Hacked Road Signs - What's Really the Message Here?

Posted by Mike McKay on Jun 9, 2016 10:58:31 AM
Find me on:

hacked-road-signs.pngOver Memorial Day Weekend, several states made headlines when mobile DMS were hacked.  These temporary construction warning signs on the highway displayed hacked messages ranging from political statements, to “Party Hardy Yall!”.  A week later, another sign was hacked that displayed a comment referencing the recent  Cincinnati Zoo gorilla incident. While these altered messages may serve as harmless entertainment for daily commuters, tampering with these signs are problematic and a dangerous display of recklessness.  With regards to the later, traffic operations professionals are challenged with life or death consequences - funny it is not.

Commonly known amongst traffic operations engineers, these signs cannot be operated remotely. Hacking portable dynamic message signs require a physical assault by breaking locks and re-programming messages on-site.  The Memorial Day episode is not the first, and certainly not the last.   A simple internet search turns up numerous and too frequent occurrences, including articles like “23 Great Hacked Roads Signs” to step-by-step instructions on how to hack an electronic road sign.



The Impact of Cybersecurity on Transportation

Hacked Road Signs 2

Source: https://www.parsons.com/Media%20Library/Cybersecurity-Transportation.pdf

Transportation infrastructure is essential to the safe, efficient movement of billions of people daily. As the transportation industry continues to shift towards technology-driven designs, the threat of cyber attacks continues to climb. The Repository of Industrial Security Incidents reports of the most targeted global industries, Transportation ranks third in frequency of cybersecurity attacks.

Common targets of road-side hacking include portable DMS,  CCTV cameras, sensors, and lighting -  even traffic signaling can become subject to road side security attacks.  In the big picture, far more damage to life and property can occur when those traffic operation devices, operated remotely by software, are not kept up to date.  Imagine a single metropolitan area with one piece of software compromised, affecting thousands of devices and millions of people, at any one minute. The involved and passionate transportation engineer is troubled daily with what this means - in the most major of ways. 

Potential Consequences of an Transportation Cybersecurity Attack:

  • Operations/Services Dysfunction
  • Partial or Full-On Traffic Operations Collapse
  •  Personal Injury and Death - Potentially Catastrophic in Scale
  • Physical Systems Destruction
  • Data Theft

Fortunately, DOTs are aware of the many threats hacked road signs can pose to drivers and transportation industry workers, alike.  Cybersecurity is a topic for preventative solution rather than a reactive result, most recently noted at the New England Annual ITS conference attended by hundreds last month in Boston. 


 The Future of Transportation Cybersecurity

 Hacked Road Signs 3

Source: https://www.ntcip.org/library/protocols/

With each remotely managed transportation device based on the NTCIP Framework, cyber security breaches could happen at a variety of levels.  While situational, the assessment "what level of vulnerability are we at" is an everyday thought that doesn't always have an answer. Traffic Operations professionals with remotely operated devices are laying in the comfort nest of "I have the current NTCIP protocol, I'm covered." This is all good - until the nest falls from the tree. What is the second tier safety net? Is there advanced warning protection or tiered security with indicators? Would it be prudent to hire a hacker first and IT programmer second? Do most transportation officials and professionals really know how NTCIP works? I would place a good bet on this over-under!                                                                                                                                                                                                        


While the roadside attacks are problematic and create a higher concern for localized cyber vandalism, the question remains - how do we know our more sophisticated remotely operated ITS devices are not inching closer to the "living-in-my-mothers-basement hacker"? How much do we understand about NTCIP and its relationship to remote devices?  Is there a plan B we should employ? I certainly haven't kept up and rely on the brilliant few engineers who do. It the entire community's responsibility to share what we know, what we've learned, and how we share this information. ITS device manufacturers are in no way exempt any more than traffic operators,  transportation engineers, and planners.  It is after all, an Intelligent Transportation Society, right? 

Interested in reading more about NEMA TS4 standards?
Check out our most recent blog post about the minimum hardware and functional characteristics of electronically controlled DMS.

View Blog Article