and develop a guide to help transportation agencies learn to safeguard equipment.
Over 400,000 traffic signals in the U.S. have a degree of network access and embedded security. The research will go toward alerting system managers and government stakeholders to the threats that may face controllers, dynamic message signs, road-weather information systems, and other devices that relay data.
“The goal is to create security guidance for traffic management centers,” said Daniel Zajac, an SwRI engineer and principal investigator for the effort. “IT and security personnel need to understand threats to their equipment, standards for managing passwords, and then move up to advanced network security.”
SwRI will use white hat hackers to test and assess potential vulnerabilities and recommend mitigation strategies. The recommendations will also consider how agencies with limited resources can implement cybersecurity measures.
SwRI’s research will also evaluate potential access points where hackers might exploit connected vehicles in the future. Government agencies and the automotive industry are preparing vehicles and transportation infrastructure to include more wireless networking to enable safer driving with vehicle-to-vehicle and vehicle-to-infrastructure communications.
“Management centers like Austin and San Antonio may have budget and staff for extensive security programs, but smaller traffic systems in rural parts of the state may not,” Zajac said. “We have the right experience to help TRB in its effort to bridge gaps in information and resources across the country.”