Security News

High-Tech Highways

October 24, 2017

Cyberattacks Against Intelligent Transportation Systems View Cyberattacks Against Intelligent Transportation Systems

As technology continues to become more and more connected to the internet, the infrastructures that our daily lives rely upon also follow suit. One manifestation of this are Intelligent Transportation Systems (ITS), the application of advanced and emerging technologies in transportation to save lives, time, money, and the environment. From autonomous vehicles to Smart Roads, ITS makes it realistic to imagine fully integrated and connected traffic systems in the future.

However, all internet-enabled technologies are open to the threat of cyberattacks, which could cause commerce disruption and revenue loss and also pose significant safety risks. This scenario is especially true when it comes to ITS. The already demonstrated and proven possibility of ITS being attacked is the main premise of our latest research paper, “Cyberattacks Against Intelligent Transportation Systems: Assessing Future Threats to ITS.” In it we discuss in detail the threats that ITS-integrated traffic infrastructure will face down the line, from attacks that deny the flow of data and information to actual disruption of functions and services. The paper also offers our recommendations, both short term and long term, on what needs to be done to secure an ITS against those very threats.

In the map below, we show a full-fledged Intelligent Transportation System. Click on the icons to see the different components as well as the potential threats that can target them.

Vehicles

Utilize the transportation network in order to navigate to their destination.

Potential Threats/Attacks

  • Vehicle-to-vehicle/vehicle-to-infrastructure messages spoofed or faked
  • Malicious firmware uploaded and installed via over-the-air service upgrades
  • Safety systems or operations disrupted through the electronic jamming of wireless transmissions
  • Vehicle controls remotely hijacked
  • Malicious third-party apps installed in the car’s infotainment system through wireless communication

Roadway Reporting Systems

Monitor traffic and current roadway conditions.

Potential Threats/Attacks

  • Safety systems or operations disrupted through the electronic jamming of wireless transmissions
  • System tampered with to install malware, illegally modify devices, or steal data
  • Internet-exposed devices and systems disrupted by DDoS
  • System compromised and used as an entry point into a corporate network
  • Improper commands sent to the controller and backend servers through unauthorized access

Traffic Flow Controls

Direct and divert the flow of traffic; make roads safer.

Potential Threats/Attacks

  • Improper commands sent to the controller and backend servers through unauthorized access
  • Internet-exposed devices and systems disrupted by DDoS
  • System tampered with to install malware, illegally modify devices, or steal data
  • Safety systems or operations disrupted through the electronic jamming of wireless transmissions
  • Vulnerabilities in hardware, software, OS, or protocols exploited for malicious purposes

Payment Applications and Systems

Process payments pertaining to road usage, parking, or congestion charges.

Potential Threats/Attacks

  • Malware installed to disrupt operations and/or steal data
  • Internet-exposed devices and systems disrupted by DDoS
  • System compromised and used as an entry point into a corporate network
  • Vulnerabilities in hardware, software, OS, or protocols exploited for malicious purposes
  • Weak authentication mechanisms brute-forced or abused for unauthorized access

Management Applications and Systems

Manage the myriad of interconnected systems that form ITS components.

Potential Threats/Attacks

  • Malware installed to disrupt operations and/or steal data
  • Weak authentication mechanisms brute-forced or abused for unauthorized access
  • Internet-exposed devices and systems disrupted by DDoS
  • Vulnerabilities in hardware, software, OS, or protocols exploited for malicious purposes
  • Improper commands sent to the controller and backend servers through unauthorized access

Communication Applications and Systems

Manage the flow and distribution of data gathered by the various systems of the ITS.

Potential Threats/Attacks

  • Operators subjected to social engineering attacks
  • Malware installed to disrupt operations and/or steal data
  • Improper commands sent to the controller and backend servers through unauthorized access
  • System compromised and used as an entry point into a corporate network
  • Vehicle-to-vehicle/vehicle-to-infrastructure messages spoofed or faked
  • Vehicles
  • Roadway Reporting Systems
  • Traffic Flow Controls
  • Payment Applications and Systems
  • Management Applications and Systems
  • Communication Applications and Systems

For details on the ITS ecosystem, guidelines on protecting it from cyberattacks, and more, read the research paper: “Cyberattacks Against Intelligent Transportation Systems: Assessing Future Threats to ITS.

HIDE

Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.

Connect with us on