Mission Critical

Thinking Highways
By David St Amant February 2, 2015 11:29

Mission Critical

David St Amant addresses the issue of protecting traffic management systems from cyber criminals.

As connected as we’ve become, it’s amazing to remember that in 1997 only one-in-three American households even owned a computer. In that pre-9/11 world, technologies we have now come to rely on were in their infancy and cyber security threats were limited. It was against that backdrop that a coalition of transportation and standard development organizations working with the federal government established the National Transportation Communications for Intelligent Transportation Protocol (NTCIP) to ensure the interoperability of traffic equipment.


David St Amant

NTCIP is a family of open standards that define how a transportation management system can seamlessly communicate, or talk if you will, to other management systems in addition to multiple Intelligent Transportation Systems (ITS) field devices, including traffic controllers, dynamic message signs, environmental sensor stations and video cameras, to name a few. Since many pieces in the traffic management and intersection puzzle were created by different manufacturers, NTCIP became the perfect solution to enable interoperability and interchangeability in our increasingly complex Intelligent Transportation System solutions.

When the first NTCIP standards were established nearly two decades ago, it was all about supporting interoperability and interchangeability of field devices. But it’s a new world. In 2015, it might be time to change course to keep transportation management systems secure.

A thoroughly modern problem

You don’t have to look far for evidence of the damage cyber-attackers can inflict on our daily lives. Massive data breaches at Target, Home Depot, Sony Pictures and many banks have put us on alert that hackers are both destructive and relentless.

Econolite, along with most other transportation management companies, has provided password-protected security on traffic control and system products for years, and we are constantly reviewing the security of our products to stay ahead of the growing cyber security threat. The NTCIP standards committee recognized the fast pace of network encryption technologies and did not attempt to standardize on any particular implementation. Instead, NTCIP was designed to interoperate among various network security methodologies such as fully private field interconnect and secure VPN tunneling across any public routes. In our industry’s effort to have long-standing and broadly implemented standards that allow ITS components to work together seamlessly, NTCIP standards have focused on these needs of accessibility and interoperability, leaving the responsibility of network protection to the design and implementation of the field networks. That’s a vulnerability hackers could exploit.

So what’s the worst-case scenario? Well, the good news is that traffic control equipment includes safety-monitoring equipment that automatically sets the intersection to a safe flash mode should a fault like opposing greens occur. There’s no chance for an all-green or yellow intersection, but a moderately sophisticated hacker could certainly cause havoc and possibly create gridlock by changing the timing of the traffic controller.

These issues aren’t going away. In just a few years, connected vehicles will communicate with the infrastructure to dramatically reduce accidents, increase traffic flow and improve efficiency. Several states are already showing leadership in this area including Michigan, which is dedicated to providing a test bed for connected vehicle technologies. The University of Michigan Transportation Research Institute (UMTRI) in collaboration with the state, Federal Highway Administration and other entities are working to guarantee the privacy and security of connected and automated vehicles because it goes without saying we cannot allow hackers into that conversation.

Econolite has deployed traffic signals, controllers and systems at U.S. intersections since 1933. I believe our longevity in the ITS industry bears an obligation to lead and frankly, there’s never been a more critical time for us to do just that.

Although the original NTCIP standards assumed that security would be addressed at the network level, perhaps it’s time to change that view. We plan to challenge the ITS community to relook at the cyber security threat to our ITS systems and take on the task of updating our industry standards. We’ll work with the ITS industry – suppliers, integrators, USDOT, academia, our partners and other providers to address this critical issue because in human terms, we are all committed to providing a safe and secure future for our families – there’s nothing more critical than that.

About the author: David St Amant is President and Chief Operating Officer for Econolite Group, Inc., the umbrella company of Econolite, Econolite Canada, Aegis ITS, Safetran, California Chassis and Arroyo Holdings de Mexico. Mr. S. Amant oversees the company’s global operations, including sales, marketing, business and product development, human resources, and public policy and leads the continued development of strategic partnerships, ensuring Econolite Group delivers best-in-class products and services to the Intelligent Transportation Systems (ITS) marketplace.

David St Amant serves on the Board of Directors for the Intelligent Transportation Society of America (ITSA), is a founding member of the ITSA Leadership Circle, past Chair of the ITSA Policy and Business Council, and former Chairman of the Board.

Thinking Highways
By David St Amant February 2, 2015 11:29