sensors collect turn movement counts
to improve timing, and we also feed
highly accurate (i.e. 1 millisecond)
real-time data into adaptive control
and advance detection systems to
increase arrivals on green. These usecases
will continue to be critical to
connected vehicles and traffic systems
of the future.”
Securing the future
Indeed, in a connected
world, where traffic lights
can communicate with
vehicles as well as the
surrounding road
infrastructure, Sam
Lauzon, an automotive
cybersecurity software
developer at the University
of Michigan (UMTRI), says that DOTs
“need to inculcate rigorous and
robust processes from top to bottom
if they are to protect signal
infrastructure”.
Lauzon cites the December 2015
cyberattack on the Ukrainian power
grid, which Ukraine blames on the
Russian security services, as a
warning to those traffic management
| V2X Cybersecurity
Cyber legislation?
Creating robust systems, safe from cyberattacks,
will require guidance from regulators, and cooperation
between public and private sectors
attacker to breach the system. From
there, if the compromised machine
is connected to the VPN which
regulates a city’s traffic signals, in
theory, the attacker could take full
control of a traffic light system.”
But with a connected vehicle
revolution well underway, some
believe that it is not just the traffic
light system that hackers could
gain access to. Four years ago two
ethical hackers, Charlie Miller and
Chris Valasek, demonstrated that it
was possible to remotely hack into
a Jeep Cherokee and take full control
of the vehicle.
According to the Ponemon Institute
88% of public sector organisations
have had at least one cyberattack
over the last two years.
It is a worrying statistic for traffic
management centres, most of which
are operated, maintained and funded
by public money.
Cybersecurity expert Cesar Cerrudo
believes the private sector needs to
play a greater role in managing global
transport infrastructure in the future.
“Public sector enterprises
have limited budgets and limited
cybersecurity skillsets. Cybersecurity
must be owned by everyone in
an organisation and not just its
IT division. This culture of cyber
readiness needs to be woven deep
into the fabric of every DOT and the
best solution is for the sector to
work in collaboration with private
enterprise organisations, who have
experience in working in this way.”
Ulster University’s Prof. Curran
agrees local authorities responsible
for traffic infrastructure could
benefit from adopting a more holistic
approach best evidenced in a “security
by design” infrastructure, but thinks
that regulators have a role to play, too.
“Governments need to recognise
that it is not just about securing
roadside infrastructure from hackers,
it is about protecting everything that
comes into contact with road signals.
That means cars, too. DOTs cannot
do this on their own. Regulators
need to give them a helping hand in
developing exacting standards that
all equipment must conform to before
it is deployed.”
Governments need to recognise
that it is not just about securing
roadside infrastructure from hackers, it is
about protecting everything that comes into
contact with road signals
Kevin Curran, professor of cybersecurity,
Ulster University
Above: Regulators
on Capitol Hill may
have to step in to
ensure cybersecurity
standards are
adhered to across
traffic management
an automotive
industries
centres that don’t properly invest
time and money into a cyber
readiness programme.
He explains that the Ukrainian
power monitoring system, which fed
the Ukrainian grid, was protected by
VPN, but adds that “the weaknesses
in this supposedly secure
connection” were easily exposed by
Russian state-sponsored hackers,
“allowing them to effectively control
the power grid from thousands
of miles away”
Lauzon says, “Hackers could
infiltrate a traffic management centre
in exactly the same way. It would
only take an engineer to download
a virus on the same computer that is
monitoring traffic systems for an
039
March/April 2020 Traffic Technology International
www.TrafficTechnologyToday.com
/www.TrafficTechnologyToday.com