Mitigation of Cybersecurity Vulnerabilities for Traffic Control Infrastructure

Details

• Creators:
  Kourtellis, Achilleas ; Lin, Pei-Sung ; Ligatti, Jay ; Dennis, Kevin ; Laverghetta, Gabriel
• Corporate Creators:
  University of South Florida. Center for Urban Transportation Research
• Corporate Contributors:
  Florida. Department of Transportation. Research Center
• Subject/TRT Terms:
  Cameras Computer Security Data And Information Technology Data Management Emergencies Highway Operations Highways Information Technology Infrastructure Literature Reviews Operations And Traffic Management Risk Management Security Security And Emergencies Specifications Traffic Signal Controllers Traffic Signal Control Systems Traffic Signals

  More +
• Resource Type:
  Tech Report
• Geographical Coverage:
  United States
• Edition:
  Draft Final Report: 12/2023 – 8/2025
• Corporate Publisher:
  Florida. Department of Transportation. Research Center
• Abstract:
  As transportation systems incorporate computing technology, cybersecurity risks have grown. This project, in collaboration with the Florida Department of Transportation (FDOT) and the Traffic Engineering Research Laboratory (TERL), aims to enhance the security of traffic controllers and related infrastructure by identifying vulnerabilities, developing cybersecurity specifications, and proposing mitigation strategies. The research team conducted a literature review of cybersecurity standards and best practices in transportation. Based on this review, specifications for authentication, authorization, and encryption were developed, along with a testing procedure. This procedure was demonstrated to TERL staff, who provided feedback for refinement. Applying the procedure to six traffic controller models, the team discovered 20 vulnerabilities, each reported to manufacturers. Several vendors proposed remediation plans, with four software updates scheduled—one already completed. Additionally, a traffic camera assessment focused on its web interface and security scanning, leading to cybersecurity recommendations for agencies and vendors. Future research could expand testing to controller logs, physical security, and advanced cybersecurity threats. If physical access to a traffic camera becomes available, further evaluations can be conducted. This study strengthens transportation cybersecurity by identifying threats and collaborating on solutions to improve system resilience.
• Format:
  PDF
• Funding:
  BED25-977-17
• Collection(s):
  US Transportation Collection
• Main Document Checksum:
  urn:sha-512:4d575e70981eb9673eb61c992d0652cb3df14a29c3f0b386d087df8c69cd0e6304a0794cb13bb865dc8e9614a7cce2cb83c1c68275c3ca74f81c876e184fe210
• Download URL:
  https://rosap.ntl.bts.gov/view/dot/88907/dot_88907_DS1.pdf
• File Type:
  [PDF - 3.37 MB ]