PS09: Transportation Infrastructure Protection
This service package includes the monitoring of transportation infrastructure (e.g., bridges, tunnels and management centers) for potential threats using sensors and surveillance equipment and barrier and safeguard systems to control access, preclude an incident, and mitigate the impact of an incident if it occurs. Threats can result from acts of nature (e.g., hurricanes, earthquakes), terrorist attacks or other incidents causing damage to the infrastructure (e.g., stray barge hitting a bridge support). Infrastructure may be monitored with acoustic, environmental threat (such as nuclear, biological, chemical, and explosives), infrastructure condition and integrity, motion and object sensors and video and audio surveillance equipment. Data from such sensors and surveillance equipment may be processed in the field or sent to a center for processing. The data enables operators at the center to detect and verify threats. When a threat is detected, agencies are notified. Detected threats or advisories received from other agencies result in an increased level of system preparedness. In response to threats, barrier and safeguard systems may be activated to deter an incident, control access to an area or mitigate the impact of an incident. Barrier systems include gates, barriers and other automated and remotely controlled systems that manage entry to transportation infrastructure. Safeguard systems include blast shields, exhaust systems and other automated and remotely controlled systems that mitigate impact of an incident.
Relevant Regions: Australia, Canada, European Union, and United States
- Enterprise
- Functional
- Physical
- Goals and Objectives
- Needs and Requirements
- Sources
- Security
- Standards
- System Requirements
Enterprise
Development Stage Roles and Relationships
Installation Stage Roles and Relationships
Operations and Maintenance Stage Roles and Relationships
(hide)
Source | Destination | Role/Relationship |
---|---|---|
Alerting and Advisory System Maintainer | Alerting and Advisory System | Maintains |
Alerting and Advisory System Manager | Alerting and Advisory System | Manages |
Alerting and Advisory System Owner | Alerting and Advisory System Maintainer | System Maintenance Agreement |
Alerting and Advisory System Owner | Alerting and Advisory System Manager | Operations Agreement |
Alerting and Advisory System Owner | Emergency Management Center Maintainer | Maintenance Data Exchange Agreement |
Alerting and Advisory System Owner | Emergency Management Center Owner | Information Exchange Agreement |
Alerting and Advisory System Owner | Emergency Management Center User | Service Usage Agreement |
Alerting and Advisory System Owner | Emergency Personnel | Application Usage Agreement |
Alerting and Advisory System Owner | Emergency System Operator | Application Usage Agreement |
Alerting and Advisory System Supplier | Alerting and Advisory System Owner | Warranty |
Connected Vehicle Roadside Equipment Maintainer | Connected Vehicle Roadside Equipment | Maintains |
Connected Vehicle Roadside Equipment Manager | Connected Vehicle Roadside Equipment | Manages |
Connected Vehicle Roadside Equipment Owner | Connected Vehicle Roadside Equipment Maintainer | System Maintenance Agreement |
Connected Vehicle Roadside Equipment Owner | Connected Vehicle Roadside Equipment Manager | Operations Agreement |
Connected Vehicle Roadside Equipment Owner | Driver | Application Usage Agreement |
Connected Vehicle Roadside Equipment Owner | Emergency Personnel | Application Usage Agreement |
Connected Vehicle Roadside Equipment Owner | Emergency Vehicle OBE Maintainer | Maintenance Data Exchange Agreement |
Connected Vehicle Roadside Equipment Owner | Emergency Vehicle OBE Owner | Information Exchange and Action Agreement |
Connected Vehicle Roadside Equipment Owner | Emergency Vehicle OBE User | Service Usage Agreement |
Connected Vehicle Roadside Equipment Owner | ITS Roadway Equipment Maintainer | Maintenance Data Exchange Agreement |
Connected Vehicle Roadside Equipment Owner | ITS Roadway Equipment Owner | Information Exchange and Action Agreement |
Connected Vehicle Roadside Equipment Owner | ITS Roadway Equipment User | Service Usage Agreement |
Connected Vehicle Roadside Equipment Owner | Traffic Management Center Maintainer | Maintenance Data Exchange Agreement |
Connected Vehicle Roadside Equipment Owner | Traffic Management Center Owner | Information Exchange and Action Agreement |
Connected Vehicle Roadside Equipment Owner | Traffic Management Center User | Service Usage Agreement |
Connected Vehicle Roadside Equipment Owner | Traffic Operations Personnel | Application Usage Agreement |
Connected Vehicle Roadside Equipment Owner | Vehicle Maintainer | Maintenance Data Exchange Agreement |
Connected Vehicle Roadside Equipment Owner | Vehicle Owner | Information Exchange and Action Agreement |
Connected Vehicle Roadside Equipment Owner | Vehicle User | Service Usage Agreement |
Connected Vehicle Roadside Equipment Supplier | Connected Vehicle Roadside Equipment Owner | Warranty |
Driver | Vehicle | Operates |
Emergency Management Center Maintainer | Emergency Management Center | Maintains |
Emergency Management Center Manager | Emergency Management Center | Manages |
Emergency Management Center Manager | Emergency Personnel | System Usage Agreement |
Emergency Management Center Manager | Emergency System Operator | System Usage Agreement |
Emergency Management Center Owner | Alerting and Advisory System Maintainer | Maintenance Data Exchange Agreement |
Emergency Management Center Owner | Alerting and Advisory System Owner | Information Exchange Agreement |
Emergency Management Center Owner | Alerting and Advisory System User | Service Usage Agreement |
Emergency Management Center Owner | Emergency Management Center Maintainer | System Maintenance Agreement |
Emergency Management Center Owner | Emergency Management Center Manager | Operations Agreement |
Emergency Management Center Owner | Emergency Personnel | Application Usage Agreement |
Emergency Management Center Owner | Emergency Vehicle OBE Maintainer | Maintenance Data Exchange Agreement |
Emergency Management Center Owner | Emergency Vehicle OBE Owner | Information Provision Agreement |
Emergency Management Center Owner | Emergency Vehicle OBE User | Service Usage Agreement |
Emergency Management Center Owner | Maint and Constr Management Center Maintainer | Maintenance Data Exchange Agreement |
Emergency Management Center Owner | Maint and Constr Management Center Owner | Information Provision Agreement |
Emergency Management Center Owner | Maint and Constr Management Center User | Service Usage Agreement |
Emergency Management Center Owner | Other Emergency Management Centers Maintainer | Maintenance Data Exchange Agreement |
Emergency Management Center Owner | Other Emergency Management Centers Owner | Information Exchange Agreement |
Emergency Management Center Owner | Other Emergency Management Centers User | Service Usage Agreement |
Emergency Management Center Owner | Rail Operations Center Maintainer | Maintenance Data Exchange Agreement |
Emergency Management Center Owner | Rail Operations Center Owner | Information Provision Agreement |
Emergency Management Center Owner | Rail Operations Center User | Service Usage Agreement |
Emergency Management Center Owner | Security Monitoring Equipment Maintainer | Maintenance Data Exchange Agreement |
Emergency Management Center Owner | Security Monitoring Equipment Owner | Information Provision Agreement |
Emergency Management Center Owner | Security Monitoring Equipment User | Service Usage Agreement |
Emergency Management Center Owner | Traffic Management Center Maintainer | Maintenance Data Exchange Agreement |
Emergency Management Center Owner | Traffic Management Center Owner | Information Exchange Agreement |
Emergency Management Center Owner | Traffic Management Center User | Service Usage Agreement |
Emergency Management Center Owner | Traffic Operations Personnel | Application Usage Agreement |
Emergency Management Center Owner | Transit Management Center Maintainer | Maintenance Data Exchange Agreement |
Emergency Management Center Owner | Transit Management Center Owner | Information Provision Agreement |
Emergency Management Center Owner | Transit Management Center User | Service Usage Agreement |
Emergency Management Center Supplier | Emergency Management Center Owner | Warranty |
Emergency Personnel | Emergency Management Center | Operates |
Emergency Personnel | Emergency Vehicle OBE | Operates |
Emergency Personnel | ITS Roadway Equipment | Operates |
Emergency System Operator | Emergency Management Center | Operates |
Emergency Vehicle OBE Maintainer | Emergency Vehicle OBE | Maintains |
Emergency Vehicle OBE Manager | Emergency Personnel | System Usage Agreement |
Emergency Vehicle OBE Manager | Emergency Vehicle OBE | Manages |
Emergency Vehicle OBE Owner | Connected Vehicle Roadside Equipment Maintainer | Maintenance Data Exchange Agreement |
Emergency Vehicle OBE Owner | Connected Vehicle Roadside Equipment Owner | Expectation of Data Provision |
Emergency Vehicle OBE Owner | Connected Vehicle Roadside Equipment User | Service Usage Agreement |
Emergency Vehicle OBE Owner | Emergency Management Center Maintainer | Maintenance Data Exchange Agreement |
Emergency Vehicle OBE Owner | Emergency Management Center Owner | Expectation of Data Provision |
Emergency Vehicle OBE Owner | Emergency Management Center User | Service Usage Agreement |
Emergency Vehicle OBE Owner | Emergency Personnel | Application Usage Agreement |
Emergency Vehicle OBE Owner | Emergency Personnel | Vehicle Operating Agreement |
Emergency Vehicle OBE Owner | Emergency System Operator | Application Usage Agreement |
Emergency Vehicle OBE Owner | Emergency System Operator | Vehicle Operating Agreement |
Emergency Vehicle OBE Owner | Emergency Vehicle OBE Maintainer | System Maintenance Agreement |
Emergency Vehicle OBE Owner | Emergency Vehicle OBE Manager | Operations Agreement |
Emergency Vehicle OBE Supplier | Emergency Vehicle OBE Owner | Warranty |
ITS Roadway Equipment Maintainer | ITS Roadway Equipment | Maintains |
ITS Roadway Equipment Manager | Emergency Personnel | System Usage Agreement |
ITS Roadway Equipment Manager | ITS Roadway Equipment | Manages |
ITS Roadway Equipment Owner | Connected Vehicle Roadside Equipment Maintainer | Maintenance Data Exchange Agreement |
ITS Roadway Equipment Owner | Connected Vehicle Roadside Equipment Owner | Information Exchange and Action Agreement |
ITS Roadway Equipment Owner | Connected Vehicle Roadside Equipment User | Service Usage Agreement |
ITS Roadway Equipment Owner | ITS Roadway Equipment Maintainer | System Maintenance Agreement |
ITS Roadway Equipment Owner | ITS Roadway Equipment Manager | Operations Agreement |
ITS Roadway Equipment Owner | Traffic Management Center Maintainer | Maintenance Data Exchange Agreement |
ITS Roadway Equipment Owner | Traffic Management Center Owner | Information Exchange and Action Agreement |
ITS Roadway Equipment Owner | Traffic Management Center User | Service Usage Agreement |
ITS Roadway Equipment Owner | Traffic Operations Personnel | Application Usage Agreement |
ITS Roadway Equipment Supplier | ITS Roadway Equipment Owner | Warranty |
Maint and Constr Management Center Maintainer | Maint and Constr Management Center | Maintains |
Maint and Constr Management Center Manager | Maint and Constr Management Center | Manages |
Maint and Constr Management Center Owner | Maint and Constr Management Center Maintainer | System Maintenance Agreement |
Maint and Constr Management Center Owner | Maint and Constr Management Center Manager | Operations Agreement |
Maint and Constr Management Center Supplier | Maint and Constr Management Center Owner | Warranty |
Other Emergency Management Centers Maintainer | Other Emergency Management Centers | Maintains |
Other Emergency Management Centers Manager | Other Emergency Management Centers | Manages |
Other Emergency Management Centers Owner | Emergency Management Center Maintainer | Maintenance Data Exchange Agreement |
Other Emergency Management Centers Owner | Emergency Management Center Owner | Information Exchange Agreement |
Other Emergency Management Centers Owner | Emergency Management Center User | Service Usage Agreement |
Other Emergency Management Centers Owner | Emergency Personnel | Application Usage Agreement |
Other Emergency Management Centers Owner | Emergency System Operator | Application Usage Agreement |
Other Emergency Management Centers Owner | Other Emergency Management Centers Maintainer | System Maintenance Agreement |
Other Emergency Management Centers Owner | Other Emergency Management Centers Manager | Operations Agreement |
Other Emergency Management Centers Supplier | Other Emergency Management Centers Owner | Warranty |
Rail Operations Center Maintainer | Rail Operations Center | Maintains |
Rail Operations Center Manager | Rail Operations Center | Manages |
Rail Operations Center Owner | Rail Operations Center Maintainer | System Maintenance Agreement |
Rail Operations Center Owner | Rail Operations Center Manager | Operations Agreement |
Rail Operations Center Supplier | Rail Operations Center Owner | Warranty |
Security Monitoring Equipment Maintainer | Security Monitoring Equipment | Maintains |
Security Monitoring Equipment Manager | Security Monitoring Equipment | Manages |
Security Monitoring Equipment Owner | Emergency Management Center Maintainer | Maintenance Data Exchange Agreement |
Security Monitoring Equipment Owner | Emergency Management Center Owner | Information Exchange and Action Agreement |
Security Monitoring Equipment Owner | Emergency Management Center User | Service Usage Agreement |
Security Monitoring Equipment Owner | Emergency Personnel | Application Usage Agreement |
Security Monitoring Equipment Owner | Emergency System Operator | Application Usage Agreement |
Security Monitoring Equipment Owner | Security Monitoring Equipment Maintainer | System Maintenance Agreement |
Security Monitoring Equipment Owner | Security Monitoring Equipment Manager | Operations Agreement |
Security Monitoring Equipment Supplier | Security Monitoring Equipment Owner | Warranty |
Traffic Management Center Maintainer | Traffic Management Center | Maintains |
Traffic Management Center Manager | Traffic Management Center | Manages |
Traffic Management Center Manager | Traffic Operations Personnel | System Usage Agreement |
Traffic Management Center Owner | Connected Vehicle Roadside Equipment Maintainer | Maintenance Data Exchange Agreement |
Traffic Management Center Owner | Connected Vehicle Roadside Equipment Owner | Information Provision Agreement |
Traffic Management Center Owner | Connected Vehicle Roadside Equipment User | Service Usage Agreement |
Traffic Management Center Owner | Emergency Management Center Maintainer | Maintenance Data Exchange Agreement |
Traffic Management Center Owner | Emergency Management Center Owner | Information Exchange Agreement |
Traffic Management Center Owner | Emergency Management Center User | Service Usage Agreement |
Traffic Management Center Owner | Emergency Personnel | Application Usage Agreement |
Traffic Management Center Owner | Emergency System Operator | Application Usage Agreement |
Traffic Management Center Owner | ITS Roadway Equipment Maintainer | Maintenance Data Exchange Agreement |
Traffic Management Center Owner | ITS Roadway Equipment Owner | Information Provision Agreement |
Traffic Management Center Owner | ITS Roadway Equipment User | Service Usage Agreement |
Traffic Management Center Owner | Traffic Management Center Maintainer | System Maintenance Agreement |
Traffic Management Center Owner | Traffic Management Center Manager | Operations Agreement |
Traffic Management Center Supplier | Traffic Management Center Owner | Warranty |
Traffic Operations Personnel | Traffic Management Center | Operates |
Transit Management Center Maintainer | Transit Management Center | Maintains |
Transit Management Center Manager | Transit Management Center | Manages |
Transit Management Center Owner | Transit Management Center Maintainer | System Maintenance Agreement |
Transit Management Center Owner | Transit Management Center Manager | Operations Agreement |
Transit Management Center Supplier | Transit Management Center Owner | Warranty |
Vehicle Maintainer | Vehicle | Maintains |
Vehicle Manager | Driver | System Usage Agreement |
Vehicle Manager | Vehicle | Manages |
Vehicle Owner | Connected Vehicle Roadside Equipment Maintainer | Maintenance Data Exchange Agreement |
Vehicle Owner | Connected Vehicle Roadside Equipment Owner | Expectation of Data Provision |
Vehicle Owner | Connected Vehicle Roadside Equipment User | Service Usage Agreement |
Vehicle Owner | Vehicle Maintainer | System Maintenance Agreement |
Vehicle Owner | Vehicle Manager | Operations Agreement |
Vehicle Supplier | Vehicle Owner | Warranty |
Functional
This service package includes the following Functional View PSpecs:
Physical
The physical diagram can be viewed in SVG or PNG format and the current format is SVG.SVG Diagram
PNG Diagram
Includes Physical Objects:
Physical Object | Class | Description |
---|---|---|
Alerting and Advisory System | Center | 'Alerting and Advisory System' represents the federal, state, and local alerting and advisory systems that provide alerts, advisories, and other potential threat information that is relevant to surface transportation systems. This includes systems such as the Information Sharing and Analysis Centers (ISACS), the National Infrastructure Protection Center (NIPC), the Homeland Security Advisory System (HSAS), and other systems that provide intelligence about potential, imminent, or actual attacks on the transportation infrastructure or its supporting information systems. This system also represents the early warning and emergency alert systems operated by federal, state, county, and local agencies that provide advisories and alerts regarding all types of emergencies including natural hazards (floods, hurricanes, tornados, earthquakes), accidents (chemical spills, nuclear power plant emergencies) and other civil emergencies such as child abduction alerts that impact transportation system operation and/or require immediate public notification. Note that weather related watches and warnings, such as those issued by the National Hurricane Center, are provided by both this terminator and the Weather Service terminator since many alerting and advisory systems and the National Weather Service both provide severe weather and related hazards information. The alerts and advisories that are provided by the systems represented by this terminator are based on analysis of potential threat information that is collected from a variety of sources, including information collected by ITS systems. The bidirectional interface with this terminator allows potential threat information that is collected by ITS systems to be provided to the alerting and advisory systems to improve their ability to identify threats and provide useful and timely information. The types of information provided by this terminator include general assessments and incident awareness information, advisories that identify potential threats or recommendations to increase preparedness levels, alerts regarding imminent or in-progress emergencies, and specific threat information such as visual imagery used for biometric image processing. |
Connected Vehicle Roadside Equipment | Field | 'Connected Vehicle Roadside Equipment' (CV RSE) represents the Connected Vehicle roadside devices (i.e., Roadside Units (RSUs)) equipped with short range wireless (SRW) communications technology, as well as any other supporting equipment that leverage the RSU and are not described by other objects (e.g., a local roadside processor). CVRSE are used to send messages to, and receive messages from, nearby vehicles and personal devices equipped with compatible communications technology. Communications with adjacent field equipment and back office centers that monitor and control the RSE are also supported. This device operates from a fixed position and may be permanently deployed or a portable device that is located temporarily in the vicinity of a traffic incident, road construction, or a special event. It includes a processor, data storage, and communications capabilities that support secure communications with passing vehicles, other field equipment, and centers. |
Driver | Vehicle | The 'Driver' represents the person that operates a vehicle on the roadway. Included are operators of private, transit, commercial, and emergency vehicles where the interactions are not particular to the type of vehicle (e.g., interactions supporting vehicle safety applications). The Driver originates driver requests and receives driver information that reflects the interactions which might be useful to all drivers, regardless of vehicle classification. Information and interactions which are unique to drivers of a specific vehicle type (e.g., fleet interactions with transit, commercial, or emergency vehicle drivers) are covered by separate objects. |
Emergency Management Center | Center | The 'Emergency Management Center' represents systems that support incident management, disaster response and evacuation, security monitoring, and other security and public safety-oriented ITS applications. It includes the functions associated with fixed and mobile public safety communications centers including public safety call taker and dispatch centers operated by police (including transit police), fire, and emergency medical services. It includes the functions associated with Emergency Operations Centers that are activated at local, regional, state, and federal levels for emergencies and the portable and transportable systems that support Incident Command System operations at an incident. This Center also represents systems associated with towing and recovery, freeway service patrols, HAZMAT response teams, and mayday service providers. It manages sensor and surveillance equipment used to enhance transportation security of the roadway infrastructure (including bridges, tunnels, interchanges, and other key roadway segments) and the public transportation system (including transit vehicles, public areas such as transit stops and stations, facilities such as transit yards, and transit infrastructure such as rail, bridges, tunnels, or bus guideways). It provides security/surveillance services to improve traveler security in public areas not a part of the public transportation system. It monitors alerts, advisories, and other threat information and prepares for and responds to identified emergencies. It coordinates emergency response involving multiple agencies with peer centers. It stores, coordinates, and utilizes emergency response and evacuation plans to facilitate this coordinated response. Emergency situation information including damage assessments, response status, evacuation information, and resource information are shared The Emergency Management Center also provides a focal point for coordination of the emergency and evacuation information that is provided to the traveling public, including wide-area alerts when immediate public notification is warranted. It tracks and manages emergency vehicle fleets using real-time road network status and routing information from the other centers to aid in selecting the emergency vehicle(s) and routes, and works with other relevant centers to tailor traffic control to support emergency vehicle ingress and egress, implementation of special traffic restrictions and closures, evacuation traffic control plans, and other special strategies that adapt the transportation system to better meet the unique demands of an emergency. |
Emergency Personnel | Vehicle | 'Emergency Personnel' represents personnel that are responsible for police, fire, emergency medical services, towing, service patrols, and other special response team (e.g., hazardous material clean-up) activities at an incident site. These personnel are associated with the Emergency Vehicle during dispatch to the incident site, but often work independently of the Emergency Vehicle while providing their incident response services. |
Emergency System Operator | Center | 'Emergency System Operator' represents the public safety personnel that monitor emergency requests, (including those from the E911 Operator) and set up pre-defined responses to be executed by an emergency management system. The operator may also override predefined responses where it is observed that they are not achieving the desired result. This also includes dispatchers who manage an emergency fleet (police, fire, ambulance, HAZMAT, etc.) or higher order emergency managers who provide response coordination during emergencies. |
Emergency Vehicle OBE | Vehicle | The 'Emergency Vehicle On-Board Equipment' (OBE) resides in an emergency vehicle and provides the processing, storage, and communications functions that support public safety-related connected vehicle applications. It represents a range of vehicles including those operated by police, fire, and emergency medical services. In addition, it represents other incident response vehicles including towing and recovery vehicles and freeway service patrols. It includes two-way communications to support coordinated response to emergencies. A separate 'Vehicle OBE' physical object supports the general vehicle safety and driver information capabilities that apply to all vehicles, including emergency vehicles. The Emergency Vehicle OBE supplements these general capabilities with capabilities that are specific to emergency vehicles. |
ITS Roadway Equipment | Field | 'ITS Roadway Equipment' represents the ITS equipment that is distributed on and along the roadway that monitors and controls traffic and monitors and manages the roadway. This physical object includes traffic detectors, environmental sensors, traffic signals, highway advisory radios, dynamic message signs, CCTV cameras and video image processing systems, grade crossing warning systems, and ramp metering systems. Lane management systems and barrier systems that control access to transportation infrastructure such as roadways, bridges and tunnels are also included. This object also provides environmental monitoring including sensors that measure road conditions, surface weather, and vehicle emissions. Work zone systems including work zone surveillance, traffic control, driver warning, and work crew safety systems are also included. |
Maint and Constr Management Center | Center | The 'Maint and Constr Management Center' monitors and manages roadway infrastructure construction and maintenance activities. Representing both public agencies and private contractors that provide these functions, this physical object manages fleets of maintenance, construction, or special service vehicles (e.g., snow and ice control equipment). The physical object receives a wide range of status information from these vehicles and performs vehicle dispatch, routing, and resource management for the vehicle fleets and associated equipment. The physical object participates in incident response by deploying maintenance and construction resources to an incident scene, in coordination with other center physical objects. The physical object manages equipment at the roadside, including environmental sensors and automated systems that monitor and mitigate adverse road and surface weather conditions. It manages the repair and maintenance of both non-ITS and ITS equipment including the traffic controllers, detectors, dynamic message signs, signals, and other equipment associated with the roadway infrastructure. Weather information is collected and fused with other data sources and used to support advanced decision support systems. The physical object remotely monitors and manages ITS capabilities in work zones, gathering, storing, and disseminating work zone information to other systems. It manages traffic in the vicinity of the work zone and advises drivers of work zone status (either directly at the roadside or through an interface with the Transportation Information Center or Traffic Management Center physical objects.) Construction and maintenance activities are tracked and coordinated with other systems, improving the quality and accuracy of information available regarding closures and other roadway construction and maintenance activities. |
Other Emergency Management Centers | Center | 'Other Emergency Management Centers' provides a source and destination for information flows between various communications centers operated by public safety agencies, emergency management agencies, other allied agencies, and private companies that participate in coordinated management of transportation-related incidents, including disasters. The interface represented by this object enables emergency management activities to be coordinated across jurisdictional boundaries and between functional areas, supporting requirements for general networks connecting many allied agencies. It also supports interface to other allied agencies like utility companies that also participate in the coordinated response to selected highway-related incidents. |
Rail Operations Center | Center | 'Rail Operations Center' represents the (usually) centralized control point for a substantial segment of a freight railroad's operations and maintenance activities. It is roughly the railroad equivalent to a highway Traffic Management Center. It is the source and destination of information that can be used to coordinate rail and highway traffic management and maintenance operations. It is also the source and destination for incident, incident response, disaster, or evacuation information that is exchanged with an Emergency Management Center. The use of a single object for multiple sources and destination for information exchange with railroads implies the need for a single, consistent interface between a given railroad's operations and maintenance activities and ITS. |
Security Monitoring Equipment | Field | 'Security Monitoring Equipment' includes surveillance and sensor equipment used to provide enhanced security and safety for transportation facilities or infrastructure. The equipment is located in non-public areas of transportation facilities (e.g. maintenance and transit yards), on or near non-roadway parts of the transportation infrastructure (e.g. transit railway and guideways), and in public areas (e.g., transit stops, transit stations, intermodal terminals). This equipment also includes surveillance and sensor equipment located on or near major roadway features such as bridges, tunnels, and interchanges, when the equipment's primary function is one of security and safety. If the primary function of the equipment is traffic surveillance or incident detection, then the surveillance or sensors would be covered as part of the 'ITS Roadway Equipment'. The surveillance equipment includes video (e.g. CCTV cameras) and/or audio systems. The sensor equipment includes threat sensors (e.g. chemical agent, toxic industrial chemical, biological, explosives, and radiological sensors), object detection (e.g. metal detectors), intrusion or motion detection, and infrastructure integrity monitoring (e.g. rail track continuity checking or bridge structural integrity monitoring). Limited processing of collected sensor and surveillance data is also included in this subsystem to support threat detection and classification. |
Traffic Management Center | Center | The 'Traffic Management Center' monitors and controls traffic and the road network. It represents centers that manage a broad range of transportation facilities including freeway systems, rural and suburban highway systems, and urban and suburban traffic control systems. It communicates with ITS Roadway Equipment and Connected Vehicle Roadside Equipment (RSE) to monitor and manage traffic flow and monitor the condition of the roadway, surrounding environmental conditions, and field equipment status. It manages traffic and transportation resources to support allied agencies in responding to, and recovering from, incidents ranging from minor traffic incidents through major disasters. |
Traffic Operations Personnel | Center | 'Traffic Operations Personnel' represents the people that operate a traffic management center. These personnel interact with traffic control systems, traffic surveillance systems, incident management systems, work zone management systems, and travel demand management systems. They provide operator data and command inputs to direct system operations to varying degrees depending on the type of system and the deployment scenario. |
Transit Management Center | Center | The 'Transit Management Center' manages transit vehicle fleets and coordinates with other modes and transportation services. It provides operations, maintenance, customer information, planning and management functions for the transit property. It spans distinct central dispatch and garage management systems and supports the spectrum of fixed route, flexible route, paratransit services, transit rail, and bus rapid transit (BRT) service. The physical object's interfaces support communication between transit departments and with other operating entities such as emergency response services and traffic management systems. |
Vehicle | Vehicle | This 'Vehicle' physical object is used to model core capabilities that are common to more than one type of Vehicle. It provides the vehicle-based general sensory, processing, storage, and communications functions that support efficient, safe, and convenient travel. Many of these capabilities (e.g., see the Vehicle Safety service packages) apply to all vehicle types including personal vehicles, commercial vehicles, emergency vehicles, transit vehicles, and maintenance vehicles. From this perspective, the Vehicle includes the common interfaces and functions that apply to all motorized vehicles. The radio(s) supporting V2V and V2I communications are a key component of the Vehicle. Both one-way and two-way communications options support a spectrum of information services from basic broadcast to advanced personalized information services. Advanced sensors, processors, enhanced driver interfaces, and actuators complement the driver information services so that, in addition to making informed mode and route selections, the driver travels these routes in a safer and more consistent manner. This physical object supports all six levels of driving automation as defined in SAE J3016. Initial collision avoidance functions provide 'vigilant co-pilot' driver warning capabilities. More advanced functions assume limited control of the vehicle to maintain lane position and safe headways. In the most advanced implementations, this Physical Object supports full automation of all aspects of the driving task, aided by communications with other vehicles in the vicinity and in coordination with supporting infrastructure subsystems. |
Includes Functional Objects:
Functional Object | Description | Physical Object |
---|---|---|
Emergency Response Management | 'Emergency Response Management' provides the strategic emergency response capabilities and broad inter-agency interfaces that are implemented for extraordinary incidents and disasters that require response from outside the local community. It provides the functional capabilities and interfaces commonly associated with Emergency Operations Centers. It develops and stores emergency response plans and manages overall coordinated response to emergencies. It monitors real-time information on the state of the regional transportation system including current traffic and road conditions, weather conditions, special event and incident information. It tracks the availability of resources and assists in the appropriate allocation of these resources for a particular emergency response. It also provides coordination between multiple allied agencies before and during emergencies to implement emergency response plans and track progress through the incident. It also coordinates with the public through the Emergency Telecommunication Systems (e.g., Reverse 911). It coordinates with public health systems to provide the most appropriate response for emergencies involving biological or other medical hazards. | Emergency Management Center |
Emergency Secure Area Sensor Management | 'Emergency Secure Area Sensor Management' manages sensors that monitor secure areas in the transportation system, processes the collected data, performs threat analysis in which data is correlated with other sensor, surveillance, and advisory inputs, and then disseminates resultant threat information to emergency personnel and other agencies. In response to identified threats, the operator may request activation of barrier and safeguard systems to preclude an incident, control access during and after an incident or mitigate impact of an incident. The sensors may be in secure areas frequented by travelers (i.e., transit stops, transit stations, rest areas, park and ride lots, modal interchange facilities, on-board a transit vehicle, etc.) or around transportation infrastructure such as bridges, tunnels and transit railways or guideways. The types of sensors include acoustic, threat (e.g. chemical agent, toxic industrial chemical, biological, explosives, and radiological sensors), infrastructure condition and integrity, motion and object sensors. | Emergency Management Center |
Emergency Secure Area Surveillance | 'Emergency Secure Area Surveillance' monitors surveillance inputs from secure areas in the transportation system. The surveillance may be of secure areas frequented by travelers (i.e., transit stops, transit stations, rest areas, park and ride lots, modal interchange facilities, on-board a transit vehicle, etc.) or around transportation infrastructure such as bridges, tunnels and transit railways or guideways. It provides both video and audio surveillance information to emergency personnel and automatically alerts emergency personnel of potential incidents. | Emergency Management Center |
EV Barrier System Control | 'EV Barrier System Control' provides local control of automatic or remotely controlled gates and other barrier systems from an emergency vehicle. Using this capability, emergency personnel can open and close barriers without leaving the vehicle, using V2I Communications to control the barriers. | Emergency Vehicle OBE |
Field Secure Area Sensor Monitoring | 'Field Secure Area Sensor Monitoring' includes sensors that monitor conditions of secure areas including facilities (e.g. transit yards), transportation infrastructure (e.g. Bridges, tunnels, interchanges, and transit railways or guideways), and public areas (e.g., transit stops, transit stations, rest areas, park and ride lots, modal interchange facilities). A range of acoustic, environmental threat (e.g. Chemical agent, toxic industrial chemical, biological, explosives, and radiological sensors), infrastructure condition and integrity and motion and object sensors are included. | Security Monitoring Equipment |
Field Secure Area Surveillance | 'Field Secure Area Surveillance' includes video and audio surveillance equipment that monitors conditions of secure areas including facilities (e.g. transit yards), transportation infrastructure (e.g. as bridges, tunnels, interchanges, and transit railways or guideways), and public areas (e.g., transit stops, transit stations, rest areas, park and ride lots, modal interchange facilities). It provides the surveillance information to the Emergency Management Center for possible threat detection. It also provides local processing of the video or audio information, providing processed or analyzed results to the Emergency Management Center. | Security Monitoring Equipment |
Roadway Barrier System Control | 'Roadway Barrier System Control' includes the field equipment that controls barrier systems used to control access to transportation facilities and infrastructure. Barrier systems include automatic or remotely controlled gates, barriers and other access control systems. | ITS Roadway Equipment |
Roadway Safeguard System Control | 'Roadway Safeguard System Control' includes field equipment that controls safeguard systems for transportation facilities and infrastructure. Safeguard systems include blast shields, exhaust systems and other automatic or remotely controlled systems intended to mitigate the impact of an incident. | ITS Roadway Equipment |
RSE Road Closure Management | 'RSE Road Closure Management' communicates with qualified Connected Vehicles and barrier control systems to support local road closure management. It validates and requests implementation of road closure requests. During a closure, it can also support selective access to the closed area, only granting entry permission to allowed vehicles. | Connected Vehicle Roadside Equipment |
TMC Barrier System Management | 'TMC Barrier System Management' remotely monitors and controls barrier systems for transportation facilities and infrastructure under control of center personnel. Barrier systems include automatic or remotely controlled gates, barriers and other access control systems. It also provides an interface to other centers to allow monitoring and control of the barriers from other centers (e.g., public safety or emergency operations centers). | Traffic Management Center |
TMC Incident Dispatch Coordination | 'TMC Incident Dispatch Coordination' formulates and manages an incident response that takes into account the incident potential, incident impacts, and resources required for incident management. It provides information to support dispatch and routing of emergency response and service vehicles as well as coordination with other cooperating agencies. It provides access to traffic management resources that provide surveillance of the incident, traffic control in the surrounding area, and support for the incident response. It monitors the incident response and collects performance measures such as incident response and clearance times. | Traffic Management Center |
TMC Safeguard System Management | 'TMC Safeguard System Management' remotely monitors and controls safeguard systems for transportation facilities and infrastructure. Safeguard systems include blast shielding, exhaust systems and other automatic or remotely controlled systems intended to mitigate the impact of an incident. When access to a transportation facility is impacted by the activation of a safeguard system, impacted systems and travelers are notified. | Traffic Management Center |
Vehicle Secure Area Access System | 'Vehicle Secure Area Access System' provides access to secure areas such as shipping yards, warehouses, airports, transit-only ramps, parking gates and other areas. It accepts inputs from the vehicle driver that include the necessary identity information and uses this information to generate the request to activate a barrier to gain access to the area. | Vehicle |
Includes Information Flows:
Information Flow | Description |
---|---|
access permission | Information returned indicating whether permission for access is granted and instructions for proceeding. |
access request | Request for access to an access-controlled transportation facility. |
alerts and advisories | Assessments (general incident and vulnerability awareness information), advisories (identification of threats or recommendations to increase preparedness levels), and alerts (information on imminent or in-progress emergencies). This flow also provides supporting descriptive detail on incidents, threats, and vulnerabilities to increase preparedness and support effective response to threats against the surface transportation system. |
barrier system control | Information used to configure and control barrier systems that are represented by gates, barriers and other automated or remotely controlled systems used to manage entry to roadways. |
barrier system status | Current operating status of barrier systems. Barrier systems represent gates, barriers and other automated or remotely controlled systems used to manage entry to roadways. Status of the systems includes operating condition and current operational state. |
decision support information | Information provided to support effective and safe incident response, including local traffic, road, and weather conditions, hazardous material information, and the current status of resources (including vehicles, other equipment, supplies) that have been allocated to an incident. |
driver information | Regulatory, warning, guidance, and other information provided to the driver to support safe and efficient vehicle operation. |
driver input | Driver input to the vehicle on-board equipment including configuration data, settings and preferences, interactive requests, and control commands. |
driver updates | Information provided to the driver including visual displays, audible information and warnings, and haptic feedback. The updates inform the driver about current conditions, potential hazards, and the current status of vehicle on-board equipment. |
emergency operations input | Emergency operator input supporting call taking, dispatch, emergency operations, security monitoring, and other operations and communications center operator functions. |
emergency operations status | Presentation of information to the operator including emergency operations data, supporting a range of emergency operating positions including call taker, dispatch, emergency operations, security monitoring, and various other operations and communications center operator positions. |
emergency personnel information presentation | Presentation of information to emergency personnel in the field including dispatch information, incident information, current road network conditions, device status, and other supporting information. |
emergency personnel input | User input from emergency personnel in the field including dispatch coordination, incident status information, and remote device control requests. |
emergency traffic control information | Status of a special traffic control strategy or system activation implemented in response to an emergency traffic control request, a request for emergency access routes, a request for evacuation, a request to activate closure systems, a request to employ driver information systems to support public safety objectives, or other special requests. Identifies the selected traffic control strategy and system control status. |
emergency traffic control request | Special request to preempt the current traffic control strategy in effect at one or more signalized intersections or highway segments, activate traffic control and closure systems such as gates and barriers, activate safeguard systems, or use driver information systems. For example, this flow can request all signals to red-flash, request a progression of traffic control preemptions along an emergency vehicle route, request a specific evacuation traffic control plan, request activation of a road closure barrier system, or place a public safety or emergency-related message on a dynamic message sign. |
incident report | Report of an identified incident including incident location, type, severity and other information necessary to initiate an appropriate incident response. |
infrastructure monitoring sensor control | Data used to configure and control infrastructure monitoring sensors. |
infrastructure monitoring sensor data | Data read from infrastructure-based sensors that monitor the condition or integrity of transportation infrastructure including bridges, tunnels, interchanges, pavement, culverts, signs, transit rail or guideway, and other roadway infrastructure. Includes sensor data and the operational status of the sensors. |
road closure application info | Road closure signing application configuration data and messaging parameters. This flow identifies the vehicles that may initiate the road closure. This flow also provides access lists, groups, or classifications where selected vehicles are to be allowed access to the closed area. |
road closure application status | Road closure application status reported by the RSE. This includes current operational state and status of the RSE, closure status, and a log of closure commands received and issued. For closures that allow entry by selected vehicles, this flow provides an access log identifying vehicles that have requested access with access status. |
road closure information | Road closure information provided to passing vehicles. This flow provides information about the road closure with diversion information. |
road closure notification | Notification that agency personnel have closed a road due to adverse weather, major incident, or other reason. |
safeguard system control | Data that controls safeguard systems (remotely controlled equipment used to mitigate the impact of incidents on transportation infrastructure, such as blast shields, exhaust systems, etc.). |
safeguard system status | Current operating status of safeguard systems (remotely controlled equipment used to mitigate the impact of incidents on transportation infrastructure, such as blast shields, exhaust systems, etc.). Status of the systems includes operating condition and current operational state. |
secure area sensor control | Information used to configure and control threat sensors (e.g., thermal, acoustic, radiological, chemical), object, motion and intrusion detection sensors. The provided information controls sensor data collection, aggregation, filtering, and other local processing. |
secure area sensor data | Data provided by threat sensors (e.g., thermal, acoustic, radiological, chemical), and intrusion, motion, and object detection sensors in secure areas indicating the sensor's operational status, raw and processed sensor data, and alarm indicators when a threat has been detected. |
secure area surveillance control | Information used to configure and control audio and video surveillance systems used for transportation infrastructure security in secure areas. The provided information controls surveillance data collection, aggregation, filtering, and other local processing. |
secure area surveillance data | Data collected from surveillance systems used to monitor secure areas. Includes video, audio, processed surveillance data, equipment operational status, and alarm indicators when a threat has been detected. |
threat data for analysis | Data from surveillance or sensor equipment in secure areas provided for further analysis. |
threat information | Threats regarding transportation infrastructure, facilities, or systems detected by a variety of methods (sensors, surveillance, threat analysis of advisories from outside agencies, etc. |
threat information coordination | Sensor, surveillance, and threat data including raw and processed data that is collected by sensor and surveillance equipment located in secure areas. |
threat support data | Information provided to help receiving agency identify possible threats, including biometric image processing support data. |
traffic operator data | Presentation of traffic operations data to the operator including traffic conditions, current operating status of field equipment, maintenance activity status, incident status, video images, security alerts, emergency response plan updates and other information. This data keeps the operator appraised of current road network status, provides feedback to the operator as traffic control actions are implemented, provides transportation security inputs, and supports review of historical data and preparation for future traffic operations activities. |
traffic operator input | User input from traffic operations personnel including requests for information, configuration changes, commands to adjust current traffic control strategies (e.g., adjust signal timing plans, change DMS messages), and other traffic operations data entry. |
transportation system status | Current status and condition of transportation infrastructure (e.g., tunnels, bridges, interchanges, TMC offices, maintenance facilities). In case of disaster or major incident, this flow provides an assessment of damage sustained by the surface transportation system including location and extent of the damage, estimate of remaining capacity and necessary restrictions, and time frame for repair and recovery. |
Goals and Objectives
Associated Planning Factors and Goals
Planning Factor | Goal |
---|---|
C. Increase the security of the transportation system for motorized and nonmotorized users; | Improve security |
Associated Objective Categories
Objective Category |
---|
Security: Crime |
Security: Terrorism, Natural Disasters, and Hazardous Material Incidents |
Associated Objectives and Performance Measures
Needs and Requirements
Need | Functional Object | Requirement | ||
---|---|---|---|---|
01 | Traffic Operations and Emergency Management need to be able to monitor transportation infrastructure (e.g., bridges, tunnels and management centers) for potential threats in order to control access, preclude an incident, and mitigate the impact of an incident if it occurs. | Emergency Secure Area Sensor Management | 01 | The center shall remotely monitor and control security sensor data collected in secure areas including facilities (e.g. transit yards) and transportation infrastructure (e.g. bridges, tunnels, interchanges, roadway infrastructure, and transit railways or guideways). The types of security sensor data include environmental threat (e.g. chemical agent, toxic industrial chemical, biological, explosives, and radiological sensors), infrastructure condition and integrity, intrusion and motion, and object detection sensors. The data may be raw or pre-processed in the field. |
10 | The center shall respond to control data from center personnel regarding security sensor data collection, processing, threat detection, and threat analysis. | |||
Emergency Secure Area Surveillance | 01 | The center shall remotely monitor video images and audio surveillance data collected in secure areas including facilities (e.g. transit yards) and transportation infrastructure (e.g. bridges, tunnels, interchanges, roadway infrastructure, and transit railways or guideways). The data may be raw or pre-processed in the field. | ||
02 | The center shall remotely monitor video images and audio surveillance data collected in traveler secure areas, which include transit stations, transit stops, rest areas, park and ride lots, and other fixed sites along travel routes (e.g., emergency pull-off areas and travel information centers). The data may be raw or pre-processed in the field. | |||
05 | The center shall identify potential security threats based on collected security surveillance data. | |||
10 | The center shall match traveler video images against a database from the Alerting and Advisory Systems of known images that may represent criminals and terrorists. | |||
12 | The center shall respond to control data from center personnel regarding security surveillance data collection, processing, threat detection, and image matching. | |||
13 | The center shall monitor maintenance status of the security sensor field equipment. | |||
Field Secure Area Sensor Monitoring | 01 | The field element shall include security sensors that monitor conditions of secure areas including facilities (e.g. transit yards) and transportation infrastructure (e.g. bridges, tunnels, interchanges, roadway infrastructure, and transit railways or guideways). | ||
02 | The field element sensor monitoring shall be remotely controlled by a center. | |||
03 | The field element shall provide equipment status and fault indication of security sensor equipment to a center. | |||
04 | The field element shall include environmental threat sensors (e.g. chemical agent, toxic industrial chemical, biological, explosives, and radiological). | |||
05 | The field element shall include infrastructure condition and integrity monitoring sensors. | |||
07 | The field element shall include object detection sensors (such as metal detectors). | |||
08 | The field element shall provide raw security sensor data. | |||
Field Secure Area Surveillance | 01 | The field element shall include video and/or audio surveillance of secure areas including facilities (e.g. transit yards) and transportation infrastructure (e.g. bridges, tunnels, interchanges, roadway infrastructure, and transit railways or guideways). | ||
02 | The field element shall be remotely controlled by a center. | |||
03 | The field element shall provide equipment status and fault indication of surveillance equipment to a center. | |||
04 | The field element shall provide raw video or audio data. | |||
05 | The field element shall remotely process video and audio data and provide an indication of potential incidents or threats to a center. | |||
Roadway Barrier System Control | 02 | The field element shall return barrier system operational status to the controlling center. | ||
Roadway Safeguard System Control | 02 | The field element shall return safeguard system operational status to the controlling center. | ||
TMC Barrier System Management | 03 | The center shall collect barrier system operational status. | ||
04 | The center shall collect barrier system fault data and send to the maintenance center for repair. | |||
TMC Safeguard System Management | 01 | The center shall remotely control safeguard systems, equipment used to mitigate the impact of incidents on transportation infrastructure (e.g., blast shields, tunnel exhaust systems, etc.) | ||
03 | The center shall collect safeguard system operational status. | |||
04 | The center shall collect safeguard system fault data and send to the maintenance center for repair. | |||
02 | Traffic Operations and Emergency Management need to be able to notify agencies if a threat is detected. | Emergency Response Management | 01 | The center shall provide strategic emergency response capabilities provided by an Emergency Operations Center for large-scale incidents and disasters. |
02 | The center shall manage coordinated inter-agency responses to and recovery from large-scale emergencies. Such agencies include traffic management, transit, maintenance and construction management, rail operations, and other emergency management agencies. | |||
03 | The center shall provide the capability to implement response plans and track progress through the incident by exchanging incident information and response status with allied agencies. | |||
04 | The center shall develop, coordinate with other agencies, and store emergency response plans. | |||
Emergency Secure Area Sensor Management | 08 | The center shall exchange threat analysis data with Alerting and Advisory Systems and use that data in local threat analysis processing. | ||
09 | The center shall disseminate threat information to other agencies, including traffic, transit, maintenance, rail operations, and other emergency management centers. | |||
Emergency Secure Area Surveillance | 11 | The center shall exchange traveler images with other emergency management centers to support traveler image matching. | ||
TMC Incident Dispatch Coordination | 01 | The center shall exchange alert information and status with emergency management centers. The information includes notification of a major emergency such as a natural or man-made disaster, civil emergency, or child abduction for distribution to the public. The information may include the alert originator, the nature of the emergency, the geographic area affected by the emergency, the effective time period, and information and instructions necessary for the public to respond to the alert. This may also identify specific information that should not be released to the public. | ||
03 | Traffic Operations and Emergency Management need to be able to collect advisories from other agencies related to detected threats. | Emergency Response Management | 02 | The center shall manage coordinated inter-agency responses to and recovery from large-scale emergencies. Such agencies include traffic management, transit, maintenance and construction management, rail operations, and other emergency management agencies. |
03 | The center shall provide the capability to implement response plans and track progress through the incident by exchanging incident information and response status with allied agencies. | |||
04 | The center shall develop, coordinate with other agencies, and store emergency response plans. | |||
Emergency Secure Area Surveillance | 04 | The center shall exchange surveillance data with other emergency centers. | ||
TMC Barrier System Management | 02 | The center shall accept requests for barrier system activation from other centers and from center personnel to support emergency response and detours. | ||
TMC Incident Dispatch Coordination | 09 | The center shall exchange road network status assessment information with emergency management and maintenance centers including an assessment of damage sustained by the road network including location and extent of the damage, estimate of remaining capacity, required closures, alternate routes, necessary restrictions, and time frame for repair and recovery. | ||
11 | The center shall receive inputs from emergency management and transit management centers to develop an overall status of the transportation system including emergency transit schedules in effect and current status and condition of the transportation infrastructure. | |||
TMC Safeguard System Management | 02 | The center shall accept requests for safeguard system activation from other centers and from center personnel to support emergency response. | ||
04 | Traffic Operations in response to threats needs to be able to activate the barrier and/or safeguard systems in order to deter an incident, control access to an area or mitigate the impact of an incident. | Emergency Response Management | 01 | The center shall provide strategic emergency response capabilities provided by an Emergency Operations Center for large-scale incidents and disasters. |
03 | The center shall provide the capability to implement response plans and track progress through the incident by exchanging incident information and response status with allied agencies. | |||
16 | The center shall provide the capability to communicate information about emergency situations to local population through the Emergency Telecommunications System. | |||
17 | The center shall provide the capability to identify neighborhoods and businesses that should be informed of an emergency situation based on information collected about incidents including their severity, impacted locations, and recovery schedule. | |||
Emergency Secure Area Sensor Management | 11 | The center shall request activation of barriers and safeguards on request from center personnel. | ||
EV Barrier System Control | 01 | The emergency vehicle shall remotely control barrier systems. Barrier systems include automated or remotely controlled gates, barriers and other systems that manage entry to roadways. | ||
02 | The emergency vehicle shall collect barrier system operational status. | |||
03 | The emergency vehicle shall collect barrier system fault data. | |||
Field Secure Area Sensor Monitoring | 02 | The field element sensor monitoring shall be remotely controlled by a center. | ||
09 | The field element shall remotely process security sensor data and provide an indication of potential incidents or threats to a center. | |||
Roadway Barrier System Control | 01 | The field element shall activate barrier systems for transportation facilities and infrastructure under center control. Barrier systems include automated or remotely controlled gates, barriers and other systems that manage entry to roadways. | ||
03 | The field element shall return barrier system fault data to the maintenance center for repair. | |||
04 | The field element shall receive requests for access from approaching vehicles using field-vehicle communications and validate and authenticate the requests. | |||
05 | The field element shall grant access only to qualified vehicles. | |||
06 | The field element shall communicate access permission status and access instructions to approaching vehicles using field-vehicle communications. | |||
Roadway Safeguard System Control | 01 | The field element shall activate safeguard systems, equipment used to mitigate the impact of incidents on transportation infrastructure (e.g., blast shields, tunnel exhaust systems, etc.) under center control. | ||
03 | The field element shall return safeguard system fault data to the maintenance center for repair. | |||
RSE Road Closure Management | 01 | The field element shall communicate with qualified connected vehicles and barrier control systems to support local road closure management. | ||
02 | The field element shall validate road closure requests to ensure the requesting vehicle is permitted to control gates and barriers. | |||
03 | The field element shall communicate with barrier control systems to support local road closure management. | |||
04 | The field element shall receive information used to configure and control barrier systems that are represented by gates, barriers and other automated or remotely controlled systems used to manage entry to roadways. | |||
05 | During a closure, the field element shall support selective access to the closed area by granting entry permission to allowed vehicles. | |||
06 | The field element shall collect barrier system operational status. | |||
07 | The field element shall collect barrier system fault data and send to the maintenance center for repair. | |||
08 | The field element shall collect barrier system fault data and send to the emergency vehicles. | |||
TMC Barrier System Management | 01 | The center shall remotely control barrier systems for transportation facilities and infrastructure. Barrier systems include automated or remotely controlled gates, barriers and other systems that manage entry to roadways. | ||
Vehicle Secure Area Access System | 01 | This vehicle shall accept inputs from the vehicle driver that include the necessary identity and access information. | ||
02 | The vehicle shall generate the request to activate the access control system to gain access to the secure area. | |||
03 | The vehicle shall receive status from access control system and provide status to the driver. |
Security
In order to participate in this service package, each physical object should meet or exceed the following security levels.
Physical Object Security | ||||
---|---|---|---|---|
Physical Object | Confidentiality | Integrity | Availability | Security Class |
Alerting and Advisory System | Moderate | High | High | Class 5 |
Connected Vehicle Roadside Equipment | Moderate | High | Moderate | Class 3 |
Emergency Management Center | High | High | High | Class 5 |
Emergency Vehicle OBE | Moderate | High | Moderate | Class 3 |
ITS Roadway Equipment | High | High | High | Class 5 |
Maint and Constr Management Center | Moderate | Moderate | High | Class 5 |
Other Emergency Management Centers | High | High | High | Class 5 |
Rail Operations Center | Moderate | Moderate | High | Class 5 |
Security Monitoring Equipment | High | Moderate | Moderate | Class 4 |
Traffic Management Center | High | High | High | Class 5 |
Transit Management Center | Moderate | Moderate | High | Class 5 |
Vehicle | Moderate | Moderate | Moderate | Class 2 |
In order to participate in this service package, each information flow triple should meet or exceed the following security levels.
Information Flow Security | |||||
---|---|---|---|---|---|
Source | Destination | Information Flow | Confidentiality | Integrity | Availability |
Basis | Basis | Basis | |||
Alerting and Advisory System | Emergency Management Center | alerts and advisories | Moderate | High | Moderate |
Large numbers of alerts and advisories may be supported by this flow, and while much of this information is eventually intended for public release, it could be misinterpreted. Better to keep confidential to the point where it is reformatted and presented in a fashion suitable to widespread distribution. It could include limited PII in incident descriptions, which also justifies obfuscation. | Large numbers of alerts and advisories, if incorrectly reported, could have widespread effects on the management of the surface transportation system. If the scale is small this might be reduced to MODERATE. | Should be reported in timely and consistent fashion to enable proper system management. Failure to receive this flow could lead to significant mobility degradation. | |||
Alerting and Advisory System | Emergency Management Center | threat support data | Moderate | High | High |
This data is used to determine if there may be a threat to the transportation infrastructure. As this may provoke a response against that threat, this information should be protected from viewing by parties that may be related to the threat. | If this data is corrupted, potential security threats will not be detected. If this data is modified in transit, it could be used to suggest the presence or non-presence of specific individuals, which is a grave threat to the response to an incident and significant also for the cover up of illicit activity in the post-operational phase. | Since this information may indicate a threat against the transportation system, including personal safety, we can justify a HIGH rating. Lack of information could lead to extreme consequences if no response is taken. In areas where responses are already part of daily activity, this may be reduced to MODERATE. | |||
Connected Vehicle Roadside Equipment | Emergency Vehicle OBE | barrier system status | Moderate | High | Moderate |
Related to the control flow, however the data is directly observable and generally widely known. Difficult to justify obfuscation. | Status of barrier systems has direct human-safety related impact, that if performed incorrectly could lead to catastrophic incidents. | These systems need to operated when demanded or mobility will be restricted. However, manual processes should always be in place to compensate for a loss in connectivity, and to provide a secondary check for safety purposes anyway. If no manual system exists, then some instances will be HIGH. | |||
Connected Vehicle Roadside Equipment | ITS Roadway Equipment | barrier system control | Moderate | High | Moderate |
Control flows need to be obfuscated, lest a hostile individual learn how to control these systems. Barrier systems in particular present a safety risk if compromised, and could have a significant safety and mobility impact. | Control of barrier systems has direct human-safety related impact, that if performed incorrectly could lead to catastrophic incidents. | These systems need to operated when demanded or mobility will be restricted. However, manual processes should always be in place to compensate for a loss in connectivity, and to provide a secondary check for safety purposes anyway. | |||
Connected Vehicle Roadside Equipment | Traffic Management Center | road closure application status | Moderate | Moderate | Low |
This information could be of interest to a malicious individual who is attempting to determine the best way to accomplish a crime. As such it would be best to not make it easily accessible. | A delay in reporting this may cause a delay in necessary maintenance, but (a) this is not time-critical and (b) there are other channels for reporting malfunctioning. Additionally, there is a message received notification, which means that RSE can ensure that all intersection safety issues are delivered. | A delay in reporting this may cause a delay in necessary maintenance, but (a) this is not time-critical and (b) there are other channels for reporting malfunctioning. Additionally, there is a message received notification, which means that RSE can ensure that all intersection safety issues are delivered. | |||
Connected Vehicle Roadside Equipment | Vehicle | access permission | Moderate | Moderate | Moderate |
This indicates whether the OBE-equipped vehicle may proceed with a requested action. Such information is intended only for the OBE, and if observed by a third party may reveal the OBE operator's intent, so should be protected. | Incorrect permission may deny rightful access or appear to grant access when it should not. If rightful access is mission critical this should be HIGH. An incorrect granting of access will likely be subsequently denied by other means (guards, gates, etc.), which justifies leaving this at MODERATE. | Importance rationale tied to Integrity requirement. If critical, there should be other mechanisms. | |||
Connected Vehicle Roadside Equipment | Vehicle | road closure information | Low | Moderate | Moderate |
Lane closure information is intended for broadcast and public consumption. | Data should be consistent with observed reality, so it should be protected appropriately, otherwisee users may lose confidence in and ignore this flow in the future. | While useful, this information is available through a variety of means. | |||
Driver | Vehicle | driver input | Moderate | High | High |
Data included in this flow may include origin and destination information, which should be protected from other's viewing as it may compromise the driver's privacy. | Commands from from the driver to the vehicle must be correct or the vehicle may behave in an unpredictable and possibly unsafe manner | Commands must always be able to be given or the driver has no control. | |||
Emergency Management Center | Alerting and Advisory System | threat data for analysis | Moderate | High | High |
This data is used to determine if there may be a threat to the transportation infrastructure. As this may provoke a response against that threat, this information should be protected from viewing by parties that may be related to the threat. | All threat-related flows should have some measure of confidence assigned to them, as they will necessarily provoke responses from the receiving entities. Corrupted or forged data could inhibit that response or cause one when none is warranted. Both of these cases offer significant negative impacts. Given the scope of the transportation system, we set this HIGH. For small-scoped systems, this may be MODERATE if the response would never be significantly different than daily operations. | Since this information may indicate a threat against the transportation system, including personal safety, we can justify a HIGH rating. Lack of information could lead to extreme consequences if no response is taken. In areas where responses are already part of daily activity, this may be reduced to MODERATE. | |||
Emergency Management Center | Alerting and Advisory System | threat information | Moderate | High | High |
This data is used to determine if there may be a threat to the transportation infrastructure. As this may provoke a response against that threat, this information should be protected from viewing by parties that may be related to the threat. | All threat-related flows should have some measure of confidence assigned to them, as they will necessarily provoke responses from the receiving entities. Corrupted or forged data could inhibit that response or cause one when none is warranted. Both of these cases offer significant negative impacts. Given the scope of the transportation system, we set this HIGH. For small-scoped systems, this may be MODERATE if the response would never be significantly different than daily operations. | Since this information may indicate a threat against the transportation system, including personal safety, we can justify a HIGH rating. Lack of information could lead to extreme consequences if no response is taken. In areas where responses are already part of daily activity, this may be reduced to MODERATE. | |||
Emergency Management Center | Emergency System Operator | emergency operations status | Moderate | High | High |
Emergency system controls should not be casually viewable as they impact the availability of emergency services, which if known could be leveraged for illegal activity. | Backoffice operations flows should generally be correct and available as these are the primary interface between operators and system. | Backoffice operations flows should generally be correct and available as these are the primary interface between operators and system. | |||
Emergency Management Center | Emergency Vehicle OBE | decision support information | Moderate | Moderate | Moderate |
This information could be of interest to a malicious individual who is attempting to determine the best way to accomplish a crime. As such it would be best to not make it easily accessible. | If this is compromised, it could send inaccurate information to a vehicle which could lead to inappropriate actions in the incident area. | A delay in reporting this may cause a delay in response or inability for an Emergency Vehicle and its personnel to properly respond to the incident. | |||
Emergency Management Center | Maint and Constr Management Center | threat information | Moderate | High | High |
This data is used to determine if there may be a threat to the transportation infrastructure. As this may provoke a response against that threat, this information should be protected from viewing by parties that may be related to the threat. | All threat-related flows should have some measure of confidence assigned to them, as they will necessarily provoke responses from the receiving entities. Corrupted or forged data could inhibit that response or cause one when none is warranted. Both of these cases offer significant negative impacts. Given the scope of the transportation system, we set this HIGH. For small-scoped systems, this may be MODERATE if the response would never be significantly different than daily operations. | Since this information may indicate a threat against the transportation system, including personal safety, we can justify a HIGH rating. Lack of information could lead to extreme consequences if no response is taken. In areas where responses are already part of daily activity, this may be reduced to MODERATE. | |||
Emergency Management Center | Maint and Constr Management Center | transportation system status | Low | High | Moderate |
The data contained within this flow is also deliverd to a TIC, and center-originating flows destined for a TIC don't contain any personal or confidential information, and are eventually intended for some kind of public consumption. If this instance of the flow includes more information than went to the TIC, this could be MODERATE. | Emergency-related data needs to be correct or safety-affecting decisions may have severe negative consequences. | MODERATE only because alternative mechanisms for receiving this data should be available. Could be HIGH if this is the only mechanism. | |||
Emergency Management Center | Other Emergency Management Centers | incident report | High | Moderate | Moderate |
This data contains all information regarding the incident. This could include personal information regarding persons involved in the incident. It could also include sensitive information regarding special events or closures. DISC: WYO believes this to be MODERATE. | Minor discrepancies in this data should not have a catastrophic effect, but it should be reasonably controlled and accurate. | A few missed messages should not have a significant effect. However, most messages should make it through and the EMC should be able to know if the TMC has received a message. | |||
Emergency Management Center | Other Emergency Management Centers | threat information coordination | Moderate | High | High |
Coordination of threat response would be useful to the source of the threat, and allow them to respond to maximize intent. As such, this information must be kept from them if possible. Given that the EMC is the source of threat response, we justify HIGH. If threat responses in the area are typically similar to day-to-day opeations, can be MODERATE. | All threat-related flows should have some measure of confidence assigned to them, as they will necessarily provoke responses from the receiving entities. Corrupted or forged data could inhibit that response or cause one when none is warranted. Both of these cases offer significant negative impacts. Given the scope of the transportation system, we set this HIGH. For small-scoped systems, this may be MODERATE if the response would never be significantly different than daily operations. | Since this information may indicate a threat against the transportation system, including personal safety, we can justify a HIGH rating. Lack of information could lead to extreme consequences if no response is taken. In areas where responses are already part of daily activity, this may be reduced to MODERATE. | |||
Emergency Management Center | Rail Operations Center | threat information | Moderate | High | High |
This data is used to determine if there may be a threat to the transportation infrastructure. As this may provoke a response against that threat, this information should be protected from viewing by parties that may be related to the threat. | All threat-related flows should have some measure of confidence assigned to them, as they will necessarily provoke responses from the receiving entities. Corrupted or forged data could inhibit that response or cause one when none is warranted. Both of these cases offer significant negative impacts. Given the scope of the transportation system, we set this HIGH. For small-scoped systems, this may be MODERATE if the response would never be significantly different than daily operations. | Since this information may indicate a threat against the transportation system, including personal safety, we can justify a HIGH rating. Lack of information could lead to extreme consequences if no response is taken. In areas where responses are already part of daily activity, this may be reduced to MODERATE. | |||
Emergency Management Center | Security Monitoring Equipment | infrastructure monitoring sensor control | Moderate | High | Moderate |
Control flows, even for seemingly innocent devices, should be kept confidential to minimize attack vectors. While an individual installation may not be particularly impacted by a cyberattack of its sensor network, another installation might be severely impacted, and different installations are likely to use similar methods, so compromising one leads to compromising all. DISC: NYC believes this to be low: "This information is directly observable." | Control flows, even for seemingly innocent devices, should have MODERATE integrity at minimum, just to guarantee that intended control messages are received. Incorrect, corrupted, intercepted and modified control messages can or will result in target field devices not behaving according to operator intent. The severity of this depends on the type of device, which is why some devices are set MODERATE and some HIGH. From NYC: The information sent from TMC directly affect the ITS-RE speed "announcement". | Control flow availability is related to the criticality of being able to remotely control the device. For most devices, this is MODERATE. For purely passive devices with no incident relationship, this will be LOW. All devices should have default modes that enable them to operate without backhaul connectivity, so no device warrants a HIGH.. From NYC: The ITS-RE can work accordingly or in fail-safe if information is not available. | |||
Emergency Management Center | Security Monitoring Equipment | secure area sensor control | Moderate | High | Moderate |
Control flows, even for seemingly innocent devices, should be kept confidential to minimize attack vectors. While an individual installation may not be particularly impacted by a cyberattack of its sensor network, another installation might be severely impacted, and different installations are likely to use similar methods, so compromising one leads to compromising all. DISC: NYC believes this to be low: "This information is directly observable." | Control flows, even for seemingly innocent devices, should have MODERATE integrity at minimum, just to guarantee that intended control messages are received. Incorrect, corrupted, intercepted and modified control messages can or will result in target field devices not behaving according to operator intent. The severity of this depends on the type of device, which is why some devices are set MODERATE and some HIGH. From NYC: The information sent from TMC directly affect the ITS-RE speed "announcement". | Control flow availability is related to the criticality of being able to remotely control the device. For most devices, this is MODERATE. For purely passive devices with no incident relationship, this will be LOW. All devices should have default modes that enable them to operate without backhaul connectivity, so no device warrants a HIGH.. From NYC: The ITS-RE can work accordingly or in fail-safe if information is not available. | |||
Emergency Management Center | Security Monitoring Equipment | secure area surveillance control | Moderate | High | Moderate |
Control flows, even for seemingly innocent devices, should be kept confidential to minimize attack vectors. While an individual installation may not be particularly impacted by a cyberattack of its sensor network, another installation might be severely impacted, and different installations are likely to use similar methods, so compromising one leads to compromising all. DISC: NYC believes this to be low: "This information is directly observable." | Control flows, even for seemingly innocent devices, should have MODERATE integrity at minimum, just to guarantee that intended control messages are received. Incorrect, corrupted, intercepted and modified control messages can or will result in target field devices not behaving according to operator intent. The severity of this depends on the type of device, which is why some devices are set MODERATE and some HIGH. From NYC: The information sent from TMC directly affect the ITS-RE speed "announcement". | Control flow availability is related to the criticality of being able to remotely control the device. For most devices, this is MODERATE. For purely passive devices with no incident relationship, this will be LOW. All devices should have default modes that enable them to operate without backhaul connectivity, so no device warrants a HIGH.. From NYC: The ITS-RE can work accordingly or in fail-safe if information is not available. | |||
Emergency Management Center | Traffic Management Center | emergency traffic control request | Moderate | High | Moderate |
These requests could be used to track the specific route that an emergency vehicle is planning on taking. | False requests here could bring the traffic system to a standstill by making all of the lights red. Additionally, the system must be able to trust these requests, and know that they came from an authorized source. | These messages are important for the system to operate properly. Additionally, the system must know if messages are not received so that it can act accordingly. | |||
Emergency Management Center | Traffic Management Center | threat information | Moderate | High | High |
This data is used to determine if there may be a threat to the transportation infrastructure. As this may provoke a response against that threat, this information should be protected from viewing by parties that may be related to the threat. | All threat-related flows should have some measure of confidence assigned to them, as they will necessarily provoke responses from the receiving entities. Corrupted or forged data could inhibit that response or cause one when none is warranted. Both of these cases offer significant negative impacts. Given the scope of the transportation system, we set this HIGH. For small-scoped systems, this may be MODERATE if the response would never be significantly different than daily operations. | Since this information may indicate a threat against the transportation system, including personal safety, we can justify a HIGH rating. Lack of information could lead to extreme consequences if no response is taken. In areas where responses are already part of daily activity, this may be reduced to MODERATE. | |||
Emergency Management Center | Traffic Management Center | transportation system status | Low | High | Moderate |
The data contained within this flow is also deliverd to a TIC, and center-originating flows destined for a TIC don't contain any personal or confidential information, and are eventually intended for some kind of public consumption. If this instance of the flow includes more information than went to the TIC, this could be MODERATE. | Emergency-related data needs to be correct or safety-affecting decisions may have severe negative consequences. | MODERATE only because alternative mechanisms for receiving this data should be available. Could be HIGH if this is the only mechanism. | |||
Emergency Management Center | Transit Management Center | threat information | Moderate | High | High |
This data is used to determine if there may be a threat to the transportation infrastructure. As this may provoke a response against that threat, this information should be protected from viewing by parties that may be related to the threat. | All threat-related flows should have some measure of confidence assigned to them, as they will necessarily provoke responses from the receiving entities. Corrupted or forged data could inhibit that response or cause one when none is warranted. Both of these cases offer significant negative impacts. Given the scope of the transportation system, we set this HIGH. For small-scoped systems, this may be MODERATE if the response would never be significantly different than daily operations. | Since this information may indicate a threat against the transportation system, including personal safety, we can justify a HIGH rating. Lack of information could lead to extreme consequences if no response is taken. In areas where responses are already part of daily activity, this may be reduced to MODERATE. | |||
Emergency Management Center | Transit Management Center | transportation system status | Low | High | Moderate |
The data contained within this flow is also deliverd to a TIC, and center-originating flows destined for a TIC don't contain any personal or confidential information, and are eventually intended for some kind of public consumption. If this instance of the flow includes more information than went to the TIC, this could be MODERATE. | Emergency-related data needs to be correct or safety-affecting decisions may have severe negative consequences. | MODERATE only because alternative mechanisms for receiving this data should be available. Could be HIGH if this is the only mechanism. | |||
Emergency Personnel | Emergency Vehicle OBE | emergency personnel input | Moderate | Moderate | Moderate |
Some of the information, such as incident status information, is sensitive, and should be protected. | The system must know that these requests came from actual Emergency Personal. Additionally, incorrect information here may lead to the system responding incorrectly to the incident | These messages are important for the system to operate properly. Additionally, the system must know if messages are not received so that it can act accordingly. | |||
Emergency System Operator | Emergency Management Center | emergency operations input | Moderate | High | High |
Emergency system controls should not be casually viewable as they impact the availability of emergency services, which if known could be leveraged for illegal activity. | Backoffice operations flows should generally be correct and available as these are the primary interface between operators and system. | Backoffice operations flows should generally be correct and available as these are the primary interface between operators and system. | |||
Emergency Vehicle OBE | Connected Vehicle Roadside Equipment | barrier system control | Moderate | High | Moderate |
Control flows need to be obfuscated, lest a hostile individual learn how to control these systems. Barrier systems in particular present a safety risk if compromised, and could have a significant safety and mobility impact. | Control of barrier systems has direct human-safety related impact, that if performed incorrectly could lead to catastrophic incidents. | These systems need to operated when demanded or mobility will be restricted. However, manual processes should always be in place to compensate for a loss in connectivity, and to provide a secondary check for safety purposes anyway. | |||
Emergency Vehicle OBE | Emergency Management Center | road closure notification | Moderate | Moderate | Moderate |
While observable information, this flow may include details not appropriate for public dissemination, such as quantification or opinion. | This information will eventually be used to re-reoute traffic and will be disseminated through a variety of channels; travelers will use this information to help make travel decisions. If it is incorrect or corrupted, decisions may lead to decreased mobility. | Since a road closure can have a signficiant impact, if this flow did not function then mobility may be significantly affected. For major routes, the resulting effects can be extensive. | |||
Emergency Vehicle OBE | Emergency Personnel | emergency personnel information presentation | Moderate | Moderate | Moderate |
Some of this information, such as incident information, is sensitive and should be protected. | This information could affect how the Emergency Personnel respond to the event, and should be as accurate as possible. | This information needs to be available for the Emergency Personnel in order for them to respond accurately to the system. If they do not acknowledge this information, dispatch needs to know, so they can attempt to contact the Emergency Personnel via another channel, such as radio. | |||
ITS Roadway Equipment | Connected Vehicle Roadside Equipment | barrier system status | Moderate | High | Moderate |
Related to the control flow, however the data is directly observable and generally widely known. Difficult to justify obfuscation. | Status of barrier systems has direct human-safety related impact, that if performed incorrectly could lead to catastrophic incidents. | These systems need to operated when demanded or mobility will be restricted. However, manual processes should always be in place to compensate for a loss in connectivity, and to provide a secondary check for safety purposes anyway. | |||
ITS Roadway Equipment | Driver | driver information | Not Applicable | High | Moderate |
This data is sent to all drivers and is also directly observable, by design. | This is the primary signal trusted by the driver to decide whether to go through the intersection and what speed to go through the intersection at; if it's wrong, accidents could happen. | If the lights are out you have to get a policeman to direct traffic – expensive and inefficient and may cause a cascading effect due to lack of coordination with other intersections. | |||
ITS Roadway Equipment | Traffic Management Center | barrier system status | Moderate | High | Moderate |
Related to the control flow, however the data is directly observable and generally widely known. Difficult to justify obfuscation. | Status of barrier systems has direct human-safety related impact, that if performed incorrectly could lead to catastrophic incidents. | These systems need to operated when demanded or mobility will be restricted. However, manual processes should always be in place to compensate for a loss in connectivity, and to provide a secondary check for safety purposes anyway. | |||
ITS Roadway Equipment | Traffic Management Center | safeguard system status | Moderate | High | Moderate |
Related to the control flow, however the data is directly observable and generally widely known. Difficult to justify obfuscation. | Status of barrier systems has direct human-safety related impact, that if performed incorrectly could lead to catastrophic incidents. | These systems need to operated when demanded or mobility will be restricted. However, manual processes should always be in place to compensate for a loss in connectivity, and to provide a secondary check for safety purposes anyway. If no manual system exists, then some instances will be HIGH (for example, exhaust systems in tunnels). | |||
Other Emergency Management Centers | Emergency Management Center | incident report | High | Moderate | Moderate |
This data contains all information regarding the incident. This could include personal information regarding persons involved in the incident. It could also include sensitive information regarding special events or closures. DISC: WYO believes this to be MODERATE. | Minor discrepancies in this data should not have a catastrophic effect, but it should be reasonably controlled and accurate. | A few missed messages should not have a significant effect. However, most messages should make it through and the EMC should be able to know if the TMC has received a message. | |||
Other Emergency Management Centers | Emergency Management Center | threat information coordination | Moderate | High | High |
Coordination of threat response would be useful to the source of the threat, and allow them to respond to maximize intent. As such, this information must be kept from them if possible. Given that the EMC is the source of threat response, we justify HIGH. If threat responses in the area are typically similar to day-to-day opeations, can be MODERATE. | All threat-related flows should have some measure of confidence assigned to them, as they will necessarily provoke responses from the receiving entities. Corrupted or forged data could inhibit that response or cause one when none is warranted. Both of these cases offer significant negative impacts. Given the scope of the transportation system, we set this HIGH. For small-scoped systems, this may be MODERATE if the response would never be significantly different than daily operations. | Since this information may indicate a threat against the transportation system, including personal safety, we can justify a HIGH rating. Lack of information could lead to extreme consequences if no response is taken. In areas where responses are already part of daily activity, this may be reduced to MODERATE. | |||
Security Monitoring Equipment | Emergency Management Center | infrastructure monitoring sensor data | High | Moderate | Moderate |
Includes asset status and security-related monitoring both of which if available to a hostile third party would be useful in developing targets and inflicting damage. May be MODERATE if little such data is available or assets and potential impact is limited. | Real-time monitoring of transportation asset data should be accurate and timely to protect the monitored assets. Given that the destintation of this flow cannot act directly, it is difficult to justify HIGH, unless 'infrastructure situation data' does not exist. | As this flow includes data that reflects the condition of transportation assets, and can be used to infer the safety of use of those assets, loss of this flow means loss of asset safety monitoring, which has a potentially significant impact. | |||
Security Monitoring Equipment | Emergency Management Center | secure area sensor data | Moderate | Moderate | Moderate |
Any security or surveillance data should be protected from casual viewing. An attacker could use this information to assess a facility's susceptibility to attack, or intercept it and use it to monitor their own progress. | Security and surveillance data needs guarantee of accuracy. However, there will be procedures in place to verify any alarms or alerts, suggesting this could be MODERATE in most instances. For sensitive areas, this might be HIGH. | Surveillance and security data should be generally available to security systems; if this goes down it could indicate some kind of hostile action against the monitored facility. This might be HIGH for areas that are sensitive or have particularly high value equipment. | |||
Security Monitoring Equipment | Emergency Management Center | secure area surveillance data | Moderate | Moderate | Moderate |
Any security or surveillance data should be protected from casual viewing. An attacker could use this information to assess a facility's susceptibility to attack, or intercept it and use it to monitor their own progress. | Security and surveillance data needs guarantee of accuracy. However, there will be procedures in place to verify any alarms or alerts, suggesting this could be MODERATE in most instances. For sensitive areas, this might be HIGH. | Surveillance and security data should be generally available to security systems; if this goes down it could indicate some kind of hostile action against the monitored facility. This might be HIGH for areas that are sensitive or have particularly high value equipment. | |||
Traffic Management Center | Connected Vehicle Roadside Equipment | road closure application info | Moderate | Moderate | Low |
This is a control flow, so should be obfuscated to make it more difficult for a 3rd party to manipulate the RSE. | Control parameters need to be correct and not corrupted so that the owner of the RSE and the receiver of the RSE's data get what they need from it. | This information probably does not need to be changed very often, and if it is not available then likely the flow it controls (emissions data flows to the DDS/EMC) are down as well. | |||
Traffic Management Center | Emergency Management Center | emergency traffic control information | Moderate | High | Moderate |
This can potentially include sensitive information, such as response information to emergencies. | Invalid messages could lead to an unauthorized user gaining transit signal priority at an intersection. This could also be used to bring traffic to a standstill, which could lead to a large financial impact on the community. | These messages are important to help with the transit signal priority application. Without them, it will not work. However, if these signals are not received, the Emergency Vehicle can still navigate through the intersection using Lights and Sirens. The TMC should have an acknowledgement of the receipt of a message. | |||
Traffic Management Center | ITS Roadway Equipment | barrier system control | Moderate | High | Moderate |
Control flows need to be obfuscated, lest a hostile individual learn how to control these systems. Barrier systems in particular present a safety risk if compromised, and could have a significant safety and mobility impact. | Control of barrier systems has direct human-safety related impact, that if performed incorrectly could lead to catastrophic incidents. | These systems need to operated when demanded or mobility will be restricted. However, manual processes should always be in place to compensate for a loss in connectivity, and to provide a secondary check for safety purposes anyway. | |||
Traffic Management Center | ITS Roadway Equipment | safeguard system control | High | High | High |
Control flows, even for seemingly innocent devices, should be kept confidential to minimize attack vectors. While an individual installation may not be particularly impacted by a cyberattack of its sensor network, another installation might be severely impacted, and different installations are likely to use similar methods, so compromising one leads to compromising all. | Control flows, even for seemingly innocent devices, should have MODERATE integrity at minimum, just to guarantee that intended control messages are received. Incorrect, corrupted, intercepted and modified control messages can or will result in target field devices not behaving according to operator intent. The severity of this depends on the type of device, which is why some devices are set MODERATE and some HIGH. | Control flow availability is related to the criticality of being able to remotely control the device. For most devices, this is MODERATE. For purely passive devices with no incident relationship, this will be LOW. All devices should have default modes that enable them to operate without backhaul connectivity, so no device warrants a HIGH. | |||
Traffic Management Center | Traffic Operations Personnel | traffic operator data | Moderate | Moderate | Moderate |
Backoffice operations flows should have minimal protection from casual viewing, as otherwise imposters could gain illicit control or information that should not be generally available. | Information presented to backoffice system operators must be consistent or the operator may perform actions that are not appropriate to the real situation. | The backoffice system operator should have access to system operation. If this interface is down then control is effectively lost, as without feedback from the system the operator has no way of knowing what is the correct action to take. | |||
Traffic Operations Personnel | Traffic Management Center | traffic operator input | Moderate | High | High |
Backoffice operations flows should have minimal protection from casual viewing, as otherwise imposters could gain illicit control or information that should not be generally available. | Backoffice operations flows should generally be correct and available as these are the primary interface between operators and system. | Backoffice operations flows should generally be correct and available as these are the primary interface between operators and system. | |||
Vehicle | Connected Vehicle Roadside Equipment | access request | Moderate | Moderate | Moderate |
This indicates the OBE-equipped vehicle's intent to perform a given action. Such information is intended only for the entity capable of granting access, and if observed by a third party may reveal the OBE operator's intent, so should be protected. | Incorrect permission may deny rightful access or appear to grant access when it should not. If rightful access is mission critical this should be HIGH. An incorrect granting of access will likely be subsequently denied by other means (guards, gates, etc.), which justifies leaving this at MODERATE. | Importance rationale tied to Integrity requirement. If critical, there should be other mechanisms. | |||
Vehicle | Driver | driver updates | Not Applicable | Moderate | Moderate |
This data is informing the driver about the safety of a nearby area. It should not contain anything sensitive, and does not matter if another person can observe it. | This is the information that is presented to the driver. If they receive incorrect information, they may act in an unsafe manner. However, there are other indicators that would alert them to any hazards, such as an oncoming vehicle or crossing safety lights. | If this information is not made available to the driver, then the system has not operated correctly. |
Standards
The following table lists the standards associated with physical objects in this service package. For standards related to interfaces, see the specific information flow triple pages.
Name | Title | Physical Object |
---|---|---|
CTI 4001 RSU | Roadside Unit (RSU) Standard | Connected Vehicle Roadside Equipment |
ITE 5301 ATC ITS Cabinet | Intelligent Transportation System Standard Specification for Roadside Cabinets | ITS Roadway Equipment |
NEMA TS 8 Cyber and Physical Security | Cyber and Physical Security for Intelligent Transportation Systems | ITS Roadway Equipment |
Traffic Management Center |
System Requirements
System Requirement | Need | ||
---|---|---|---|
001 | The system shall provide strategic emergency response capabilities provided by an Emergency Operations Center for large-scale incidents and disasters. | 04 | Traffic Operations in response to threats needs to be able to activate the barrier and/or safeguard systems in order to deter an incident, control access to an area or mitigate the impact of an incident. |
02 | Traffic Operations and Emergency Management need to be able to notify agencies if a threat is detected. | ||
002 | The system shall manage coordinated inter-agency responses to and recovery from large-scale emergencies. Such agencies include traffic management, transit, maintenance and construction management, rail operations, and other emergency management agencies. | 02 | Traffic Operations and Emergency Management need to be able to notify agencies if a threat is detected. |
03 | Traffic Operations and Emergency Management need to be able to collect advisories from other agencies related to detected threats. | ||
003 | The system shall provide the capability to implement response plans and track progress through the incident by exchanging incident information and response status with allied agencies. | 02 | Traffic Operations and Emergency Management need to be able to notify agencies if a threat is detected. |
03 | Traffic Operations and Emergency Management need to be able to collect advisories from other agencies related to detected threats. | ||
04 | Traffic Operations in response to threats needs to be able to activate the barrier and/or safeguard systems in order to deter an incident, control access to an area or mitigate the impact of an incident. | ||
004 | The system shall develop, coordinate with other agencies, and store emergency response plans. | 02 | Traffic Operations and Emergency Management need to be able to notify agencies if a threat is detected. |
03 | Traffic Operations and Emergency Management need to be able to collect advisories from other agencies related to detected threats. | ||
005 | The system shall provide the capability to communicate information about emergency situations to local population through the Emergency Telecommunications System. | 04 | Traffic Operations in response to threats needs to be able to activate the barrier and/or safeguard systems in order to deter an incident, control access to an area or mitigate the impact of an incident. |
006 | The system shall provide the capability to identify neighborhoods and businesses that should be informed of an emergency situation based on information collected about incidents including their severity, impacted locations, and recovery schedule. | 04 | Traffic Operations in response to threats needs to be able to activate the barrier and/or safeguard systems in order to deter an incident, control access to an area or mitigate the impact of an incident. |
007 | The system shall remotely monitor and control security sensor data collected in secure areas including facilities (e.g. transit yards) and transportation infrastructure (e.g. bridges, tunnels, interchanges, roadway infrastructure, and transit railways or guideways). The types of security sensor data include environmental threat (e.g. chemical agent, toxic industrial chemical, biological, explosives, and radiological sensors), infrastructure condition and integrity, intrusion and motion, and object detection sensors. The data may be raw or pre-processed in the field. | 01 | Traffic Operations and Emergency Management need to be able to monitor transportation infrastructure (e.g., bridges, tunnels and management centers) for potential threats in order to control access, preclude an incident, and mitigate the impact of an incident if it occurs. |
008 | The system shall exchange threat analysis data with Alerting and Advisory Systems and use that data in local threat analysis processing. | 02 | Traffic Operations and Emergency Management need to be able to notify agencies if a threat is detected. |
009 | The system shall disseminate threat information to other agencies, including traffic, transit, maintenance, rail operations, and other emergency management centers. | 02 | Traffic Operations and Emergency Management need to be able to notify agencies if a threat is detected. |
010 | The system shall respond to control data from center personnel regarding security sensor data collection, processing, threat detection, and threat analysis. | 01 | Traffic Operations and Emergency Management need to be able to monitor transportation infrastructure (e.g., bridges, tunnels and management centers) for potential threats in order to control access, preclude an incident, and mitigate the impact of an incident if it occurs. |
011 | The system shall request activation of barriers and safeguards on request from center personnel. | 04 | Traffic Operations in response to threats needs to be able to activate the barrier and/or safeguard systems in order to deter an incident, control access to an area or mitigate the impact of an incident. |
012 | The system shall remotely monitor video images and audio surveillance data collected in secure areas including facilities (e.g. transit yards) and transportation infrastructure (e.g. bridges, tunnels, interchanges, roadway infrastructure, and transit railways or guideways). The data may be raw or pre-processed in the field. | 01 | Traffic Operations and Emergency Management need to be able to monitor transportation infrastructure (e.g., bridges, tunnels and management centers) for potential threats in order to control access, preclude an incident, and mitigate the impact of an incident if it occurs. |
013 | The system shall remotely monitor video images and audio surveillance data collected in traveler secure areas, which include transit stations, transit stops, rest areas, park and ride lots, and other fixed sites along travel routes (e.g., emergency pull-off areas and travel information centers). The data may be raw or pre-processed in the field. | 01 | Traffic Operations and Emergency Management need to be able to monitor transportation infrastructure (e.g., bridges, tunnels and management centers) for potential threats in order to control access, preclude an incident, and mitigate the impact of an incident if it occurs. |
014 | The system shall exchange surveillance data with other emergency centers. | 03 | Traffic Operations and Emergency Management need to be able to collect advisories from other agencies related to detected threats. |
015 | The system shall identify potential security threats based on collected security surveillance data. | 01 | Traffic Operations and Emergency Management need to be able to monitor transportation infrastructure (e.g., bridges, tunnels and management centers) for potential threats in order to control access, preclude an incident, and mitigate the impact of an incident if it occurs. |
016 | The system shall match traveler video images against a database from the Alerting and Advisory Systems of known images that may represent criminals and terrorists. | 01 | Traffic Operations and Emergency Management need to be able to monitor transportation infrastructure (e.g., bridges, tunnels and management centers) for potential threats in order to control access, preclude an incident, and mitigate the impact of an incident if it occurs. |
017 | The system shall exchange traveler images with other emergency management centers to support traveler image matching. | 02 | Traffic Operations and Emergency Management need to be able to notify agencies if a threat is detected. |
018 | The system shall respond to control data from center personnel regarding security surveillance data collection, processing, threat detection, and image matching. | 01 | Traffic Operations and Emergency Management need to be able to monitor transportation infrastructure (e.g., bridges, tunnels and management centers) for potential threats in order to control access, preclude an incident, and mitigate the impact of an incident if it occurs. |
019 | The system shall monitor maintenance status of the security sensor field equipment. | 01 | Traffic Operations and Emergency Management need to be able to monitor transportation infrastructure (e.g., bridges, tunnels and management centers) for potential threats in order to control access, preclude an incident, and mitigate the impact of an incident if it occurs. |
020 | The system shall remotely control barrier systems for transportation facilities and infrastructure. Barrier systems include automated or remotely controlled gates, barriers and other systems that manage entry to roadways. | 04 | Traffic Operations in response to threats needs to be able to activate the barrier and/or safeguard systems in order to deter an incident, control access to an area or mitigate the impact of an incident. |
021 | The system shall accept requests for barrier system activation from other centers and from center personnel to support emergency response and detours. | 03 | Traffic Operations and Emergency Management need to be able to collect advisories from other agencies related to detected threats. |
022 | The system shall collect barrier system fault data and send to the maintenance center for repair. | 01 | Traffic Operations and Emergency Management need to be able to monitor transportation infrastructure (e.g., bridges, tunnels and management centers) for potential threats in order to control access, preclude an incident, and mitigate the impact of an incident if it occurs. |
04 | Traffic Operations in response to threats needs to be able to activate the barrier and/or safeguard systems in order to deter an incident, control access to an area or mitigate the impact of an incident. | ||
023 | The system shall exchange alert information and status with emergency management centers. The information includes notification of a major emergency such as a natural or man-made disaster, civil emergency, or child abduction for distribution to the public. The information may include the alert originator, the nature of the emergency, the geographic area affected by the emergency, the effective time period, and information and instructions necessary for the public to respond to the alert. This may also identify specific information that should not be released to the public. | 02 | Traffic Operations and Emergency Management need to be able to notify agencies if a threat is detected. |
024 | The system shall exchange road network status assessment information with emergency management and maintenance centers including an assessment of damage sustained by the road network including location and extent of the damage, estimate of remaining capacity, required closures, alternate routes, necessary restrictions, and time frame for repair and recovery. | 03 | Traffic Operations and Emergency Management need to be able to collect advisories from other agencies related to detected threats. |
025 | The system shall receive inputs from emergency management and transit management centers to develop an overall status of the transportation system including emergency transit schedules in effect and current status and condition of the transportation infrastructure. | 03 | Traffic Operations and Emergency Management need to be able to collect advisories from other agencies related to detected threats. |
026 | The system shall remotely control safeguard systems, equipment used to mitigate the impact of incidents on transportation infrastructure (e.g., blast shields, tunnel exhaust systems, etc.) | 01 | Traffic Operations and Emergency Management need to be able to monitor transportation infrastructure (e.g., bridges, tunnels and management centers) for potential threats in order to control access, preclude an incident, and mitigate the impact of an incident if it occurs. |
027 | The system shall accept requests for safeguard system activation from other centers and from center personnel to support emergency response. | 03 | Traffic Operations and Emergency Management need to be able to collect advisories from other agencies related to detected threats. |
028 | The system shall collect safeguard system operational status. | 01 | Traffic Operations and Emergency Management need to be able to monitor transportation infrastructure (e.g., bridges, tunnels and management centers) for potential threats in order to control access, preclude an incident, and mitigate the impact of an incident if it occurs. |
029 | The system shall collect safeguard system fault data and send to the maintenance center for repair. | 01 | Traffic Operations and Emergency Management need to be able to monitor transportation infrastructure (e.g., bridges, tunnels and management centers) for potential threats in order to control access, preclude an incident, and mitigate the impact of an incident if it occurs. |
030 | The system shall include security sensors that monitor conditions of secure areas including facilities (e.g. transit yards) and transportation infrastructure (e.g. bridges, tunnels, interchanges, roadway infrastructure, and transit railways or guideways). | 01 | Traffic Operations and Emergency Management need to be able to monitor transportation infrastructure (e.g., bridges, tunnels and management centers) for potential threats in order to control access, preclude an incident, and mitigate the impact of an incident if it occurs. |
031 | The system shall be remotely controlled by a center. | 01 | Traffic Operations and Emergency Management need to be able to monitor transportation infrastructure (e.g., bridges, tunnels and management centers) for potential threats in order to control access, preclude an incident, and mitigate the impact of an incident if it occurs. |
04 | Traffic Operations in response to threats needs to be able to activate the barrier and/or safeguard systems in order to deter an incident, control access to an area or mitigate the impact of an incident. | ||
032 | The system shall provide equipment status and fault indication of security sensor equipment to a center. | 01 | Traffic Operations and Emergency Management need to be able to monitor transportation infrastructure (e.g., bridges, tunnels and management centers) for potential threats in order to control access, preclude an incident, and mitigate the impact of an incident if it occurs. |
033 | The system shall include environmental threat sensors (e.g. chemical agent, toxic industrial chemical, biological, explosives, and radiological). | 01 | Traffic Operations and Emergency Management need to be able to monitor transportation infrastructure (e.g., bridges, tunnels and management centers) for potential threats in order to control access, preclude an incident, and mitigate the impact of an incident if it occurs. |
034 | The system shall include infrastructure condition and integrity monitoring sensors. | 01 | Traffic Operations and Emergency Management need to be able to monitor transportation infrastructure (e.g., bridges, tunnels and management centers) for potential threats in order to control access, preclude an incident, and mitigate the impact of an incident if it occurs. |
035 | The system shall include object detection sensors (such as metal detectors). | 01 | Traffic Operations and Emergency Management need to be able to monitor transportation infrastructure (e.g., bridges, tunnels and management centers) for potential threats in order to control access, preclude an incident, and mitigate the impact of an incident if it occurs. |
036 | The system shall provide raw security sensor data. | 01 | Traffic Operations and Emergency Management need to be able to monitor transportation infrastructure (e.g., bridges, tunnels and management centers) for potential threats in order to control access, preclude an incident, and mitigate the impact of an incident if it occurs. |
037 | The system shall remotely process security sensor data and provide an indication of potential incidents or threats to a center. | 04 | Traffic Operations in response to threats needs to be able to activate the barrier and/or safeguard systems in order to deter an incident, control access to an area or mitigate the impact of an incident. |
038 | The system shall include video and/or audio surveillance of secure areas including facilities (e.g. transit yards) and transportation infrastructure (e.g. bridges, tunnels, interchanges, roadway infrastructure, and transit railways or guideways). | 01 | Traffic Operations and Emergency Management need to be able to monitor transportation infrastructure (e.g., bridges, tunnels and management centers) for potential threats in order to control access, preclude an incident, and mitigate the impact of an incident if it occurs. |
039 | The system shall provide equipment status and fault indication of surveillance equipment to a center. | 01 | Traffic Operations and Emergency Management need to be able to monitor transportation infrastructure (e.g., bridges, tunnels and management centers) for potential threats in order to control access, preclude an incident, and mitigate the impact of an incident if it occurs. |
040 | The system shall provide raw video or audio data. | 01 | Traffic Operations and Emergency Management need to be able to monitor transportation infrastructure (e.g., bridges, tunnels and management centers) for potential threats in order to control access, preclude an incident, and mitigate the impact of an incident if it occurs. |
041 | The system shall remotely process video and audio data and provide an indication of potential incidents or threats to a center. | 01 | Traffic Operations and Emergency Management need to be able to monitor transportation infrastructure (e.g., bridges, tunnels and management centers) for potential threats in order to control access, preclude an incident, and mitigate the impact of an incident if it occurs. |
042 | The system shall activate barrier systems for transportation facilities and infrastructure under center control. Barrier systems include automated or remotely controlled gates, barriers and other systems that manage entry to roadways. | 04 | Traffic Operations in response to threats needs to be able to activate the barrier and/or safeguard systems in order to deter an incident, control access to an area or mitigate the impact of an incident. |
043 | The system shall return barrier system operational status to the controlling center. | 01 | Traffic Operations and Emergency Management need to be able to monitor transportation infrastructure (e.g., bridges, tunnels and management centers) for potential threats in order to control access, preclude an incident, and mitigate the impact of an incident if it occurs. |
044 | The system shall return barrier system fault data to the maintenance center for repair. | 04 | Traffic Operations in response to threats needs to be able to activate the barrier and/or safeguard systems in order to deter an incident, control access to an area or mitigate the impact of an incident. |
045 | The system shall receive requests for access from approaching vehicles using field-vehicle communications and validate and authenticate the requests. | 04 | Traffic Operations in response to threats needs to be able to activate the barrier and/or safeguard systems in order to deter an incident, control access to an area or mitigate the impact of an incident. |
046 | The system shall grant access only to qualified vehicles. | 04 | Traffic Operations in response to threats needs to be able to activate the barrier and/or safeguard systems in order to deter an incident, control access to an area or mitigate the impact of an incident. |
047 | The system shall communicate access permission status and access instructions to approaching vehicles using field-vehicle communications. | 04 | Traffic Operations in response to threats needs to be able to activate the barrier and/or safeguard systems in order to deter an incident, control access to an area or mitigate the impact of an incident. |
048 | The system shall activate safeguard systems, equipment used to mitigate the impact of incidents on transportation infrastructure (e.g., blast shields, tunnel exhaust systems, etc.) under center control. | 04 | Traffic Operations in response to threats needs to be able to activate the barrier and/or safeguard systems in order to deter an incident, control access to an area or mitigate the impact of an incident. |
049 | The system shall return safeguard system operational status to the controlling center. | 01 | Traffic Operations and Emergency Management need to be able to monitor transportation infrastructure (e.g., bridges, tunnels and management centers) for potential threats in order to control access, preclude an incident, and mitigate the impact of an incident if it occurs. |
050 | The system shall return safeguard system fault data to the maintenance center for repair. | 04 | Traffic Operations in response to threats needs to be able to activate the barrier and/or safeguard systems in order to deter an incident, control access to an area or mitigate the impact of an incident. |
051 | The system shall communicate with qualified connected vehicles and barrier control systems to support local road closure management. | 04 | Traffic Operations in response to threats needs to be able to activate the barrier and/or safeguard systems in order to deter an incident, control access to an area or mitigate the impact of an incident. |
052 | The system shall validate road closure requests to ensure the requesting vehicle is permitted to control gates and barriers. | 04 | Traffic Operations in response to threats needs to be able to activate the barrier and/or safeguard systems in order to deter an incident, control access to an area or mitigate the impact of an incident. |
053 | The system shall communicate with barrier control systems to support local road closure management. | 04 | Traffic Operations in response to threats needs to be able to activate the barrier and/or safeguard systems in order to deter an incident, control access to an area or mitigate the impact of an incident. |
054 | The system shall receive information used to configure and control barrier systems that are represented by gates, barriers and other automated or remotely controlled systems used to manage entry to roadways. | 04 | Traffic Operations in response to threats needs to be able to activate the barrier and/or safeguard systems in order to deter an incident, control access to an area or mitigate the impact of an incident. |
055 | The system shall support selective access to the closed area by granting entry permission to allowed vehicles. | 04 | Traffic Operations in response to threats needs to be able to activate the barrier and/or safeguard systems in order to deter an incident, control access to an area or mitigate the impact of an incident. |
056 | The system shall collect barrier system fault data and send to the emergency vehicles. | 04 | Traffic Operations in response to threats needs to be able to activate the barrier and/or safeguard systems in order to deter an incident, control access to an area or mitigate the impact of an incident. |
057 | The system shall accept inputs from the vehicle driver that include the necessary identity and access information. | 04 | Traffic Operations in response to threats needs to be able to activate the barrier and/or safeguard systems in order to deter an incident, control access to an area or mitigate the impact of an incident. |
058 | The system shall generate the request to activate the access control system to gain access to the secure area. | 04 | Traffic Operations in response to threats needs to be able to activate the barrier and/or safeguard systems in order to deter an incident, control access to an area or mitigate the impact of an incident. |
059 | The system shall receive status from access control system and provide status to the driver. | 04 | Traffic Operations in response to threats needs to be able to activate the barrier and/or safeguard systems in order to deter an incident, control access to an area or mitigate the impact of an incident. |