SwRI researching cybersecurity weaknesses in transportation management systems


The Southwest Research Institute (SwRI) has received a US$750,000 contract award from the Transportation Research Board (TRB) to help state and local agencies address cyberattack risks on current transportation systems and those posed by future connected vehicles.

The Texas-based Institute has been developing and deploying advanced transportation management systems (ATM) for over 20 years and develops multiple fully autonomous vehicles (AVs), connected vehicles (CVs), and intelligent vehicle testing tools and procedures through a variety of US Department of Transportation-funded (USDOT) programs and multiple connected and automated vehicle (CAV) cybersecurity research efforts.

The SwRI’s latest research and development project to assist Departments of Transportation (DOTs) is through the TRB, which is part of the private, nonprofit National Academies of Sciences, Engineering and Medicine.

SwRI will lead the two-year project with support from Praetorian, a leading cybersecurity assessment and advisory firm. The team will conduct a security audit of traffic management systems and develop a web-based guide to help transportation agencies learn to safeguard equipment. More than 400,000 traffic signal systems across the USA have varying levels of network access and embedded security. DOT system managers and government stakeholders may be unaware of cyber risks to controllers, dynamic message signs (DMS), road-weather information systems (RWIS) and other devices that relay data.

SwRI’s assessment will include ‘white hat’ hacking, or penetration testing, to assess vulnerabilities and recommend mitigation strategies. The recommendations will also consider how agencies with limited resources can implement cybersecurity measures. For the future, SwRI’s research will also evaluate potential access points where hackers might exploit connected vehicles. Government agencies and the automotive industry are preparing vehicles and transportation infrastructure to include more wireless networking to enable safer driving with vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) communications.

“The goal is to create security guidance for traffic management centers,” said Daniel Zajac, an SwRI engineer and principal investigator for the effort. “IT and security personnel need to understand threats to their equipment, standards for managing passwords, and then move up to advanced network security. Management centers like Austin and San Antonio may have budget and staff for extensive security programs, but smaller traffic systems in rural parts of the state may not. We have the right experience to help TRB in its effort to bridge gaps in information and resources across the country.”

Share this story:

About Author


Tom has edited Traffic Technology International (TTi) magazine and its Traffic Technology Today website since May 2014. During his time at the title, he has interviewed some of the top transportation chiefs at public agencies around the world as well as CEOs of leading multinationals and ground-breaking start-ups. Tom's earlier career saw him working on some the UK's leading consumer magazine titles. He has a law degree from the London School of Economics (LSE).