When America’s former spy chief, James Clapper, said that cyberattacks were the number one threat to national security, he was referring to the danger posed by a rogue nation state or state-sponsored hackers. And rightly so. Since his report was issued in 2015, there have been several high profile cyberattacks including one on Ukraine’s power grid, another on Bangladesh’s central bank, which cost the country USD$81 million, and who can forget WannaCry 2.0, which in May 2017 infected more than 230,000 computers in 150 different countries.
With cyberattacks on critical infrastructure becoming more common, the US and other countries have taken steps to secure the grid, ports, telecommunication lines and government buildings.
But a cyberattack by Gabriel Murillo and Kartik Patel in the summer of 2006 suggests governments around the world should also move to protect roadside infrastructure.
Curiously, Murillo and Patel were not state sponsored hackers. Instead they were disgruntled traffic engineers working for the Los Angeles Department of Transportation, who sabotaged the city’s traffic light system as part of a Labor Day protest.
Unbeknownst to their bosses or anyone else in the traffic management team, the pair strategically identified several key intersections which were in close vicinity to major roads, freeways and vital infrastructure. They then set about delaying the timing of red light signals at each intersection. The result was gridlock at Los Angeles International Airport and the Glendale Freeway. Although Murillo’s and Patel’s hack caused no accidents, it led to days of congestion. Both men were charged and were sentenced to two years’ probation in 2009.
"Cyberattacks are a fact of modern life, but while governments may be focused on protecting their central computers, could traffic management systems represent a ‘soft target’? We assess the risks."
- James Gordon
The attack should have been a wake-up call to traffic managers everywhere to beef up security in traffic management centres and to address security flaws in signal infrastructure. But research undertaken by the University of Michigan in 2014 by Professor Alex Halderman shone a light on a “systemic lack of security consciousness” amongst transportation departments” running “future embedded systems”.
In a paper entitled, Green Lights Forever: Analyzing the Security of Traffic Infrastructure, with the permission of a Michigan Road agency, Halderman and his team investigated how susceptible a networked traffic light system, using wireless technology, was to cyber attack.
“Due to systemic failures by the designers”, they discovered that was it was not only possible to “gain control of a system of almost 100 intersections” but to also “change the lights on command”.
Kevin Curran, professor of cybersecurity at Ulster University, in Northern Ireland, says that traffic light control systems based on wireless communication technologies, are particularly susceptible to attack.
“In the United States where these systems are becoming increasingly popular, cyber attackers demonstrated how easily it was to infiltrate this technology largely because of a lack of ‘cyber hygiene’. Often engineers were using default passwords leaving the IP address free for hackers to access.”
230,000 The estimated number of computers infected with the WannaCry 2.0 virus in May 2017
100 The number of vulnerable intersections a 2014 academic paper identified in Michigan, USA
V2X Connected vehicle systems being developed without unifying standards could represent a cybersecurity risk.
The estimated number of computers infected with the WannaCry 2.0 virus in May 2017
The number of vulnerable intersections a 2014 academic paper identified in Michigan, USA
Connected vehicle systems being developed without unifying standards could represent a cybersecurity risk.
Creating robust systems
The key to designing signal control that is resilient to attack lies in overall system architecture. Centralized control centers may seem, to the layman, like vulnerable points for attack, but they aren’t necessarily more vulnerable than having each junction isolated and controlled independently, so long as they are designed correctly.
“It’s not a case of pitting one against another, but a secure system architecture that counts,” says Dr Zhengguo Sheng, a lecturer in advanced networks and communications at the University of Sussex, UK. “Although most modern traffic management systems are centralized, they are not based in one single location, but in a few strategic centres. All use
a multi-layered control system with a back-up system that runs in tandem with the operating system. Therefore, if a hacker does exploit a vulnerability in the system, it is fairly easy to get it up and running again.”
But, according to Dr Sheng, just because the majority of traffic authorities “are using the correct system architecture, it doesn’t mean that they are safe from cyberattack”.
He explains, “Hackers are relentless and they will always find an organization’s Achilles’ heel. For signal operators, the greatest potential security flaw is not so much the computer software, but an attack on the data that flows through the many different sensors that help better regulate traffic lights.”
Dr Sheng says that if a sensor or a VPN connection is breached, as in the case of the Ukrainian Power grid hack, “a virtual tunnel can be created between the sensor that feeds the traffic light with information and the wider network”.
“While the hacker would still find it very difficult to influence the behaviour of an entire city’s traffic lights, it might be possible for them to create gridlock in certain areas of a town or a city until the flaw was patched.”
Are the systems in place to protect connected vehicles robust enough?
It may not take up many newspaper column inches, but without SCMS (security credential management system), V2V and V2i would not work.
“It is the first line of defence against hackers because it facilitates trusted communication,” says Sam Lauzon, an automotive cybersecurity software developer at the University of Michigan (UMTRI), who has been investigating SCMS 2.0 for the last year.
However, Lauzon, says the system “is far from perfect” and could in theory be infiltrated by sophisticated state-sponsored hackers. He says that “there is currently no infrastructure or standards in place to identify and stop a compromised vehicle, or revoke its ability to sign messages appropriately”.
He explains, “If a hacker were to breach the SCMS there is currently no way that it would be able to differentiate between a compromised vehicle which is receiving fake information and one that is receiving genuine instructions. An attacker could exploit this and deliberately cause two cars to virtually overlap or provide conflicting instructions to the driver.”
But Dr Ben Waterson, a member of the University of Southampton’s Transportation Research Group, disagrees that there is a positive correlation between inter-connectivity and cyber vulnerability.
He says, “A rail network can be severed by breaking a small number of rails. A road network is far more interconnected and therefore requires far more connections to be severed to have the same effect.”
He also disagrees that a traffic management system heavily reliant on sensors and wireless radio – which may become the norm as cites strive for greater connectivity – makes it more vulnerable to cyberattack.
Dr Waterson explains, “The flows of data from sensors to the control system would be much easier to affect, but this would be of limited impact because the fallibility of sensor systems operating in real world conditions means that control software is used to identify and ignore anomalous data.”
So what would be the worst case scenario in his eyes? In the first few minutes of a cyber offensive, Dr Waterson, says that “providing a hacker could turn all the lights green”, which he doubts possible, “it is likely that there would be a large number of crashes”. He adds, “Beyond the first few minutes of impact, drivers would quickly establish that the traffic lights need to be ignored and would simply proceed with extreme care and vigilance.
This would likely cause a large increase in delays on all journeys through a city, so the longer term impact would be frustration and economic cost rather than a threat to direct safety.”
But Dr Sheng believes that Vehicle-to-Everything (V2X) technology, which enables a connected vehicle to become part of the road infrastructure and the transport system “could dramatically change the nature and severity of a cyberattack”.
Dr Sheng is particularly concerned that regulation is struggling to keep pace with technology, and believes it is an area that state sponsored hackers could exploit in the future.
He explains, “OEMs are developing state-of-the-art connected systems, but many are doing so independently of each other. What’s more there are very few standards being developed and without regulation that promotes a robust cybersecurity framework, some of these systems could be infiltrated by hacker.”
With many automakers developing intersection priority management systems, which many see as a precursor to autonomous driving, Dr Sheng says that in the future “it might be possible for hackers to take control of a vehicle either by hacking into the vehicle or the infrastructure it is connected to”.
“The only way to prevent this,” he says, “is for vehicle manufacturers, telecom providers, roadside infrastructure suppliers and cyber security professionals to collaborate before this critical infrastructure is permanently laid down. Once aligned, they need to work alongside a regulator to develop standards for a system of firewalls across a single tunnel from the outside world to the transport system to guard against cyber attacks.”