Published in 1999
Intelligent Transportation Systems (ITS) are being deployed around the world to improve the safety and efficiency of surface transportation through the application of advanced information technology. The introduction of ITS exposes the transportation system to new vulnerabilities, such as cyber-attack. In order to ensure that ITS fulfills its potential, it is imperative that those implementing such systems design and operate them to survive cyber-attacks and other information technology-related threats. Information system survivability is defined as the capability of a system to fulfill its mission in a timely manner in the presence of attacks, failures, or accidents. While total survivability may not be achievable, it can be greatly increased with conscientious efforts. This study reviewed previous survivability research on ITS and information systems, examined the National ITS Architecture for survivability issues, and performed case studies of a number of regional ITS systems. Results from these sources were synthesized into the final recommendations contained in this report. These recommendations include: Requirements: Resistance, Recognition, Recovery, and Adaptation. VDOT should include requirements in the categories of resistance, recognition, recovery, and adaptation in all future system requests for proposals (RFPs). Survivability Program. Each ITS system should have a survivability program that includes both technical and nontechnical elements. Best practices. In addition to proper requirements and a survivability program, the best practices developed for general information technology applications should be used. Best practices include security (physical and system), design/requirements, redundancy, system configuration, and the principle of least privilege.
Last updated: December 11, 2023