Roadway Transportation System Cybersecurity Reporting Tools

General Information

You can report a cybersecurity threat and view public content without logging in. Please register to request access to shared information regarding cybersecurity vulnerabilities and exploitation and suggested guidance to address cybersecurity challenges. The administrator will send you an email notifying of the approval result. The contents of this portal is visible to users who register and are approved by administrators. Each user will have access to various parts of the system.

Cyber Security Risk Assessment Tools

As the transportation infrastructure is operated with more connectivity between systems, it becomes important that the intelligent transportation system components and processes are dependable, resilient, authenticated and used appropriately. To this end, a more formal process of monitoring, alerting, and advising owners/operators of these systems must be established. Although there are other organizations and processes that cover some aspects of roadway ICS/ITS deployments, a focused effort would better serve the highway transportation community with those existing avenues if put into a collaborative and supporting role. As such, the project team (ITE, AASHTO, ITS America, NEMA, and NACTO) proposed a Transportation Systems Cyber-Security Framework (TSCF) to meet this need: https://cyberguidance.transportationops.org/. 

Objectives

1. Providing a means of rapid, secure communication of relevant cybersecurity challenges among trusted stakeholders.
2. Provide a common means whereby all stakeholder classes (including USDOT FHWA; regional, state, and municipal traffic system operators; equipment manufacturers and integrators; academia; the cybersecurity community; and law enforcement may communicate as equals to discuss and develop guidance to address cybersecurity challenges.
3. Develop guidance that may be implemented on a responsive basis as cybersecurity threats materialize.

Cyber Transportation Systems Framework

The landscape in which transportation systems reside and how it operates is changing as computers and communication systems become essential features to sustain highway and street-level operations in metropolitan areas. With this changing environment, the threat environment has also changed. Information sharing regarding threats to the transportation infrastructure is now critically important. This restricted portal endeavors to share information regarding cyber security vulnerabilities and exploitation quickly and efficiently among subscribers.

Creating or Reviewing Your Cyber Resiliency Plan

Based on recent cyber activity in public agencies that has been reported in the news, it is recommended that State and local agencies who own and operate their transportation system to review their cyber resiliency plan at the earliest possible opportunity. This includes reviewing the following steps:

1. Identify where and/or who has your IT and control system plan in response to a cyber event. 
2. If necessary, familiarize yourself with the response plan procedures.
3. Review contact information with internal and external partners to make sure it is current and all partners understand their role and responsibility during a response.
4. Verify the location and condition of any backup software, database, and necessary supporting applications and files.
5. Confirm the response plan has current procedures for restoring software and systems to operating conditions.

If you need guidance or tools for crafting your cyber resiliency plan, please contact us directly.