Return to the VTRC Home Page
Click here to print the printer friendly version of this page.
 
Page Title: VTRC Report Detail

The contents of this report reflect the views of the author(s), who is responsible for the facts and the accuracy of the data presented herein. The contents do not necessarily reflect the official views or policies of the Virginia Department of Transportation, the Commonwealth Transportation Board, or the Federal Highway Administration. This report does not constitute a standard, specification, or regulation. Any inclusion of manufacturer names, trade names, or trademarks is for identification purposes only and is not to be considered an endorsement.

Title:

Survivability of Intelligent Transportation Systems
Authors:
Sielken, Robert S.
Brian L. Smith
Year: 1999
VTRC No.: 00-R9
Abstract: Intelligent Transportation Systems (ITS) are being deployed around the world to improve the safety and efficiency of surface transportation through the application of advanced information technology. The introduction of ITS exposes the transportation system to new vulnerabilities, such as cyber attack. In order to ensure that ITS fulfills its potential, it is imperative that those implementing such systems design and operate them to survive cyber attacks and other information technology-related threats. Information system survivability is defined as the capability of a system to fulfill its mission in a timely manner in the presence of attacks, failures, or accidents. While total survivability may not be achievable, it can be greatly increased with conscientious efforts. This study reviewed previous survivability research on ITS and information systems, examined the National ITS Architecture for survivability issues, and performed case studies of a number of regional ITS systems. Results from these sources were synthesized into the final recommendations contained in this report. These recommendations include: Requirements: Resistance, Recognition, Recovery, and Adaptation. VDOT should include requirements in the categories of resistance, recognition, recovery, and adaptation in all future system requests for proposals (RFPs). Survivability Program. Each ITS system should have a survivability program that includes both technical and nontechnical elements. Best practices. In addition to proper requirements and a survivability program, the best practices developed for general information technology applications should be used. Best practices include security (physical and system), design/requirements, redundancy, system configuration, and the principle of least privilege.