Parent Service Package: MC07
< < MC07.2 : MC07.3 : MC08.1 > >

MC07.3: MEC-Based Safety Monitoring Implementation

Multi-Access Edge Computing (MEC) at the local Wide-Area Wireless node monitors work zone safety information and processes it at the edge of the WAW network, providing alerts to vehicles and field personnel when potential safety issues are detected, reducing latency and communications network traffic. Vehicles report their location and motion as they approach and travel through the work zone. Personnel devices carried by field personnel also report their location and this information is used to detect and warn drivers and field personnel of potentially unsafe situations. Since implementations will still require some infrastructure-based monitoring to augment vehicle reporting, the infrastructure-based monitoring interfaces are also included in this implementation as optional interfaces.

Relevant Regions:

Enterprise
Functional
Physical
Goals and Objectives
Needs and Requirements
Sources
Security
Standards
System Requirements

Enterprise

Development Stage Roles and Relationships
(hide)

Source	Destination	Role/Relationship

Installation Stage Roles and Relationships
(hide)

Source	Destination	Role/Relationship

Operations and Maintenance Stage Roles and Relationships
(hide)

Source	Destination	Role/Relationship

Functional

This service package includes the following Functional View PSpecs:

Physical Object	Functional Object	PSpec Number	PSpec Name
ITS Roadway Equipment	Roadway Work Zone Safety	1.1.2.11	Control Dynamic Lanes
		1.3.1.3	Process Traffic Images
		9.3.1.3	Monitor Crew Movement
		9.3.4.1	Detect Work Zone Intrusion
		9.3.4.2	Provide Work Zone Intrusion Alert
Maint and Constr Management Center	MCM Work Zone Safety Management	9.2.3.5	Collect Roadside Equipment Status
		9.3.1.1	Operate Work Zone Devices
		9.3.2.2	Collect Work Zone Data
		9.3.3.2	Monitor Vehicle Speed in Work Zone
Maint and Constr Vehicle OBE	MCV Vehicle Safety Monitoring	9.1.2	Collect M&C Vehicle Data On-Board
		9.3.1.2	Operate WZ Devices On-Board
		9.3.1.4	Monitor Crew Movement On-Board
		9.3.2.1	Status Work Zone Activity
		9.3.4.3	Detect Work Zone Intrusion On-Board
		9.3.4.4	Provide On-Board Work Zone Intrusion Alert
Personnel Device	Personnel Work Zone Safety	5.8.7.3	Monitor Emergency Personnel Safety Status
Personnel Device	Personnel Work Zone Safety	9.3.4.5	Support Personnel Work Zone Safety
Vehicle	Vehicle Basic Safety Communication	3.1.1	Produce Collision and Crash Avoidance Data
		3.1.3	Process Vehicle On-board Data
		3.1.4	Communicate with Remote Vehicles
		3.1.6	Provide Vehicle Acceleration and Deceleration Inputs
		3.2.3.2	Manage Platoon Following
		3.2.3.3	Process Data for Vehicle Actuators
		3.2.3.5.1	Process General Vehicle Sensor Data
		3.2.4	Process Sensor Data for Automatic Vehicle Operations
		6.7.1.3	Process Vehicle Location Data
		6.7.1.4	Update Vehicle Navigable Map Database
		6.7.3.2	Provide Driver Information Interface
	Vehicle Traveler Information Reception	3.1.3	Process Vehicle On-board Data
		3.1.4	Communicate with Remote Vehicles
		3.2.3.3	Process Data for Vehicle Actuators
		6.7.1.3	Process Vehicle Location Data
		6.7.1.4	Update Vehicle Navigable Map Database
		6.7.3.1	Provide Driver with Personal Travel Information
		6.7.3.2	Provide Driver Information Interface

Physical

The physical diagram can be viewed in SVG or PNG format and the current format is SVG.
SVG Diagram
PNG Diagram

Display Legend in SVG or PNG

Includes Physical Objects:

Physical Object	Class	Description
Basic Vehicle	Vehicle	'Basic Vehicle' represents a complete operating vehicle. It includes the vehicle platform that interfaces with and hosts ITS electronics and all of the driver convenience and entertainment systems, and other non-ITS electronics on-board the vehicle. Interfaces represent both internal on-board interfaces between ITS equipment and other vehicle systems and other passive and active external interfaces or views of the vehicle that support vehicle/traffic monitoring and management. External interfaces may also represent equipment that is carried into the vehicle (e.g., a smartphone that is brought into the vehicle). Internal interfaces are often implemented through a vehicle databus, which is also included in this object. Note that 'Vehicle' represents the general functions and interfaces that are associated with personal automobiles as well as commercial vehicles, emergency vehicles, transit vehicles, and other specialized vehicles.
Driver	Vehicle	The 'Driver' represents the person that operates a vehicle on the roadway. Included are operators of private, transit, commercial, and emergency vehicles where the interactions are not particular to the type of vehicle (e.g., interactions supporting vehicle safety applications). The Driver originates driver requests and receives driver information that reflects the interactions which might be useful to all drivers, regardless of vehicle classification. Information and interactions which are unique to drivers of a specific vehicle type (e.g., fleet interactions with transit, commercial, or emergency vehicle drivers) are covered by separate objects.
ITS Roadway Equipment	Field	'ITS Roadway Equipment' represents the ITS equipment that is distributed on and along the roadway that monitors and controls traffic and monitors and manages the roadway. This physical object includes traffic detectors, environmental sensors, traffic signals, highway advisory radios, dynamic message signs, CCTV cameras and video image processing systems, grade crossing warning systems, and ramp metering systems. Lane management systems and barrier systems that control access to transportation infrastructure such as roadways, bridges and tunnels are also included. This object also provides environmental monitoring including sensors that measure road conditions, surface weather, and vehicle emissions. Work zone systems including work zone surveillance, traffic control, driver warning, and work crew safety systems are also included.
Maint and Constr Field Personnel	Field	Represents the people that perform maintenance and construction field activities including vehicle and equipment operators, field supervisory personnel, field crews, and work zone safety personnel. Information flowing from the Maintenance and Construction Field Personnel will include those system inputs specific to maintenance and construction operations, such as information regarding work zone status, or the status of maintenance actions. The field personnel are also monitored within the work zone to enhance work zone safety. Information provided to Maintenance and Construction Field Personnel includes dispatch requests, maintenance and construction actions to be performed, and work zone safety warnings.
Maint and Constr Management Center	Center	The 'Maint and Constr Management Center' monitors and manages roadway infrastructure construction and maintenance activities. Representing both public agencies and private contractors that provide these functions, this physical object manages fleets of maintenance, construction, or special service vehicles (e.g., snow and ice control equipment). The physical object receives a wide range of status information from these vehicles and performs vehicle dispatch, routing, and resource management for the vehicle fleets and associated equipment. The physical object participates in incident response by deploying maintenance and construction resources to an incident scene, in coordination with other center physical objects. The physical object manages equipment at the roadside, including environmental sensors and automated systems that monitor and mitigate adverse road and surface weather conditions. It manages the repair and maintenance of both non-ITS and ITS equipment including the traffic controllers, detectors, dynamic message signs, signals, and other equipment associated with the roadway infrastructure. Weather information is collected and fused with other data sources and used to support advanced decision support systems. The physical object remotely monitors and manages ITS capabilities in work zones, gathering, storing, and disseminating work zone information to other systems. It manages traffic in the vicinity of the work zone and advises drivers of work zone status (either directly at the roadside or through an interface with the Transportation Information Center or Traffic Management Center physical objects.) Construction and maintenance activities are tracked and coordinated with other systems, improving the quality and accuracy of information available regarding closures and other roadway construction and maintenance activities.
Maint and Constr Vehicle OBE	Vehicle	The 'Maint and Constr Vehicle OBE' resides in a maintenance, construction, or other specialized service vehicle or equipment and provides the processing, storage, and communications functions necessary to support highway maintenance and construction. All types of maintenance and construction vehicles are covered, including heavy equipment, supervisory vehicles, unmanned remote controlled field maintenance robots, and sensory platforms that may be wheeled or low altitude aerial vehicles (e.g. drones, balloons). The MCV OBE provides two-way communications between drivers/operators and dispatchers and maintains and communicates current location and status information. A wide range of operational status is monitored, measured, and made available, depending on the specific type of vehicle or equipment. A snow plow for example, would monitor whether the plow is up or down and material usage information. The Maint and Constr Vehicle OBE may also contain capabilities to monitor vehicle systems to support maintenance of the vehicle itself. A separate 'Vehicle OBE' physical object supports the general vehicle safety and driver information capabilities that apply to all vehicles, including maintenance and construction vehicles. The Maint and Constr Vehicle OBE supplements these general capabilities with capabilities that are specific to maintenance and construction vehicles.
Multi-Access Edge Computing	Field	'Multi-Access Edge Computing' ((MEC) previously known as mobile edge computing) represents computing devices that operate and are managed like a cloud server, but are deployed at the edge of a network (typically a cellular network, but it could be any network). While not in strict proximity to the transportation network, these systems do benefit from vastly decreased distances to the roadway compared to central systems, and so can provide lower latency than strictly backoffice systems
Other MCV OBEs	Vehicle	This represents on-board equipment on other maintenance and construction vehicles. It provides a source and destination for ITS information transfers between maintenance and construction vehicles. These information transfers allow vehicle operational status, environmental information, and work zone intrusion warnings or alarms to be shared between vehicles.
Personnel Device	Personal	'Personnel Device' represents devices used by emergency personnel or maintenance and construction personnel in the field. In the case of emergency personnel, the devices would include body cameras or smartphones (and their peripherals) that can be used by emergency personnel to provide images or video as well as send or receive data regarding the incident. The devices could also be used for incident scene safety messages to the personnel. In the case of maintenance and construction field personnel, the devices could be cellular phones or specialized safety devices that would be used for work zone safety messages to the personnel.
Vehicle	Vehicle	This 'Vehicle' physical object is used to model core capabilities that are common to more than one type of Vehicle. It provides the vehicle-based general sensory, processing, storage, and communications functions that support efficient, safe, and convenient travel. Many of these capabilities (e.g., see the Vehicle Safety service packages) apply to all vehicle types including personal vehicles (including motorcycles), commercial vehicles, emergency vehicles, transit vehicles, and maintenance vehicles. From this perspective, the Vehicle includes the common interfaces and functions that apply to all motorized vehicles. The radio(s) supporting V2V and V2I communications are a key component of the Vehicle. Both one-way and two-way communications options support a spectrum of information services from basic broadcast to advanced personalized information services. Advanced sensors, processors, enhanced driver interfaces, and actuators complement the driver information services so that, in addition to making informed mode and route selections, the driver travels these routes in a safer and more consistent manner. This physical object supports all six levels of driving automation as defined in SAE J3016. Initial collision avoidance functions provide 'vigilant co-pilot' driver warning capabilities. More advanced functions assume limited control of the vehicle to maintain lane position and safe headways. In the most advanced implementations, this Physical Object supports full automation of all aspects of the driving task, aided by communications with other vehicles in the vicinity and in coordination with supporting infrastructure subsystems.
Vehicle Characteristics	Vehicle	'Vehicle Characteristics' represents the external view of individual vehicles of any class from cars and light trucks up to large commercial vehicles and down to micromobility vehicles (MMVs). It includes vehicle physical characteristics such as height, width, length, weight, and other properties (e.g., magnetic properties, number of axles, occupants, emissions) of individual vehicles that can be sensed and measured or classified. This physical object represents the physical properties of vehicles that can be sensed by vehicle-based or infrastructure-based sensors to support vehicle automation and traffic sensor systems. The analog properties provided by this terminator represent the sensor inputs that are used to detect and assess vehicle(s) within the sensor's range to support safe AV operation and/or responsive and safe traffic management.

Includes Functional Objects:

Functional Object	Description	Physical Object
MCM Work Zone Safety Management	'MCM Work Zone Safety Management' remotely monitors work zone safety systems that detect vehicle intrusions in work zones and warns crew workers and drivers of imminent encroachment. Crew movements are also monitored so that the crew can be warned of movement beyond the designated safe zone.	Maint and Constr Management Center
MCV Vehicle Safety Monitoring	'MCV Vehicle Safety Monitoring' detects vehicle intrusions in the vicinity of the vehicle and warns crew workers and drivers of imminent encroachment. Crew movements are also monitored so that the crew can be warned of movement beyond the designated safe zone. It can be used for stationary work zones or in mobile applications where a safe zone is maintained around the moving vehicle.	Maint and Constr Vehicle OBE
MEC Work Zone Safety	'MEC Work Zone Safety' communicates with connected vehicles and personal devices carried or worn by the work crew to detect vehicle intrusions in work zones and warn crew workers and drivers of imminent encroachment. Crew movements are also monitored so that crew can be warned of movement beyond the designated safe zone. There may be constraints related to performance related to communications with participants using network operators foreign to the MEC.	Multi-Access Edge Computing
Personnel Work Zone Safety	'Personnel Work Zone Safety' improves maintenance and construction crew safety by providing crew location information to the infrastructure that can be used to avoid collisions involving the work crew. The application may also alert workers if they travel beyond the designated safe zone. The information provided and the user interface delivery mechanism (visual, audible, or haptic) can also be tailored to the needs of the user that is carrying or wearing the device that hosts the application.	Personnel Device
Roadway Work Zone Safety	'Roadway Work Zone Safety' includes field elements that detect vehicle intrusions in work zones and warns crew workers and drivers of imminent encroachment. Crew movements are also monitored so that the crew can be warned of movement beyond the designated safe zone.	ITS Roadway Equipment
Vehicle Basic Safety Communication	'Vehicle Basic Safety Communication' exchanges current vehicle characteristics, location, and motion (including past and intended maneuver) information with other vehicles in the vicinity and the infrastructure, uses that information to calculate vehicle paths, and warns the driver when the potential for an impending collision is detected. If available, map data is used to filter and interpret the relative location and motion of vehicles in the vicinity. Information from on-board sensors (e.g., radars and image processing) are also used, if available, in combination with the V2V communications to detect non-equipped vehicles and corroborate connected vehicle data. This object represents a broad range of implementations ranging from basic Vehicle Awareness Devices that only broadcast vehicle location and motion and provide no driver warnings to advanced integrated safety systems that coordinate maneuvers and may, in addition to warning the driver, provide collision warning information to support automated control functions that can support control intervention. This object can also support broadcasting other vehicle information required for passing through a specific roadway segment such as variables that describe vehicle's characteristics and parameters, driver's preferences in terms of vehicle motion and behavior, etc.	Vehicle
Vehicle Traveler Information Reception	'Vehicle Traveler Information Reception' receives advisories, vehicle signage data, and other driver information of use to all types of vehicles and drivers and presents this information to the driver using in-vehicle equipment. Information presented may include fixed sign information, traffic control device status (e.g., signal phase and timing data), advisory and detour information, warnings of adverse road and weather conditions, travel times, and other driver information.	Vehicle

Includes Information Flows:

Information Flow	Description
driver information	Regulatory, warning, guidance, and other information provided to the driver to support safe and efficient vehicle operation.
driver update information	Information provided to the driver-vehicle interface to inform the driver about current conditions, potential hazards, and the current status of vehicle on-board equipment. The flow includes the information to be presented to the driver and associated metadata that supports processing, prioritization, and presentation by the DVI as visual displays, audible information and warnings, and/or haptic feedback.
driver updates	Information provided to the driver including visual displays, audible information and warnings, and haptic feedback. The updates inform the driver about current conditions, potential hazards, and the current status of vehicle on-board equipment.
host vehicle status	Information provided to the ITS on-board equipment from other systems on the vehicle platform. This includes the current status of the powertrain, steering, and braking systems, and status of other safety and convenience systems. In implementations where GPS is not integrated into the Vehicle On-Board Equipment, the host vehicle is also the source for data describing the vehicle's location in three dimensions (latitude, longitude, elevation) and accurate time that can be used for time synchronization across the ITS environment.
personnel location	The current location (latitude, longitude, and elevation) reported by the personnel device.
personnel monitoring	Sensed presence of personnel within a work zone or incident scene that is monitored to enhance safety in work areas proximate to moving traffic.
personnel safety warning	Safety alerts and warnings provided to a personnel device. The provided information would identify safety threats (e.g., vehicle encroachment into a work area, personnel infringement into a travel lane)
personnel updates	Alerts and warnings provided to emergency personnel or work crew members. This includes visual, audio, and haptic outputs that may be customized to support individual needs.
traffic detector control	Information used to configure and control traffic detector systems such as inductive loop detectors and machine vision sensors.
traffic detector data	Raw and/or processed traffic detector data which allows derivation of traffic flow variables (e.g., speed, volume, and density measures) and associated information (e.g., congestion, potential incidents). This flow includes the traffic data and the operational status of the traffic detectors
traffic image meta data	Meta data that describes traffic images. Traffic images (video) are in another flow.
traffic images	High fidelity, real-time traffic images suitable for surveillance monitoring by the operator or for use in machine vision applications. This flow includes the images. Meta data that describes the images is contained in another flow.
traffic situation data	Current, aggregate traffic data collected from connected vehicles. It includes raw and/or processed reported vehicle speeds, counts, and other derived measures. Raw and/or filtered vehicle control events may also be included to support incident detection. This flow represents information collected from a single probe data collection point in the road network (e.g., a CVRSE or a MEC).
vehicle characteristics	The physical or visible characteristics of individual vehicles that can be used to detect, classify, and monitor vehicles and imaged to uniquely identify vehicles and characterize their performance (e.g., speed, occupants, emissions).
vehicle location and motion	Data describing the vehicle's location in three dimensions, heading, speed, acceleration, braking status, and size.
vehicle signage data	In-vehicle signing data that augments regulatory, warning, and informational road signs and signals. The information provided would include static sign information (e.g., stop, curve warning, guide signs, service signs, and directional signs) and dynamic information (e.g., local traffic and road conditions, restrictions, vehicle requirements, work zones, detours, closures, advisories, and warnings).
video surveillance control	Information used to configure and control video surveillance systems.
work zone safety application info	Work zone safety application configuration data and warning parameters and thresholds. This includes work zone configuration including geofenced crew areas and travel lanes that provide a safety boundary between work zone personnel and passing vehicles. This flow also supports remote control of the application so the application can be taken offline, reset, or restarted.
work zone safety application status	Work zone safety application status reported by the RSE. This includes current operational state and status of the RSE and a record of identified work zone safety alerts and warnings issued.
work zone warning	Warnings provided to field personnel, indicating a work zone emergency or safety issue such as the intrusion of a vehicle into the work zone area or movement of personnel into the travel lanes.
work zone warning device control	Data used to configure and control work zone safety monitoring and warning devices.
work zone warning notification	Notification of a work zone emergency or safety issue. This flow identifies that a work zone emergency or safety issue has occurred so that warnings may be generated by more than one system in the work zone.
work zone warning status	Status of a work zone safety monitoring and warning devices. This flow documents system activations and includes additional supporting information (e.g., an image) that allows verification of the alarm.

Goals and Objectives

Associated Planning Factors and Goals

Planning Factor	Goal

Associated Objective Categories

Objective Category

Associated Objectives and Performance Measures

Objective	Performance Measure

Since the mapping between objectives and service packages is not always straight-forward and often situation-dependent, these mappings should only be used as a starting point. Users should do their own analysis to identify the best service packages for their region.

Needs and Requirements

Need		Functional Object	Requirement

Related Sources

Document Name	Version	Publication Date
None

Security

In order to participate in this service package, each physical object should meet or exceed the following security levels.

Physical Object Security
Physical Object	Confidentiality	Integrity	Availability	Security Class
Basic Vehicle
ITS Roadway Equipment
Maint and Constr Management Center
Maint and Constr Vehicle OBE
Multi-Access Edge Computing
Other MCV OBEs
Personnel Device
Vehicle
Vehicle Characteristics

In order to participate in this service package, each information flow triple should meet or exceed the following security levels.

Information Flow Security
Source	Destination	Information Flow	Confidentiality	Integrity	Availability
Source	Destination	Information Flow	Basis	Basis	Basis
Basic Vehicle	Vehicle	host vehicle status	Low	Moderate	High
Basic Vehicle	Vehicle	host vehicle status	Unlikely that this includes any information that could be used against the originator.	This can be MODERATE or HIGH, depending on the application: This is used later on to determine whether a vehicle is likely going to violate a red light or infringe a work zone. This needs to be correct in order for the application to work correctly.	Since this monitors the health and safety of the vehicle and that information is eventually reported to the driver, it should be available at all times as it directly affects vehicle and operator safety.
ITS Roadway Equipment	Driver	driver information	Not Applicable	High	Moderate
ITS Roadway Equipment	Driver	driver information	This data is sent to all drivers and is also directly observable, by design.	This is the primary signal trusted by the driver to decide whether to go through the intersection and what speed to go through the intersection at; if it’s wrong, accidents could happen.	If the lights are out you have to get a policeman to direct traffic – expensive and inefficient and may cause a cascading effect due to lack of coordination with other intersections.
ITS Roadway Equipment	Maint and Constr Field Personnel	work zone warning	Not Applicable	Moderate	Low
ITS Roadway Equipment	Maint and Constr Field Personnel	work zone warning	Human Interfaces do not receive confidentiality ratings.	A few false warnings should not have a bad consequence. When field personnel receive a warning they can look around and verify whether or not a vehicle is actually headed towards them.	It would be better to receive any messages than to not have this application available due to availability requirements. However, the higher the availability here, the more useful the application will be and the more field personnel can rely on it.
ITS Roadway Equipment	Maint and Constr Management Center	traffic detector data	Low	Moderate	Moderate
ITS Roadway Equipment	Maint and Constr Management Center	traffic detector data	No impact if someone sees the data	Some minimal guarantee of data integrity is necessary for all C-ITS flows. THEA believes this to be LOW.only limited adverse effect if raw/processed traffic detector data is bad/compromised; DISC: WYO believes this to be HIGH	Only limited adverse effect of info is not timely/readily available, however without this information it will be difficult to perform traffic management activities, thus MODERATE. If not used for management, may be LOW.
ITS Roadway Equipment	Maint and Constr Management Center	work zone warning status	Moderate	Moderate	Moderate
ITS Roadway Equipment	Maint and Constr Management Center	work zone warning status	There could potentially be sensitive information in the system activation or supporting information.	This information flow also contains supporting verification, such as an image, that can also be used to verify the integrity of the message.	The system should be able to operate properly if it misses a few messages. If a message is not received, the ITS RE should know. This is not the only source of information regarding an incident. If an incident is severe enough to need an immediate response, there are other indicators (such as someone calling 911) that would help alert people to the situation.
ITS Roadway Equipment	Maint and Constr Vehicle OBE	traffic detector data	Low	Moderate	Moderate
ITS Roadway Equipment	Maint and Constr Vehicle OBE	traffic detector data	No impact if someone sees the data	Some minimal guarantee of data integrity is necessary for all C-ITS flows. THEA believes this to be LOW.only limited adverse effect if raw/processed traffic detector data is bad/compromised; DISC: WYO believes this to be HIGH	Only limited adverse effect of info is not timely/readily available, however without this information it will be difficult to perform traffic management activities, thus MODERATE. If not used for management, may be LOW.
ITS Roadway Equipment	Maint and Constr Vehicle OBE	traffic image meta data	Low	Moderate	Moderate
ITS Roadway Equipment	Maint and Constr Vehicle OBE	traffic image meta data	Traffic image data is generally intended for public consumption, and in any event is already video captured in the public arena, so this must be LOW.	While accuracy of this data is important for decision making purposes, applications should be able to cfunction without it. Thus MODERATE generally.	While accuracy of this data is important for decision making purposes, applications should be able to function without it. Thus MODERATE generally.
ITS Roadway Equipment	Maint and Constr Vehicle OBE	traffic images	Low	Moderate	Moderate
ITS Roadway Equipment	Maint and Constr Vehicle OBE	traffic images	Traffic image data is generally intended for public consumption, and in any event is already video captured in the public arena, so this must be LOW.	Generally transportation coordination information should be correct between source and destination, or inappropriate actions may be taken.	Often this flow will be used to support personal worker safety, which justifies MODERATE.
ITS Roadway Equipment	Multi-Access Edge Computing	work zone warning notification	Moderate	Moderate	Moderate
ITS Roadway Equipment	Multi-Access Edge Computing	work zone warning notification	This data is intentionally transmitted to everyone via a broadcast. It can also be determined via other visual indicators; however, all communications between field infrastructure should be protected from viewing to prevent attackers from analyzing traffic and developing attack methods.	This information should be accurate, but an incorrect information should not have a direct impact causing the loss of life or limb.	The system should be able to operate properly if it misses a few messages. If a message is not received, the RSE should know.
Maint and Constr Field Personnel	ITS Roadway Equipment	personnel monitoring	Not Applicable	Moderate	Low
Maint and Constr Field Personnel	ITS Roadway Equipment	personnel monitoring	This is directly observable.	Should be correct or the ITS Roadway Equipment may take actions that are inconsistent with personnel's actual location	If not available, equipment will likely not take any action. This is the current situation, so until this data is expected to always be there, this should be LOW.
Maint and Constr Field Personnel	Maint and Constr Vehicle OBE	personnel monitoring	Not Applicable	Moderate	Low
Maint and Constr Field Personnel	Maint and Constr Vehicle OBE	personnel monitoring	This is directly observable.	Should be correct or the ITS Roadway Equipment may take actions that are inconsistent with personnel's actual location	If not available, equipment will likely not take any action. This is the current situation, so until this data is expected to always be there, this should be LOW.
Maint and Constr Management Center	ITS Roadway Equipment	traffic detector control	Moderate	Moderate	Low
Maint and Constr Management Center	ITS Roadway Equipment	traffic detector control	Control flows, even for seemingly innocent devices, should be kept confidential to minimize attack vectors. While an individual installation may not be particularly impacted by a cyberattack of its sensor network, another installation might be severely impacted, and different installations are likely to use similar methods, so compromising one leads to compromising all. DISC: THEA, WYO believe this to be LOW: encrypted, authenticated, proprietary; but should not cause severe damage if seen	Control flows, even for seemingly innocent devices, should have MODERATE integrity at minimum, just to guarantee that intended control messages are received. Incorrect, corrupted, intercepted and modified control messages can or will result in target field devices not behaving according to operator intent. The severity of this depends on the type of device, which is why some devices are set MODERATE and some HIGH.. From THEA: should be accurate and not be tampered with; could enable outside control of traffic sensors but should not cause severe harm, but could cause issues with traffic sensor data received and be detrimental to operations	Control flow availability is related to the criticality of being able to remotely control the device. For most devices, this is MODERATE. For purely passive devices with no incident relationship, this will be LOW. All devices should have default modes that enable them to operate without backhaul connectivity, so no device warrants a HIGH.. From THEA: want updates but delayed information will not be severe; should be able to operate from a previous/default control/config. DISC: WYO believes this to be MODERATE
Maint and Constr Management Center	ITS Roadway Equipment	work zone warning device control	Moderate	High	Moderate
Maint and Constr Management Center	ITS Roadway Equipment	work zone warning device control	Control flows, even for seemingly innocent devices, should be kept confidential to minimize attack vectors. While an individual installation may not be particularly impacted by a cyberattack of its sensor network, another installation might be severely impacted, and different installations are likely to use similar methods, so compromising one leads to compromising all.	Control flows, even for seemingly innocent devices, should have MODERATE integrity at minimum, just to guarantee that intended control messages are received. Incorrect, corrupted, intercepted and modified control messages can or will result in target field devices not behaving according to operator intent. The severity of this depends on the type of device, which is why some devices are set MODERATE and some HIGH.	Control flow availability is related to the criticality of being able to remotely control the device. For most devices, this is MODERATE. For purely passive devices with no incident relationship, this will be LOW. All devices should have default modes that enable them to operate without backhaul connectivity, so no device warrants a HIGH.
Maint and Constr Management Center	Maint and Constr Vehicle OBE	work zone warning device control	Not Applicable	Moderate	Moderate
Maint and Constr Management Center	Maint and Constr Vehicle OBE	work zone warning device control	This data is intentionally transmitted to everyone via a broadcast. It can also be determined via other visual indicators.	This information should be accurate, but an incorrect information should not have a direct impact causing the loss of life or limb.	The system should be able to operate properly if it misses a few messages. If a message is not received, the ITS RE should know.
Maint and Constr Management Center	Multi-Access Edge Computing	work zone safety application info	Low	Moderate	Moderate
Maint and Constr Management Center	Multi-Access Edge Computing	work zone safety application info	This information flow does not contain any secret data. Information such as the geofenced crew areas will intentionally be broadcast at a later point. This may be raised if it contains sensitive data, as determined by the supplier (for example, because this flow contains proprietary or security-sensitive information about the device).	The geofenced crew areas must be tracked accurately, otherwise a crew member may be injured by passing vehicles. However, inaccurate information here does not directly lead to the injury of a crew member because there are other indicators of where the incident work zone is.	This data should be received in a timely manner after it is sent. This will determine which lanes are blocked off, for maintenance vehicle use
Maint and Constr Vehicle OBE	Driver	driver information	Not Applicable	Moderate	Moderate
Maint and Constr Vehicle OBE	Driver	driver information	This data is sent to all drivers and is also directly observable, by design.	There are currently other visual and auditory indicators of an incident. Police will park their car with the lights (and possibly siren) on to indicate that a lane is closed. If incorrect information is sent to the driver, they will still have other cues indicating that an incident has occurred. If the current indicators are fully replaced by this system, then this would be raised to a HIGH.	There are currently other visual and auditory indicators of an incident. Police will park their car with the lights (and possibly siren) on to indicate that a lane is closed. If incorrect information is sent to the driver, they will still have other cues indicating that an incident has occurred. If the current indicators are fully replaced by this system, then this would be raised to a HIGH.
Maint and Constr Vehicle OBE	ITS Roadway Equipment	traffic detector control	Moderate	Moderate	Low
Maint and Constr Vehicle OBE	ITS Roadway Equipment	traffic detector control	Control flows, even for seemingly innocent devices, should be kept confidential to minimize attack vectors. While an individual installation may not be particularly impacted by a cyberattack of its sensor network, another installation might be severely impacted, and different installations are likely to use similar methods, so compromising one leads to compromising all. DISC: THEA, WYO believe this to be LOW: encrypted, authenticated, proprietary; but should not cause severe damage if seen	Control flows, even for seemingly innocent devices, should have MODERATE integrity at minimum, just to guarantee that intended control messages are received. Incorrect, corrupted, intercepted and modified control messages can or will result in target field devices not behaving according to operator intent. The severity of this depends on the type of device, which is why some devices are set MODERATE and some HIGH.. From THEA: should be accurate and not be tampered with; could enable outside control of traffic sensors but should not cause severe harm, but could cause issues with traffic sensor data received and be detrimental to operations	Control flow availability is related to the criticality of being able to remotely control the device. For most devices, this is MODERATE. For purely passive devices with no incident relationship, this will be LOW. All devices should have default modes that enable them to operate without backhaul connectivity, so no device warrants a HIGH.. From THEA: want updates but delayed information will not be severe; should be able to operate from a previous/default control/config. DISC: WYO believes this to be MODERATE
Maint and Constr Vehicle OBE	ITS Roadway Equipment	video surveillance control	Moderate	Moderate	Moderate
Maint and Constr Vehicle OBE	ITS Roadway Equipment	video surveillance control	Control flows, even for seemingly innocent devices, should be kept confidential to minimize attack vectors. While an individual installation may not be particularly impacted by a cyberattack of its sensor network, another installation might be severely impacted, and different installations are likely to use similar methods, so compromising one leads to compromising all.	Control flows, even for seemingly innocent devices, should have MODERATE integrity at minimum, just to guarantee that intended control messages are received. Incorrect, corrupted, intercepted and modified control messages can or will result in target field devices not behaving according to operator intent. The severity of this depends on the type of device, which is why some devices are set MODERATE and some HIGH.	Control flow availability is related to the criticality of being able to remotely control the device. For most devices, this is MODERATE. For purely passive devices with no incident relationship, this will be LOW. All devices should have default modes that enable them to operate without backhaul connectivity, so no device warrants a HIGH.
Maint and Constr Vehicle OBE	Maint and Constr Field Personnel	work zone warning	Not Applicable	Moderate	Low
Maint and Constr Vehicle OBE	Maint and Constr Field Personnel	work zone warning	This is directly observable data.	A few false warnings should not have a bad consequence. When field personnel receive a warning they can look around and verify whether or not a vehicle is actually headed towards them.	It would be better to receive any messages than to not have this application available due to availability requirements. However, the higher the availability here, the more useful the application will be and the more field personnel can rely on it.
Maint and Constr Vehicle OBE	Maint and Constr Management Center	work zone warning status	Moderate	Moderate	Moderate
Maint and Constr Vehicle OBE	Maint and Constr Management Center	work zone warning status	There could potentially be sensitive information in the system activation or supporting information.	This information flow also contains supporting verification, such as an image, that can also be used to verify the integrity of the message.	The system should be able to operate properly if it misses a few messages. If a message is not received, the emergency vehicle OBE should know. This is not the only source of information regarding an incident. If an incident is severe enough to need an immediate response, there are other indicators (such as someone calling 911) that would help alert people to the situation.
Maint and Constr Vehicle OBE	Multi-Access Edge Computing	work zone warning notification	Not Applicable	Moderate	Moderate
Maint and Constr Vehicle OBE	Multi-Access Edge Computing	work zone warning notification	This data is intentionally transmitted to everyone via a broadcast. It can also be determined via other visual indicators.	This information should be accurate, but an incorrect information should not have a direct impact causing the loss of life or limb.	The system should be able to operate properly if it misses a few messages. If a message is not received, the RSE should know.
Maint and Constr Vehicle OBE	Other MCV OBEs	work zone warning notification	Not Applicable	Moderate	Moderate
Maint and Constr Vehicle OBE	Other MCV OBEs	work zone warning notification	This data is intentionally transmitted to everyone via a broadcast. It can also be determined via other visual indicators.	This information should be accurate, but an incorrect information should not have a direct impact causing the loss of life or limb.	The system should be able to operate properly if it misses a few messages. If a message is not received, the RSE should know.
Maint and Constr Vehicle OBE	Personnel Device	personnel safety warning	Not Applicable	High	Low
Maint and Constr Vehicle OBE	Personnel Device	personnel safety warning	This data is intentionally transmitted to everyone via a broadcast. It can also be determined via other visual indicators.	A few false warnings should not have a bad consequence. When an emergency personnel receives a warning they can look around and verify whether or not a vehicle is actually headed towards them. However, a message saying it is safe when there is a car coming could lead to an emergency personnel not moving when they were in danger.	It would be better to receive any messages than to not have this application available due to availability requirements. However, the higher the availability here, the more useful the application will be and the more emergency personnel can rely on it.
Maint and Constr Vehicle OBE	Vehicle	vehicle signage data	Low	Moderate	Moderate
Maint and Constr Vehicle OBE	Vehicle	vehicle signage data	This data is intentionally transmitted to everyone via a broadcast. It is meant to augment other signage data, and by definition is meant to be shared with everyone.	These signs are meant to augment other visual cues to the driver. They should be accurate, but any inaccuracies should be corrected for by other means.	These notifications are helpful to a driver, but if the driver does not receive this notification immediately, there should still be other visual cues.
Multi-Access Edge Computing	ITS Roadway Equipment	traffic situation data	Moderate	Moderate	Moderate
Multi-Access Edge Computing	ITS Roadway Equipment	traffic situation data	Aggregated messages may have more privacy implications than individual ones, especially if an attacker can attack more than one RSE-to-TMC connection at once.	This information is used to help with incident detection. It should be verified to ensure that it is not incorrectly influencing this.THEA: only limited adverse effect if raw/processed connected vehicle data is bad/compromised; could be LOW for ISIG	This information is used as supplemental information. It should operate correctly if not every single message is received. THEA: only limited adverse effect if info is not timely/readily available, could be LOW for ISIG
Multi-Access Edge Computing	ITS Roadway Equipment	work zone warning notification	Moderate	Moderate	Moderate
Multi-Access Edge Computing	ITS Roadway Equipment	work zone warning notification	This data is intentionally transmitted to everyone via a broadcast. It can also be determined via other visual indicators; however, all communications between field infrastructure should be protected from viewing to prevent attackers from analyzing traffic and developing attack methods.	This information should be accurate, but an incorrect information should not have a direct impact causing the loss of life or limb.	The system should be able to operate properly if it misses a few messages. If a message is not received, the RSE should know.
Multi-Access Edge Computing	Maint and Constr Management Center	work zone safety application status	Moderate	Moderate	Low
Multi-Access Edge Computing	Maint and Constr Management Center	work zone safety application status	This information could be of interest to a malicious individual who is attempting to determine the best way to accomplish a crime. As such it would be best to not make it easily accessible.	If this is compromised, it could send unnecessary maintenance workers, or cause the appearance of excessive traffic violations, leading to further unnecessary investigation.	A delay in reporting this may cause a delay in necessary maintenance, but (a) this is not time-critical and (b) there are other channels for reporting malfunctioning. Additionally, there is a message received notification, which means that RSE can ensure that all intersection safety issues are delivered.
Multi-Access Edge Computing	Maint and Constr Vehicle OBE	work zone warning notification	Not Applicable	Moderate	Moderate
Multi-Access Edge Computing	Maint and Constr Vehicle OBE	work zone warning notification	This data is intentionally transmitted to everyone via a broadcast. It can also be determined via other visual indicators.	This information should be accurate, but an incorrect information should not have a direct impact causing the loss of life or limb.	The system should be able to operate properly if it misses a few messages. If a message is not received, the RSE should know.
Multi-Access Edge Computing	Personnel Device	personnel safety warning	Not Applicable	High	Low
Multi-Access Edge Computing	Personnel Device	personnel safety warning	This data is intentionally transmitted to everyone via a broadcast. It can also be determined via other visual indicators.	A few false warnings should not have a bad consequence. When an emergency personnel receives a warning they can look around and verify whether or not a vehicle is actually headed towards them. However, a message saying it is safe when there is a car coming could lead to an emergency personnel not moving when they were in danger.	It would be better to receive any messages than to not have this application available due to availability requirements. However, the higher the availability here, the more useful the application will be and the more emergency personnel can rely on it.
Multi-Access Edge Computing	Vehicle	vehicle signage data	Low	Moderate	Moderate
Multi-Access Edge Computing	Vehicle	vehicle signage data	This data is intentionally transmitted to everyone via a broadcast. It is meant to augment other signage data, and by definition is meant to be shared with everyone.	These signs are meant to augment other visual cues to the driver. They should be accurate, but any inaccuracies should be corrected for by other means.	These notifications are helpful to a driver, but if the driver does not receive this notification immediately, there should still be other visual cues.
Other MCV OBEs	Maint and Constr Vehicle OBE	work zone warning notification	Not Applicable	Moderate	Moderate
Other MCV OBEs	Maint and Constr Vehicle OBE	work zone warning notification	This data is intentionally transmitted to everyone via a broadcast. It can also be determined via other visual indicators.	This information should be accurate, but an incorrect information should not have a direct impact causing the loss of life or limb.	The system should be able to operate properly if it misses a few messages. If a message is not received, the RSE should know.
Personnel Device	Maint and Constr Field Personnel	personnel updates	Low	High	Moderate
Personnel Device	Maint and Constr Field Personnel	personnel updates	This data is informing the user of safety-related issues in the local transportation environment. It probably does not contain anything sensitive, and should not matter if another person can observe it.	This is the information that is presented to the individual in a work zone or incident response area that may be unpredictable in its formation. If the user receives incorrect information, they may act in an unsafe manner.	If this information is not made available to the pedestrian, then the user may be endangered. This is the not only mechanism the user may have to avoid potential dangers (they can observe directly).
Personnel Device	Maint and Constr Management Center	personnel location	Not Applicable	High	Moderate
Personnel Device	Maint and Constr Management Center	personnel location	This data is intentionally transmitted to everyone via a broadcast. It can also be determined via other visual indicators.	An incorrect locations message, could lead to a false warning or lack of warning. A lack of warning can have obvious catastrophic consequences, while a false warning could lead to users ignoring warnings due to perceived inaccuracy. Given that this triple may apply to highly dynamic environments (such as work zones), its accuracy is paramount, and thus if sent, must have HIGH integrity.	There are other visual indicators about the geofenced areas. Personnel device users in dynamic environments (incident and work zones) should know when they are leaving a geofenced area. As long as they remain in the geofenced area, this information is not as necessary. Not all personnel will carry a personnel device, and the system should be able to operate without this information.
Personnel Device	Maint and Constr Vehicle OBE	personnel location	Not Applicable	High	Moderate
Personnel Device	Maint and Constr Vehicle OBE	personnel location	This data is intentionally transmitted to everyone via a broadcast. It can also be determined via other visual indicators.	An incorrect locations message, could lead to a false warning or lack of warning. A lack of warning can have obvious catastrophic consequences, while a false warning could lead to users ignoring warnings due to perceived inaccuracy. Given that this triple may apply to highly dynamic environments (such as work zones), its accuracy is paramount, and thus if sent, must have HIGH integrity.	There are other visual indicators about the geofenced areas. Personnel device users in dynamic environments (incident and work zones) should know when they are leaving a geofenced area. As long as they remain in the geofenced area, this information is not as necessary. Not all personnel will carry a personnel device, and the system should be able to operate without this information.
Personnel Device	Multi-Access Edge Computing	personnel location	Not Applicable	High	Moderate
Personnel Device	Multi-Access Edge Computing	personnel location	This data is intentionally transmitted to everyone via a broadcast. It can also be determined via other visual indicators.	An incorrect locations message, could lead to a false warning or lack of warning. A lack of warning can have obvious catastrophic consequences, while a false warning could lead to users ignoring warnings due to perceived inaccuracy. Given that this triple may apply to highly dynamic environments (such as work zones), its accuracy is paramount, and thus if sent, must have HIGH integrity.	There are other visual indicators about the geofenced areas. Personnel device users in dynamic environments (incident and work zones) should know when they are leaving a geofenced area. As long as they remain in the geofenced area, this information is not as necessary. Not all personnel will carry a personnel device, and the system should be able to operate without this information.
Vehicle	Basic Vehicle	driver update information	Low	Moderate	Moderate
Vehicle	Basic Vehicle	driver update information	This information is all presented to the vehicle operator. Encrypting this information may make it harder to reverse engineer vehicle systems, and may defeat criminal tracking tools when the vehicle has already been compromised. Unless those scenarios are of concern to the operator or manufacturer, this can safely be set LOW.	Any information presented to the operator of a vehicle should be both accurate and timely. By definition this includes safety information, but given that the driver has other means of learning about most threats, it seems difficult to justify HIGH. If HIGH is warranted, it should apply to both availability and integrity.	Any information presented to the operator of a vehicle should be both accurate and timely. By definition this includes safety information, but given that the driver has other means of learning about most threats, it seems difficult to justify HIGH. If HIGH is warranted, it should apply to both availability and integrity.
Vehicle	Driver	driver updates	Not Applicable	Moderate	Moderate
Vehicle	Driver	driver updates	This data is informing the driver about the safety of a nearby area. It should not contain anything sensitive, and does not matter if another person can observe it.	This is the information that is presented to the driver. If they receive incorrect information, they may act in an unsafe manner. However, there are other indicators that would alert them to any hazards, such as an oncoming vehicle or crossing safety lights.	If this information is not made available to the driver, then the system has not operated correctly.
Vehicle	Multi-Access Edge Computing	vehicle location and motion	Not Applicable	High	Moderate
Vehicle	Multi-Access Edge Computing	vehicle location and motion	This data is intentionally transmitted to everyone via a broadcast. Much of its information content can also be determined via other visual indicators	Incorrect information could lead to the system not operating properly. If the system does not properly know where the vehicle is, it cannot make an accurate decision about whether there is going to be a pedestrian in the crosswalk that the vehicle is approaching. This can have a safety impact.	This data is required for the system to operate properly. If this data is not available, the system cannot give accurate warning information.
Vehicle	Personnel Device	vehicle location and motion	Not Applicable	High	Moderate
Vehicle	Personnel Device	vehicle location and motion	This data is intentionally transmitted to everyone via a broadcast. Much of its information content can also be determined via other visual indicators	Incorrect information could lead to the system not operating properly. If the system does not properly know where the vehicle is, it cannot make an accurate decision about whether there is going to be a pedestrian in the crosswalk that the vehicle is approaching. This can have a safety impact.	This data is required for the system to operate properly. If this data is not available, the system cannot give accurate warning information.
Vehicle Characteristics	ITS Roadway Equipment	vehicle characteristics
Vehicle Characteristics	ITS Roadway Equipment	vehicle characteristics

Standards

The following table lists the standards associated with physical objects in this service package. For standards related to interfaces, see the specific information flow triple pages. These pages can be accessed directly from the SVG diagram(s) located on the Physical tab, by clicking on each information flow line on the diagram.

Name	Title	Physical Object
ITE 5301 ATC ITS Cabinet	Intelligent Transportation System Standard Specification for Roadside Cabinets	ITS Roadway Equipment
NEMA TS 8 Cyber and Physical Security	Cyber and Physical Security for Intelligent Transportation Systems	ITS Roadway Equipment
NEMA TS 8 Cyber and Physical Security		Maint and Constr Management Center

System Requirements

No System Requirements