Cyber security is the elephant in any ITS room. At the opening day of GRIDSMART’s INTERSECT17 Rick Tiene, VP of Government and Critical Infrastructure at Mission Secure Inc. and Patrick Son, Managing Director of the National Operations Center of Excellence (NOCoE) brought the elephant out of the corner and into the open. In a session entitled Mission Secure: Transportation Infrastructure Security Suggested Practices, Tiene said, “We assume that the network is already violated. The questions is, what damage can it do?”
Son, whose agency is a non-profit trade association with the goal of advancing and sharing best practices in traffic systems management and operations (TSMO), pointed out that the threat and accompanying strategies for defeating the danger are not without precedent. “A lot of where the industry is going needs to mirror more established industries,” he said. “At some point, you’re going to be attacked. At some point your system is going to fail. How well you react is key.”
Before an audience of traffic engineers, equipment distributors and GRIDSMART partners, Mission Secure’s Tiene related how, during a recent table-top exercise to simulate a cyber-attack on an East Coast city, a participant’s computer was actually hacked. With the advances in transportation “The fact that they can get in is not fantasy at all,” he said.
Looming largest among the litany of threat concerns is the advent of driverless vehicles. “Add autonomous vehicles to the mix and the value of an attack goes up,” said Tiene. So how can the ITS industry and all its partners protect traffic and infrastructure into the future? NOCoE’s Son says at least two national initiatives to establish a cyber security framework are underway and could be ready for industry consumption in a little more than a year. One of those efforts is a collaboration between some of transportation’s most respected agencies including ITE, AASHTO, ITS America and others. But even before that release, Mission Secure’s Tiene defined a patent-pending strategy of monitoring systems for anomalies, detecting problems, informing operators of issues, correcting the issue and ultimately collecting data about the attack.
Tiene took a moment to reinforce that cyber attacks on departments of transportation are not hypothetical and have already happened. “People don’t want to broadcast it and luckily there hasn’t been huge damage,” he said. “They can’t go green-green, but they can do damage.”