The Southwest Research Institute (SwRI) has received a US$750,000 contract award from the Transportation Research Board (TRB) to help state and local agencies address cyberattack risks on current transportation systems and those posed by future connected vehicles.
The Texas-based Institute has been developing and deploying advanced transportation management systems (ATM) for over 20 years and develops multiple fully autonomous vehicles (AVs), connected vehicles (CVs), and intelligent vehicle testing tools and procedures through a variety of US Department of Transportation-funded (USDOT) programs and multiple connected and automated vehicle (CAV) cybersecurity research efforts.
The SwRI’s latest research and development project to assist Departments of Transportation (DOTs) is through the TRB, which is part of the private, nonprofit National Academies of Sciences, Engineering and Medicine.
SwRI will lead the two-year project with support from Praetorian, a leading cybersecurity assessment and advisory firm. The team will conduct a security audit of traffic management systems and develop a web-based guide to help transportation agencies learn to safeguard equipment. More than 400,000 traffic signal systems across the USA have varying levels of network access and embedded security. DOT system managers and government stakeholders may be unaware of cyber risks to controllers, dynamic message signs (DMS), road-weather information systems (RWIS) and other devices that relay data.
SwRI’s assessment will include ‘white hat’ hacking, or penetration testing, to assess vulnerabilities and recommend mitigation strategies. The recommendations will also consider how agencies with limited resources can implement cybersecurity measures. For the future, SwRI’s research will also evaluate potential access points where hackers might exploit connected vehicles. Government agencies and the automotive industry are preparing vehicles and transportation infrastructure to include more wireless networking to enable safer driving with vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) communications.
“The goal is to create security guidance for traffic management centers,” said Daniel Zajac, an SwRI engineer and principal investigator for the effort. “IT and security personnel need to understand threats to their equipment, standards for managing passwords, and then move up to advanced network security. Management centers like Austin and San Antonio may have budget and staff for extensive security programs, but smaller traffic systems in rural parts of the state may not. We have the right experience to help TRB in its effort to bridge gaps in information and resources across the country.”