Case Study
Top 50 City Secures Traffic Signal System and Connected Vehicle Technology with Mission Secure
City Traffic Management System | North America
As a leader in urban transportation technologies, this North American city proactively looked to ensure their traffic signal system network was secure and could support a connected infrastructure. In this case study, you’ll learn how they worked with Mission Secure to assess their baseline cybersecurity risks, gain visibility into their OT traffic management system network, and improve overall cybersecurity and network performance.
The Customer
The customer is a Top 50 city in one of the three most populous states in the United States. This city boasts a total population of over 400,000, in a metropolitan area of over three million. The customer is committed to providing first-class services to its citizens. They’ve developed an extensive performance management framework to provide measurable accountability and transparency. Noteworthy aspects of this framework include detailed traffic management and advisory information.
As a leader in the implementation of new transportation technologies and connected vehicle applications and technologies, the city embarked on a Connected Vehicle Pilot, which employs innovative vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) communication technology to improve safety and traffic conditions across the city. Vehicles that are equipped with connected vehicle technology can communicate wirelessly to other vehicles, traffic signals, crosswalks, and other equipment to:
- prevent crashes,
- alleviate morning backups,
- optimize traffic flow,
- improve transit trip times,
- and reduce greenhouse gas emissions.
The Challenge
The customer had historically addressed their security issues by air gapping their systems to isolate them physically from unsecured networks. But, as their systems became more connected, they found themselves attempting to retrofit traditional IT security solutions in hopes of providing coverage for the roadside cabinets across their traffic signal system network. The roadside cabinets’ equipment is unique to traffic signal systems, such as a malfunction management unit (MMU) that manages malfunctions affecting traffic light control cabinets. The customer needed a solution that would ensure that the cabinets’ components were protected against malicious threats that could trigger an MMU to take over and potentially cause traffic congestion and/or accidents.
Before the pilot launch, the customer engaged with Mission Secure to conduct a comprehensive network data assessment to determine the state of their traffic signal system network and assess significant risk areas. In addition to finding some general network infrastructure inefficiencies, the joint team discovered a considerable amount of superfluous traffic consuming bandwidth. Additionally, there was a substantial amount of communications coming from unknown external networks as a result of some misconfigurations. Several network routing issues, as well as cross-subnet direct connections and cross-subnet broadcast traffic, were found that could potentially pose a threat across the flat network.
Our traffic signal system network wasn’t originally designed with cybersecurity in mind, and we could not risk deploying this unique connected technology on top of an unsecured network. We knew we needed to be proactive so that security wouldn’t be a factor with the pilot.
—Chief Traffic Management Engineer
The Interconnected Solution
Based on Mission Secure's recommendations for their connected vehicle pilot, the customer deployed inline protection for their traffic controllers and the MMUs. They also set up monitoring on a span port to listen to all of the traffic on the switch. Anything that attempted to reach to or from the traffic controller would go through Mission Secure Console Appliances first, including any connections coming from their operations center or other devices that may be plugged into the local switch. The customer worked with the Mission Secure team to design a cybersecurity solution for the city’s pilot traffic signal system network to support the additional demands of the connected vehicle technologies. With the Mission Secure Platform, the city is now able to:
- Deliver inline protection to critical traffic controllers and malfunction management units
- Restrict unauthorized communications to and from the traffic signal system network
- Conduct a comprehensive analysis of OT network operations to determine security risks
Comprehensive OT Network Visibility
The customer can now analyze and map network connections and activity across all roadside cabinets in the traffic signal system network. The customer can also block unauthorized communications through the Mission Secure Platform. Through comprehensive network monitoring, the customer can now:
- Regularly review network IP addressing
- Map their traffic network and continually inventory and discover assets on the network
- Log and alert on unauthorized and unidentified connection attempts and network scans
The Mission Secure Platform gave us extensive visibility into what was on our traffic signal system network. We were able to take action on some of the key findings to reduce the risk of malicious traffic compromising the systems in our roadside cabinets.
Improved OT Cybersecurity and Performance
The customer can now observe and map network connections and activity, eliminate network infrastructure inefficiencies, and significantly improve network performance by blocking unauthorized network communications. The customer was also able to rectify network routing failures as well as cross-subnet direct connections and cross-subnet broadcast traffic— all of which could have posed threats across their network.
By blocking the unnecessary traffic that was on our traffic signal system network, we were able to prioritize the good network traffic and optimize performance.”
–Chief Traffic Management Engineer
