Cybersecurity isn't infrastructure? Like hell it isn't

This recent quote by the Mayor LaToya Cantrell of New Orleans is instructive. The transportation industry has made significant strides in awareness of the cyber vulnerabilities of traffic systems. Despite these improvements, we’ve yet to see the majority of DOTs take sufficient cybersecurity actions.
December 9, 2021
© Michael Borgers | Dreamstime.com
© Michael Borgers | Dreamstime.com

And today’s vulnerabilities will create far more risk as we expand the use of connected and autonomous vehicles (CAV) and Vehicle to Everything (V2X) communications. One approach to more efficiently accelerate the deployment of cyber defences in transportation is to treat cybersecurity as part of the infrastructure, instead of an afterthought.

A possible analogy would be to say: “Pour the concrete for the bridge. Then, we can decide later whether to include rebar.” Rebar is an essential requirement; else, the bridge cannot be considered safe. Likewise, cybersecurity should be written into all new project requirements to, at the very least, limit the further deployment of vulnerable equipment and systems.

Further, the inclusion of cybersecurity as a required element of infrastructure projects should accelerate the improved security of systems.

Additionally, this approach would push selected contractors and vendors to build a cohesive cybersecurity approach into proposed projects and make them share responsibility for a successful outcome. While cybersecurity measures have been somewhat slow in the industry, there has been recent progress with a few DOTs taking effective steps towards securing their traffic networks.

In tomorrow’s (Friday’s) conference session, Cybersecurity Isn’t Infrastructure? Like Hell, it Isn’t (08:00 – 09:00 East Wing E219D) the panel tackles today’s cybersecurity challenges from a range of perspectives, including the current threat landscape; DOT perspectives and challenges; limitations in existing ITS architecture; the consultant’s role in cybersecurity; workforce development needs; the ever-growing security challenges in the ITS industry; and security best practices for DOTs, agencies and hardware/software manufacturers.