SwRI investigates cybersecurity weaknesses in transportation management systems

Southwest Research Institute (SwRI), in San Antonio, has been awarded a $750,000 (£573,000) contract from the Transportation Research Board to help state and local agencies address cyber-attack risks on current transportation systems and those posed by future connected vehicles. Cyber security firm, Praetorian will support 588 SwRI by conducting a security audit of traffic management systems and develop a web-based guide to help transportation agencies learn how to safeguard equipment.

SwRI’s assessment will include white hat hacking (penetration testing) to assess vulnerabilities and recommend mitigation strategies. These recommendations will also consider how agencies with limited resources can implement cybersecurity measures.

For future research, SwRI will evaluate potential access points where hackers could exploit connected vehicles. Government agencies and the automotive industry are preparing vehicles and transportation infrastructure to include more wireless networking to enable safer driving with vehicle-to-vehicle and vehicle-to-infrastructure communications.

Figures revealed from the institute show that more than 400,000 traffic signal systems across the United States have varying levels of network access and embedded security. System managers and government stakeholders may be unaware of cyber risks to controllers, dynamic message signs, road-weather information systems, and other devices that relay data.

Daniel Zajac, SwRI engineer and principal investigator, said: “The goal is to create security guidance for traffic management centres,”

IT and security personnel need to understand threats to their equipment, standards for managing passwords, and then move up to advanced network security.”