A downloadable report on ITS cybersecurity guidelines has been published by the US Department of Transportation (USDOT) recently.
The Cybersecuity and Intelligent Transportation Systems: A Best Practice Guidespecifically seeks to increase awareness around planning and conducting a penetration test.
Detailing the methodology for scoping a penetration test as well the requirements, success criteria, test type, management and test readiness, it is aimed at support state DOT efforts to use ITS penetration testing for successful reduction of risks with use and operation of an ITS.
A USDOT statement, said, “While DOT ITS deployments vary in size and complexity, the ITS penetration test planning and execution involves the same structure and activities tailored to the objectives, scope, and execution constraints of each locality penetration test engagement.
“DOT management can structure the security management program including ITS to use periodic penetration test engagements with continuous monitoring of risk reduction to achieve ground transportation risk reduction for the DOT localities.
Penetration testing can identify vulnerabilities and impacts with ITS systems and technology. Identifying mitigations to successful ITS penetrations enable the DOT to direct actions appropriately. Resilient ITS are designed, installed, operated, and maintained to survive a security incident while sustaining critical functions of a DOT. With systematic planning and execution, ITS penetration testing can uncover exploitable vulnerabilities in the ITS infrastructure and operations and provide estimates of risk impacts from unmitigated weaknesses.
The full report can be downloaded via the National Transportation Library