Southwest Research Institute received a $750,000 contract award from the Transportation Research Board (TRB) to help state and local agencies address cyber-attack risks on current transportation systems and those posed by future connected vehicles. TRB is part of the private, nonprofit National Academies of Sciences, Engineering, and Medicine.
SwRI will lead the two-year project with support from Praetorian, a leading cybersecurity assessment and advisory firm. The team will conduct a security audit of traffic management systems and develop a web-based guide to help transportation agencies learn to safeguard equipment.
The goal is to create security guidance for traffic management centers. IT and security personnel need to understand threats to their equipment, standards for managing passwords, and then move up to advanced network security.—Daniel Zajac, a SwRI engineer and principal investigator for the effort
More than 400,000 traffic signal systems across the United States have varying levels of network access and embedded security. System managers and government stakeholders may be unaware of cyber risks to controllers, dynamic message signs, road-weather information systems, and other devices that relay data.
SwRI’s assessment will include “white hat” hacking, or penetration testing, to assess vulnerabilities and recommend mitigation strategies. The recommendations will also consider how agencies with limited resources can implement cybersecurity measures.
For the future, SwRI’s research will also evaluate potential access points where hackers might exploit connected vehicles. Government agencies and the automotive industry are preparing vehicles and transportation infrastructure to include more wireless networking to enable safer driving with vehicle-to-vehicle and vehicle-to-infrastructure communications.
SwRI has been developing and deploying advanced transportation management systems (ATMS) for more than 20 years and develops multiple fully autonomous vehicles, connected vehicles, and intelligent vehicle testing tools and procedures through a variety of US Department of Transportation-funded programs and multiple connected and automated vehicle cyber security research efforts.