Parent Service Package: TM22
< < TM22.2 : TM22.3 : TM23.1 > >

TM22.3: MEC Communications Implementation

MEC devices are used to share dynamic lane and shoulder use information with vehicles in the vicinity.

Relevant Regions:

Enterprise

Development Stage Roles and Relationships

Installation Stage Roles and Relationships

Operations and Maintenance Stage Roles and Relationships
(hide)

Source Destination Role/Relationship

Functional

This service package includes the following Functional View PSpecs:

Physical Object Functional Object PSpec Number PSpec Name
Border Inspection System Border Inspection 2.8.4.4 Perform Border Inspection
2.8.4.5 Manage Border Area Security and Traffic
Connected Vehicle Roadside Equipment RSE Restricted Lanes Application 1.1.1.6 Collect Vehicle Roadside Safety Data
1.1.2.12 Monitor Dynamic Lane Usage
1.1.2.6 Process Collected Vehicle Safety Data
1.1.6 Collect Vehicle Traffic Surveillance Data
1.1.7 Collect Vehicle Environmental Data
1.2.7.4 Process In-vehicle Signage Data
1.2.7.7 Process Vehicle Safety and Environmental Data for Output
1.5.10 Collect Vehicle Emissions Messages
1.5.12 Manage Eco Roadway Usage in Roadway
5.4.9 Process Roadside Emissions Violations
7.6.1.1 Collect Road Use Charging Data
9.2.3.8 Collect Connected Vehicle Field Equipment Status
RSE Traveler Information Communications 1.1.1.6 Collect Vehicle Roadside Safety Data
1.1.2.6 Process Collected Vehicle Safety Data
1.2.7.4 Process In-vehicle Signage Data
1.2.7.7 Process Vehicle Safety and Environmental Data for Output
1.5.10 Collect Vehicle Emissions Messages
2.8.4.6 Exchange Border Clearance Roadside Information
6.7.3.3 Provide Short Range Traveler Information
9.2.3.8 Collect Connected Vehicle Field Equipment Status
9.3.3.5 Manage Speeds at Roadside
ITS Roadway Equipment Roadway Dynamic Lane Management and Shoulder Use 1.1.2.11 Control Dynamic Lanes
1.2.7.5 Process Indicator Output Data for Freeways
1.2.7.8 Provide Device Interface to Other Roadway Devices
1.2.7.9 Process Roadway Information Data
Roadway Surveillance 1.1.1.1 Process Traffic Sensor Data
1.1.1.7 Process Road User Protection
1.1.2.11 Control Dynamic Lanes
1.2.7.16 Process Signal Control Conflict Monitoring
1.2.7.2 Monitor Roadside Equipment Operation
1.2.7.8 Provide Device Interface to Other Roadway Devices
1.3.1.3 Process Traffic Images
9.3.3.1 Collect Vehicle Speed
Roadway Traffic Information Dissemination 1.2.7.1 Process Indicator Output Data for Roads
1.2.7.2 Monitor Roadside Equipment Operation
1.2.7.5 Process Indicator Output Data for Freeways
1.2.7.8 Provide Device Interface to Other Roadway Devices
1.2.7.9 Process Roadway Information Data
Traffic Management Center TMC Basic Surveillance 1.1.2.1 Process Traffic Data for Storage
1.1.2.2 Process Traffic Data
1.1.2.3 Update Data Source Static Data
1.1.2.5 Process Vehicle Situation Data
1.1.2.8 Process Roadway Environmental Data
1.1.3 Generate Predictive Traffic Model
1.1.4.1 Retrieve Traffic Data
1.1.4.2 Provide Traffic Operations Personnel Traffic Data Interface
1.1.5 Exchange Data with Other Traffic Centers
1.2.6.1 Maintain Traffic and Sensor Static Data
1.2.8 Collect Traffic Field Equipment Fault Data
1.3.1.1 Analyze Traffic Data for Incidents
1.3.2.1 Store Possible Incident Data
1.3.2.5 Provide Current Incidents Store Interface
1.3.2.6 Manage Traffic Routing
1.3.4.2 Provide Traffic Operations Personnel Incident Interface
1.3.4.5 Process Video Data
TMC Dynamic Lane Management and Shoulder Use 1.1.2.10 Provide Dynamic Lane Management
1.1.2.9 Monitor Dynamic Lanes
1.1.4.1 Retrieve Traffic Data
1.1.4.2 Provide Traffic Operations Personnel Traffic Data Interface
1.2.2.1 Determine Indicator State for Freeway Management
1.2.2.2 Determine Indicator State for Road Management
1.2.3 Determine Ramp State
1.3.2.1 Store Possible Incident Data
1.3.4.2 Provide Traffic Operations Personnel Incident Interface
1.4.1 Provide Traffic Operations Personnel Demand Interface
TMC In-Vehicle Signing Management 1.2.4.3 Output In-vehicle Signage Data
1.2.4.4 Output Roadway Information Data
1.2.8 Collect Traffic Field Equipment Fault Data
1.3.2.1 Store Possible Incident Data
1.5.13 Manage Emissions-Based Control Zone
TMC Restricted Lanes CV Application 1.1.2.10 Provide Dynamic Lane Management
1.1.2.9 Monitor Dynamic Lanes
1.1.4.2 Provide Traffic Operations Personnel Traffic Data Interface
1.2.1 Select Strategy
1.2.2.1 Determine Indicator State for Freeway Management
1.2.4.1 Output Control Data for Roads
1.2.4.3 Output In-vehicle Signage Data
1.3.2.1 Store Possible Incident Data
1.3.4.2 Provide Traffic Operations Personnel Incident Interface
TMC Traffic Information Dissemination 1.1.4.1 Retrieve Traffic Data
1.1.4.2 Provide Traffic Operations Personnel Traffic Data Interface
1.1.4.3 Provide Direct Media Traffic Data Interface
1.2.1 Select Strategy
1.2.4.3 Output In-vehicle Signage Data
1.2.4.4 Output Roadway Information Data
1.2.8 Collect Traffic Field Equipment Fault Data
1.3.1.1 Analyze Traffic Data for Incidents
1.3.2.1 Store Possible Incident Data
1.3.2.2 Review and Classify Possible Incidents
1.3.2.5 Provide Current Incidents Store Interface
1.3.2.6 Manage Traffic Routing
1.3.4.2 Provide Traffic Operations Personnel Incident Interface
1.3.4.5 Process Video Data
Vehicle Vehicle Basic Safety Communication 3.1.1 Produce Collision and Crash Avoidance Data
3.1.3 Process Vehicle On-board Data
3.1.4 Communicate with Remote Vehicles
3.1.6 Provide Vehicle Acceleration and Deceleration Inputs
3.2.3.2 Manage Platoon Following
3.2.3.3 Process Data for Vehicle Actuators
3.2.3.5.1 Process General Vehicle Sensor Data
3.2.4 Process Sensor Data for Automatic Vehicle Operations
6.7.1.3 Process Vehicle Location Data
6.7.1.4 Update Vehicle Navigable Map Database
6.7.3.2 Provide Driver Information Interface
Vehicle Restricted Lanes Application 3.1.3 Process Vehicle On-board Data
6.7.1.4 Update Vehicle Navigable Map Database
6.7.3.1 Provide Driver with Personal Travel Information
6.7.3.2 Provide Driver Information Interface
Vehicle Traveler Information Reception 3.1.3 Process Vehicle On-board Data
3.1.4 Communicate with Remote Vehicles
3.2.3.3 Process Data for Vehicle Actuators
6.7.1.3 Process Vehicle Location Data
6.7.1.4 Update Vehicle Navigable Map Database
6.7.3.1 Provide Driver with Personal Travel Information
6.7.3.2 Provide Driver Information Interface
Display Legend in SVG or PNG

Includes Physical Objects:

Physical Object Class Description
Border Inspection System Field 'Border Inspection System' represents data systems used at the border for the inspection of people or goods. It supports immigration, customs (trade), agricultural, and FDA inspections as applicable. It includes sensors and surveillance systems to identify and classify drivers and their cargo as they approach a border crossing, the systems used to interface with the back-office administration systems and provide information on status of the crossing or events.
Connected Vehicle Roadside Equipment Field 'Connected Vehicle Roadside Equipment' (CV RSE) represents the Connected Vehicle roadside devices (i.e., Roadside Units (RSUs)) equipped with short range wireless (SRW) communications technology, as well as any other supporting equipment that leverage the RSU and are not described by other objects (e.g., a local roadside processor). CVRSE are used to send messages to, and receive messages from, nearby vehicles and personal devices equipped with compatible communications technology. Communications with adjacent field equipment and back office centers that monitor and control the RSE are also supported. This device operates from a fixed position and may be permanently deployed or a portable device that is located temporarily in the vicinity of a traffic incident, road construction, or a special event. It includes a processor, data storage, and communications capabilities that support secure communications with passing vehicles, other field equipment, and centers.
Driver Vehicle The 'Driver' represents the person that operates a vehicle on the roadway. Included are operators of private, transit, commercial, and emergency vehicles where the interactions are not particular to the type of vehicle (e.g., interactions supporting vehicle safety applications). The Driver originates driver requests and receives driver information that reflects the interactions which might be useful to all drivers, regardless of vehicle classification. Information and interactions which are unique to drivers of a specific vehicle type (e.g., fleet interactions with transit, commercial, or emergency vehicle drivers) are covered by separate objects.
Enforcement Center Center The 'Enforcement Center' represents the systems that receive reports of violations detected by various ITS facilities including individual vehicle emissions, lane violations, toll violations, CVO violations, etc.
Intermodal Terminal Field The 'Intermodal Terminal' represents the terminal areas corresponding to modal change points. This includes interfaces between roadway freight transportation and air, rail, and/or water shipping modes. The basic unit of cargo handled by the Intermodal Terminal physical object is the container; less-than-container load handling is typically handled at a different facility (i.e., Freight Consolidation Station). The Intermodal Terminal can include electronic gate control for entrance and exit from the facility, automated guidance of vehicles within the facility, alerting appropriate parties of container arrivals and departures, and inventory and location of temporarily stored containers.
ITS Roadway Equipment Field 'ITS Roadway Equipment' represents the ITS equipment that is distributed on and along the roadway that monitors and controls traffic and monitors and manages the roadway. This physical object includes traffic detectors, environmental sensors, traffic signals, highway advisory radios, dynamic message signs, CCTV cameras and video image processing systems, grade crossing warning systems, and ramp metering systems. Lane management systems and barrier systems that control access to transportation infrastructure such as roadways, bridges and tunnels are also included. This object also provides environmental monitoring including sensors that measure road conditions, surface weather, and vehicle emissions. Work zone systems including work zone surveillance, traffic control, driver warning, and work crew safety systems are also included.
Multi-Access Edge Computing Field 'Multi-Access Edge Computing' ((MEC) previously known as mobile edge computing) represents computing devices that operate and are managed like a cloud server, but are deployed at the edge of a network (typically a cellular network, but it could be any network). While not in strict proximity to the transportation network, these systems do benefit from vastly decreased distances to the roadway compared to central systems, and so can provide lower latency than strictly backoffice systems
Multimodal Crossing Equipment Field 'Multimodal Crossing Equipment' represents the control equipment that interfaces to a non-road based transportation system at an interference crossing with the roadway. The majority of these crossings are railroad grade crossings that are more specifically addressed by the "Wayside Equipment" terminator. This multimodal crossing terminator addresses similar interface requirements, but for other specialized intersections like draw bridges at rivers and canals. These crossings carry traffic that may take priority over the road traffic at the intersection. The data provided will in its basic form be a simple "stop road traffic" indication. However more complex data flows may be provided that give the time at which right-of-way will be required and the duration of that right-of-way requirement.
Other ITS Roadway Equipment Field Representing another set of ITS Roadway Equipment, 'Other ITS Roadway Equipment' supports 'field device' to 'field device' communication and coordination, and provides a source and destination for information that may be exchanged between ITS Roadway Equipment. The interface enables direct coordination between field equipment. Examples include the direct interface between sensors and other roadway devices (e.g., Dynamic Message Signs) and the direct interface between roadway devices (e.g., between a Signal System Master and Signal System Local equipment) or a connection between an arterial signal system master and a ramp meter controller.
Other Traffic Management Centers Center Representing another Traffic Management Center, 'Other Traffic Management Centers' is intended to provide a source and destination for information exchange between peer (e.g. inter-regional) traffic management functions. It enables traffic management activities to be coordinated across different jurisdictional areas.
Traffic Management Center Center The 'Traffic Management Center' monitors and controls traffic and the road network. It represents centers that manage a broad range of transportation facilities including freeway systems, rural and suburban highway systems, and urban and suburban traffic control systems. It communicates with ITS Roadway Equipment and Connected Vehicle Roadside Equipment (RSE) to monitor and manage traffic flow and monitor the condition of the roadway, surrounding environmental conditions, and field equipment status. It manages traffic and transportation resources to support allied agencies in responding to, and recovering from, incidents ranging from minor traffic incidents through major disasters.
Traffic Operations Personnel Center 'Traffic Operations Personnel' represents the people that operate a traffic management center. These personnel interact with traffic control systems, traffic surveillance systems, incident management systems, work zone management systems, and travel demand management systems. They provide operator data and command inputs to direct system operations to varying degrees depending on the type of system and the deployment scenario.
Vehicle Vehicle This 'Vehicle' physical object is used to model core capabilities that are common to more than one type of Vehicle. It provides the vehicle-based general sensory, processing, storage, and communications functions that support efficient, safe, and convenient travel. Many of these capabilities (e.g., see the Vehicle Safety service packages) apply to all vehicle types including personal vehicles (including motorcycles), commercial vehicles, emergency vehicles, transit vehicles, and maintenance vehicles. From this perspective, the Vehicle includes the common interfaces and functions that apply to all motorized vehicles. The radio(s) supporting V2V and V2I communications are a key component of the Vehicle. Both one-way and two-way communications options support a spectrum of information services from basic broadcast to advanced personalized information services. Advanced sensors, processors, enhanced driver interfaces, and actuators complement the driver information services so that, in addition to making informed mode and route selections, the driver travels these routes in a safer and more consistent manner. This physical object supports all six levels of driving automation as defined in SAE J3016. Initial collision avoidance functions provide 'vigilant co-pilot' driver warning capabilities. More advanced functions assume limited control of the vehicle to maintain lane position and safe headways. In the most advanced implementations, this Physical Object supports full automation of all aspects of the driving task, aided by communications with other vehicles in the vicinity and in coordination with supporting infrastructure subsystems.
Vehicle Characteristics Vehicle 'Vehicle Characteristics' represents the external view of individual vehicles of any class from cars and light trucks up to large commercial vehicles and down to micromobility vehicles (MMVs). It includes vehicle physical characteristics such as height, width, length, weight, and other properties (e.g., magnetic properties, number of axles, occupants, emissions) of individual vehicles that can be sensed and measured or classified. This physical object represents the physical properties of vehicles that can be sensed by vehicle-based or infrastructure-based sensors to support vehicle automation and traffic sensor systems. The analog properties provided by this terminator represent the sensor inputs that are used to detect and assess vehicle(s) within the sensor's range to support safe AV operation and/or responsive and safe traffic management.

Includes Functional Objects:

Functional Object Description Physical Object
Border Inspection 'Border Inspection' manages and supports primary and secondary inspections at the border crossing. Border Inspection System
MEC Restricted Lanes Application The 'MEC Restricted Lanes Application' monitors and manages dynamic and static restricted lanes. It collects vehicle profile information from vehicles entering the lanes and monitors vehicles within the lanes, providing aggregate data to the back office center. It provides lane restriction information and signage data to the vehicles and optionally identifies vehicles that violate the current lane restrictions. These functions are performed based on operating parameters provided by the back office managing center(s). Multi-Access Edge Computing
MEC Traveler Information Communications 'MEC Traveler Information Communications' distributes information to vehicles for in-vehicle display. The information may be provided by a center (e.g., variable information on traffic and road conditions in the vicinity of the field equipment) or it may be determined and output locally (e.g., static sign information and signal phase and timing information). This includes the interface to the center or field equipment that controls the information distribution and the wireless communications equipment that provides information to vehicles. Multi-Access Edge Computing
Roadway Dynamic Lane Management and Shoulder Use 'Roadway Dynamic Lane Management and Shoulder Use' includes the field equipment, physical overhead lane signs and associated control electronics that are used to manage and control specific lanes and/or the shoulders. This equipment can be centrally controlled by a Traffic Management Center or it can be autonomous and monitor traffic conditions and demand along the roadway and determine how to change the lane controls to respond to current conditions. Lane controls can be used to change the lane configuration of the roadway, reconfigure intersections and/or interchanges, allow use of shoulders as temporary travel lanes, designate lanes for use by special vehicles only, such as buses, high occupancy vehicles (HOVs), vehicles attending a special event, etc. and/or prohibit or restrict types of vehicles from using particular lanes. Guidance and information for drivers can be posted on dynamic message signs. ITS Roadway Equipment
Roadway Surveillance 'Roadway Basic Surveillance' monitors traffic conditions using fixed equipment such as loop detectors, CCTV cameras, , RADARs and LIDARs. ITS Roadway Equipment
Roadway Traffic Information Dissemination 'Roadway Traffic Information Dissemination' includes field elements that provide information to drivers, including dynamic message signs and highway advisory radios. ITS Roadway Equipment
RSE Restricted Lanes Application The 'RSE Restricted Lanes Application' uses short range communications to monitor and manage dynamic and static restricted lanes. It collects vehicle profile information from vehicles entering the lanes and monitors vehicles within the lanes, providing aggregate data to the back office center. It provides lane restriction information and signage data to the vehicles and optionally identifies vehicles that violate the current lane restrictions. These functions are performed based on operating parameters provided by the back office managing center(s). Connected Vehicle Roadside Equipment
RSE Traveler Information Communications 'RSE Traveler Information Communications' includes field elements that distribute information to vehicles for in-vehicle display. The information may be provided by a center (e.g., variable information on traffic and road conditions in the vicinity of the field equipment) or it may be determined and output locally (e.g., static sign information and signal phase and timing information). This includes the interface to the center or field equipment that controls the information distribution and the short range communications equipment that provides information to passing vehicles. Connected Vehicle Roadside Equipment
TMC Basic Surveillance 'TMC Basic Surveillance' remotely monitors and controls traffic sensor systems and surveillance (e.g., CCTV) equipment, and collects, processes and stores the collected traffic data. Current traffic information and other real-time transportation information is also collected from other centers. The collected information is provided to traffic operations personnel and made available to other centers. Traffic Management Center
TMC Dynamic Lane Management and Shoulder Use 'TMC Dynamic Lane Management and Shoulder Use' remotely monitors and controls the system that is used to dynamically manage travel lanes, including temporary use of shoulders as travel lanes. It monitors traffic conditions and demand measured in the field and determines when the lane configuration of the roadway should be changed, when intersections and/or interchanges should be reconfigured, when the shoulders should be used for travel (as a lane), when lanes should be designated for use by special vehicles only, such as buses, high occupancy vehicles (HOVs), vehicles attending a special event, etc. and/or when types of vehicles should be prohibited or restricted from using particular lanes. It controls the field equipment used to manage and control specific lanes and the shoulders. It also can automatically notify the enforcement agency of lane control violations. Traffic Management Center
TMC In-Vehicle Signing Management 'TMC In-Vehicle Signing Management' controls and monitors RSEs that support in-vehicle signing. Sign information that may include static regulatory, service, and directional sign information as well as variable information such as traffic and road conditions can be provided to the RSE, which uses short range communications to send the information to in-vehicle equipment. Information that is currently being communicated to passing vehicles and the operational status of the field equipment is monitored by this application. The operational status of the field equipment is reported to operations personnel. Traffic Management Center
TMC Restricted Lanes CV Application 'TMC Restricted Lanes CV Application' manages dynamic lanes for connected vehicles. The application provides the back office functions and supports the TMC operator in establishing and managing dynamic lanes using communications to manage lane use for connected vehicles. Traffic Management Center
TMC Traffic Information Dissemination 'TMC Traffic Information Dissemination' disseminates traffic and road conditions, closure and detour information, incident information, driver advisories, and other traffic-related data to other centers, the media, and driver information systems. It monitors and controls driver information system field equipment including dynamic message signs and highway advisory radio, managing dissemination of driver information through these systems. Traffic Management Center
Vehicle Basic Safety Communication 'Vehicle Basic Safety Communication' exchanges current vehicle characteristics, location, and motion (including past and intended maneuver) information with other vehicles in the vicinity and the infrastructure, uses that information to calculate vehicle paths, and warns the driver when the potential for an impending collision is detected. If available, map data is used to filter and interpret the relative location and motion of vehicles in the vicinity. Information from on-board sensors (e.g., radars and image processing) are also used, if available, in combination with the V2V communications to detect non-equipped vehicles and corroborate connected vehicle data. This object represents a broad range of implementations ranging from basic Vehicle Awareness Devices that only broadcast vehicle location and motion and provide no driver warnings to advanced integrated safety systems that coordinate maneuvers and may, in addition to warning the driver, provide collision warning information to support automated control functions that can support control intervention. This object can also support broadcasting other vehicle information required for passing through a specific roadway segment such as variables that describe vehicle's characteristics and parameters, driver's preferences in terms of vehicle motion and behavior, etc. Vehicle
Vehicle Restricted Lanes Application The 'Vehicle Restricted Lanes Application' monitors and reports its own operating parameters and communicates with roadside equipment to safely enter, operate within, and exit restricted lanes that are relevant to all types of vehicles. Vehicle
Vehicle Traveler Information Reception 'Vehicle Traveler Information Reception' receives advisories, vehicle signage data, and other driver information of use to all types of vehicles and drivers and presents this information to the driver using in-vehicle equipment. Information presented may include fixed sign information, traffic control device status (e.g., signal phase and timing data), advisory and detour information, warnings of adverse road and weather conditions, travel times, and other driver information. Vehicle

Includes Information Flows:

Information Flow Description
device control request Request for device control action
device data Data from detectors, environmental sensor stations, roadside equipment, and traffic control devices, including device inventory information.
device status Status information from devices
driver information Regulatory, warning, guidance, and other information provided to the driver to support safe and efficient vehicle operation.
driver input Driver input to the vehicle on-board equipment including configuration data, settings and preferences, interactive requests, and control commands.
driver updates Information provided to the driver including visual displays, audible information and warnings, and haptic feedback. The updates inform the driver about current conditions, potential hazards, and the current status of vehicle on-board equipment.
dynamic sign coordination The direct flow of information between field equipment. This includes information used to initialize, configure, and control dynamic message signs. This flow can provide message content and delivery attributes, local message store maintenance requests, control mode commands, status queries, and all other commands and associated parameters that support local management of these devices. Current operating status of dynamic message signs is returned.
intermodal freight event information Plans for movement of intermodal freight from the depot area possibly impacting traffic. May also include requests for special treatment at traffic signals or dynamic lane management systems.
intermodal freight traffic information Information on traffic conditions affecting the depot including information concerning any special traffic control accommodations or restrictions for commercial vehicles.
lane management control Information used to configure and control dynamic lane management systems.
lane management coordination The direct flow of information between field equipment. This includes information used to configure and control dynamic lane management systems and the status of managed lanes including current operational state, violations, and logged information. This also includes lane usage information including both traditional traffic flow measures and special information associated with managed lanes such as measured passenger occupancies. It also includes the operational status of the lane management equipment.
lane management information System status of managed lanes including current operational state, violations, and logged information. This includes lane usage information including both traditional traffic flow measures and special information associated with managed lanes such as measured passenger occupancies. It also includes the operational status of the lane management equipment.
lane management inputs This flow provides inputs to dynamic lane management systems including the types of vehicles to allow in each lane.
lane violation notification Notification to enforcement agency of detected lane entry violations, lane speed violations, or other dynamic lane violations. Lane entry violations may be issued for restricted vehicle types or vehicles that do not meet required emissions or passenger occupancy standards that enter a managed lane. This notification identifies the vehicle and documents the lane parameter that was violated.
request for enforcement Request for traffic enforcement of speed limits, lane controls, etc. on a roadway including in a work zone or other special situations.
restricted lanes application info Restricted lane application configuration data and messaging parameters. This flow defines the location, duration, and operating parameters for lanes that are reserved for the exclusive use of certain types of vehicles (e.g., transit vehicles) or vehicles that meet other qualifications (e.g., number of occupants, low emissions criteria). It may also identify additional vehicles that may be allowed in the lanes as exceptions, though they don't meet specified criteria. It identifies the lane(s), the start and stop locations, start and end times, vehicle restrictions, speed limits and platooning parameters. This flow also supports remote control of the application so the application can be taken offline, reset, or restarted.
restricted lanes application status Current RSE application status that is monitored by the back office center including the operational state of the RSE, current configuration parameters, and a log of lane use (aggregate profiles of vehicles that checked in to the lane and reported vehicle speeds in the lanes) and RSE communications activity.
restricted lanes information This flow defines the location, duration, and operating parameters for lanes that are reserved for the exclusive use of certain types of vehicles (e.g., transit vehicles) or vehicles that meet other qualifications (e.g., number of occupants, low emissions criteria). It identifies the lane(s), the start and stop locations, start and end times, vehicle restrictions, speed limits and platooning parameters.
roadway dynamic signage data Information used to initialize, configure, and control dynamic message signs. This flow can provide message content and delivery attributes, local message store maintenance requests, control mode commands, status queries, and all other commands and associated parameters that support remote management of these devices.
roadway dynamic signage status Current operating status of dynamic message signs.
shoulder management control Information used to configure and control systems that allow use of a shoulder as a lane for vehicular traffic.
shoulder management coordination The direct flow of information between field equipment. This includes information used to configure and control systems that allow use of a shoulder as a lane for vehicular traffic and current status of shoulder use, the current operational state of the equipment and identified violations.
shoulder management information System status including current operational state, violations and logged information.
traffic detector control Information used to configure and control traffic detector systems such as inductive loop detectors and machine vision sensors.
traffic detector coordination The direct flow of information between field equipment. This includes information used to configure and control traffic detector systems such as inductive loop detectors and machine vision sensors Raw and/or processed traffic detector data is returned that allows derivation of traffic flow variables (e.g., speed, volume, and density measures) and associated information (e.g., congestion, potential incidents). This flow includes the traffic data and the operational status of the traffic detectors
traffic detector data Raw and/or processed traffic detector data which allows derivation of traffic flow variables (e.g., speed, volume, and density measures) and associated information (e.g., congestion, potential incidents). This flow includes the traffic data and the operational status of the traffic detectors
traffic image meta data Meta data that describes traffic images. Traffic images (video) are in another flow.
traffic images High fidelity, real-time traffic images suitable for surveillance monitoring by the operator or for use in machine vision applications. This flow includes the images. Meta data that describes the images is contained in another flow.
traffic operator data Presentation of traffic operations data to the operator including traffic conditions, current operating status of field equipment, maintenance activity status, incident status, video images, security alerts, emergency response plan updates and other information. This data keeps the operator appraised of current road network status, provides feedback to the operator as traffic control actions are implemented, provides transportation security inputs, and supports review of historical data and preparation for future traffic operations activities.
traffic operator input User input from traffic operations personnel including requests for information, configuration changes, commands to adjust current traffic control strategies (e.g., adjust signal timing plans, change DMS messages), and other traffic operations data entry.
vehicle characteristics The physical or visible characteristics of individual vehicles that can be used to detect, classify, and monitor vehicles and imaged to uniquely identify vehicles and characterize their performance (e.g., speed, occupants, emissions).
vehicle location and motion Data describing the vehicle's location in three dimensions, heading, speed, acceleration, braking status, and size.
vehicle profile Information about a vehicle such as vehicle make and model, fuel type, engine type, size and weight, vehicle performance and level of control automation, average emissions, average fuel consumption, passenger occupancy, or other data that can be used to classify vehicle eligibility for access to specific lanes, road segments, or regions or participation in cooperative vehicle control applications.
vehicle signage application info In-vehicle signing application configuration data and messaging parameters. This flow provides a list of regulatory, warning, and information messages to be displayed and parameters that support scheduling and prioritizing messages to be issued to passing vehicles. This flow also supports remote control of the application so the application can be taken offline, reset, or restarted.
vehicle signage application status In-vehicle signing application status reported by the RSE. This includes current operational state and status of the RSE and a log of messages sent to passing vehicles.
vehicle signage data In-vehicle signing data that augments regulatory, warning, and informational road signs and signals. The information provided would include static sign information (e.g., stop, curve warning, guide signs, service signs, and directional signs) and dynamic information (e.g., local traffic and road conditions, restrictions, vehicle requirements, work zones, detours, closures, advisories, and warnings).
vehicle signage local data Information provided by adjacent field equipment to support in-vehicle signing of dynamic information that is currently being displayed to passing drivers. This includes the dynamic information (e.g., local traffic and road conditions, work zone information, lane restrictions, detours, closures, advisories, parking availability, etc.) and control parameters that identify the desired timing, duration, and priority of the signage data.
video surveillance control Information used to configure and control video surveillance systems.
video surveillance coordination The direct flow of information between field equipment. This includes information used to configure and control video surveillance systems and the high fidelity, real-time traffic images and associated meta data that are returned.

Goals and Objectives

Associated Planning Factors and Goals

Planning Factor Goal

Associated Objective Categories

Objective Category

Associated Objectives and Performance Measures

Objective Performance Measure

 
Since the mapping between objectives and service packages is not always straight-forward and often situation-dependent, these mappings should only be used as a starting point. Users should do their own analysis to identify the best service packages for their region.

Needs and Requirements

Need Functional Object Requirement

Related Sources

Document Name Version Publication Date
None


Security

In order to participate in this service package, each physical object should meet or exceed the following security levels.

Physical Object Security
Physical Object Confidentiality Integrity Availability Security Class
Border Inspection System  
Connected Vehicle Roadside Equipment  
Enforcement Center  
Intermodal Terminal  
ITS Roadway Equipment  
Multi-Access Edge Computing  
Multimodal Crossing Equipment  
Other ITS Roadway Equipment  
Other Traffic Management Centers  
Traffic Management Center  
Vehicle  
Vehicle Characteristics  



In order to participate in this service package, each information flow triple should meet or exceed the following security levels.

Information Flow Security
Source Destination Information Flow Confidentiality Integrity Availability
Basis Basis Basis
Border Inspection System Traffic Management Center lane management inputs Low Moderate Low
There should be no sensitive information in this flow. Raise to MODERATE if reverse engineering of a proprietary interface is a concern. Since this information will be used to determine which types of vehicles are allowed in each lane, if it were intercepted and modified or corrupted, this could lead to decreased mobility and/or abuse of the lane management system. Should not require rapid response or frequent update. Raise to MODERATE if frequent real-time updates are part of the system scope.
Driver Vehicle driver input Moderate High High
Data included in this flow may include origin and destination information, which should be protected from other's viewing as it may compromise the driver's privacy. Commands from from the driver to the vehicle must be correct or the vehicle may behave in an unpredictable and possibly unsafe manner Commands must always be able to be given or the driver has no control.
Intermodal Terminal Traffic Management Center intermodal freight event information Moderate Moderate Moderate
While this likely does not contain any private or competitive data, it may contain a large bundle of freight movement information, that if observed by a hostile third party, would provide a snapshot that enabled that attacker to identify targets without needing to be physically present. Traffic management decisions are impacted by the quality of this data, so incorrect, unavailable or fraudulent data could have a significant financial impact. Traffic management decisions are impacted by the quality of this data, so incorrect, unavailable or fraudulent data could have a significant financial impact.
ITS Roadway Equipment Connected Vehicle Roadside Equipment vehicle signage local data Moderate Moderate Moderate
This data is intentionally transmitted to everyone via a broadcast. It is meant to augment other signage data, and by definition is meant to be shared with everyone; however, all communications between field infrastructure should be protected from viewing to prevent attackers from analyzing traffic and developing attack methods. This information impacts the vehicle signage data sent to neighboring ASDs and should be trusted to avoid sending wrong information. DISC: WYO believes this to be HIGH. The system should know if these messages are not received.
ITS Roadway Equipment Driver driver information Not Applicable High Moderate
This data is sent to all drivers and is also directly observable, by design. This is the primary signal trusted by the driver to decide whether to go through the intersection and what speed to go through the intersection at; if it’s wrong, accidents could happen. If the lights are out you have to get a policeman to direct traffic – expensive and inefficient and may cause a cascading effect due to lack of coordination with other intersections.
ITS Roadway Equipment Multi-Access Edge Computing vehicle signage local data Moderate Moderate Moderate
This data is intentionally transmitted to everyone via a broadcast. It is meant to augment other signage data, and by definition is meant to be shared with everyone; however, all communications between field infrastructure should be protected from viewing to prevent attackers from analyzing traffic and developing attack methods. These signs are meant to augment other visual cues to the driver. They should be accurate, but any inaccuracies should be corrected for by other means. These notifications are helpful to a driver, but if the driver does not receive this notification immediately, there should still be other visual cues.
ITS Roadway Equipment Other ITS Roadway Equipment dynamic sign coordination Moderate Moderate Moderate
Any control flow has some confidentiality requirement, as observation of the flow may enable an attacker to analyze and learn how to assume control. MODERATE for most flows as the potential damage is likely contained, though anything that could have a significant safety impact may be assigned HIGH. Since this directly impacts device control, we consider it the same as a control flow. Control flows, even for seemingly innocent devices, should have MODERATE integrity at minimum, just to guarantee that intended control messages are received. Incorrect, corrupted, intercepted and modified control messages can or will result in target field devices not behaving according to operator intent. The severity of this depends on the type of device, which is why some devices are set MODERATE and some HIGH. Since this directly impacts device control, we consider it the same as a control flow. Control flow availability is related to the criticality of being able to remotely control the device. For most devices, this is MODERATE. For purely passive devices with no incident relationship, this will be LOW. All devices should have default modes that enable them to operate without backhaul connectivity, so no device warrants a HIGH.
ITS Roadway Equipment Other ITS Roadway Equipment lane management coordination Moderate Moderate Moderate
Any control flow has some confidentiality requirement, as observation of the flow may enable an attacker to analyze and learn how to assume control. MODERATE for most flows as the potential damage is likely contained, though anything that could have a significant safety impact may be assigned HIGH. Since this directly impacts device control, we consider it the same as a control flow. Control flows, even for seemingly innocent devices, should have MODERATE integrity at minimum, just to guarantee that intended control messages are received. Incorrect, corrupted, intercepted and modified control messages can or will result in target field devices not behaving according to operator intent. The severity of this depends on the type of device, which is why some devices are set MODERATE and some HIGH. Since this directly impacts device control, we consider it the same as a control flow. Control flow availability is related to the criticality of being able to remotely control the device. For most devices, this is MODERATE. For purely passive devices with no incident relationship, this will be LOW. All devices should have default modes that enable them to operate without backhaul connectivity, so no device warrants a HIGH.
ITS Roadway Equipment Other ITS Roadway Equipment shoulder management coordination Moderate Moderate Moderate
Any control flow has some confidentiality requirement, as observation of the flow may enable an attacker to analyze and learn how to assume control. MODERATE for most flows as the potential damage is likely contained, though anything that could have a significant safety impact may be assigned HIGH. Since this directly impacts device control, we consider it the same as a control flow. Control flows, even for seemingly innocent devices, should have MODERATE integrity at minimum, just to guarantee that intended control messages are received. Incorrect, corrupted, intercepted and modified control messages can or will result in target field devices not behaving according to operator intent. The severity of this depends on the type of device, which is why some devices are set MODERATE and some HIGH. Since this directly impacts device control, we consider it the same as a control flow. Control flow availability is related to the criticality of being able to remotely control the device. For most devices, this is MODERATE. For purely passive devices with no incident relationship, this will be LOW. All devices should have default modes that enable them to operate without backhaul connectivity, so no device warrants a HIGH.
ITS Roadway Equipment Other ITS Roadway Equipment traffic detector coordination Moderate Moderate Low
Any control flow has some confidentiality requirement, as observation of the flow may enable an attacker to analyze and learn how to assume control. MODERATE for most flows as the potential damage is likely contained, though anything that could have a significant safety impact may be assigned HIGH. Since this directly impacts device control, we consider it the same as a control flow. Control flows, even for seemingly innocent devices, should have MODERATE integrity at minimum, just to guarantee that intended control messages are received. Incorrect, corrupted, intercepted and modified control messages can or will result in target field devices not behaving according to operator intent. The severity of this depends on the type of device, which is why some devices are set MODERATE and some HIGH. Since this directly impacts device control, we consider it the same as a control flow. Control flow availability is related to the criticality of being able to remotely control the device. For most devices, this is MODERATE. For purely passive devices with no incident relationship, this will be LOW. All devices should have default modes that enable them to operate without backhaul connectivity, so no device warrants a HIGH.
ITS Roadway Equipment Other ITS Roadway Equipment video surveillance coordination Moderate Moderate Moderate
Any control flow has some confidentiality requirement, as observation of the flow may enable an attacker to analyze and learn how to assume control. MODERATE for most flows as the potential damage is likely contained, though anything that could have a significant safety impact may be assigned HIGH. Since this directly impacts device control, we consider it the same as a control flow. Control flows, even for seemingly innocent devices, should have MODERATE integrity at minimum, just to guarantee that intended control messages are received. Incorrect, corrupted, intercepted and modified control messages can or will result in target field devices not behaving according to operator intent. The severity of this depends on the type of device, which is why some devices are set MODERATE and some HIGH. Since this directly impacts device control, we consider it the same as a control flow. Control flow availability is related to the criticality of being able to remotely control the device. For most devices, this is MODERATE. For purely passive devices with no incident relationship, this will be LOW. All devices should have default modes that enable them to operate without backhaul connectivity, so no device warrants a HIGH.
ITS Roadway Equipment Traffic Management Center lane management information Moderate Moderate Moderate
May contain PII, may contain source data describing device control and sensed status that if captured could be used in the commission of a crime or breaking of traffic laws or regulations. Information related to violations must be correct so that incorrect accusations are not made. Information related to device status and control must be correct to avoid wasted maintenance efforts. More or less important depending on the context. Could even be LOW if areas of minimal import, depending on local policies.
ITS Roadway Equipment Traffic Management Center roadway dynamic signage status Moderate Moderate Moderate
Device status information should not be available, as those with criminal intent may use this information toward their own ends. Data is intended to feed dissemination channels, either C-ITS messages or DMS or other channels, so it should generally be correct as it is distributed widely and any forgery or corrupted data will have widespread impact. Failure of this flow affects traveler information dissemination, the importance of which varies with the data contained in the flow and the scenario. Could be LOW in many instances.
ITS Roadway Equipment Traffic Management Center shoulder management information Moderate High Moderate
Control flows, even for seemingly innocent devices, should be kept confidential to minimize attack vectors. While an individual installation may not be particularly impacted by a cyberattack of its sensor network, another installation might be severely impacted, and different installations are likely to use similar methods, so compromising one leads to compromising all. Control flows, even for seemingly innocent devices, should have MODERATE integrity at minimum, just to guarantee that intended control messages are received. Incorrect, corrupted, intercepted and modified control messages can or will result in target field devices not behaving according to operator intent. The severity of this depends on the type of device, which is why some devices are set MODERATE and some HIGH. Control flow availability is related to the criticality of being able to remotely control the device. For most devices, this is MODERATE. For purely passive devices with no incident relationship, this will be LOW. All devices should have default modes that enable them to operate without backhaul connectivity, so no device warrants a HIGH.
ITS Roadway Equipment Traffic Management Center traffic detector data Low Moderate Moderate
No impact if someone sees the data Some minimal guarantee of data integrity is necessary for all C-ITS flows. THEA believes this to be LOW.only limited adverse effect if raw/processed traffic detector data is bad/compromised; DISC: WYO believes this to be HIGH Only limited adverse effect of info is not timely/readily available, however without this information it will be difficult to perform traffic management activities, thus MODERATE. If not used for management, may be LOW.
ITS Roadway Equipment Traffic Management Center traffic image meta data Low Moderate Moderate
Traffic image data is generally intended for public consumption, and in any event is already video captured in the public arena, so this must be LOW. While accuracy of this data is important for decision making purposes, applications should be able to cfunction without it. Thus MODERATE generally. While accuracy of this data is important for decision making purposes, applications should be able to function without it. Thus MODERATE generally.
ITS Roadway Equipment Traffic Management Center traffic images Low Moderate Low
Traffic image data is generally intended for public consumption, and in any event is already video captured in the public arena, so this must be LOW. Generally transportation coordination information should be correct between source and destination, or inappropriate actions may be taken. While useful, there is no signficant impact if this flow is not available.
Multi-Access Edge Computing ITS Roadway Equipment restricted lanes application status Moderate Moderate Low
This information could be of interest to a malicious individual who is attempting to determine the best way to accomplish a crime. As such it would be best to not make it easily accessible. If this is compromised, it could send unnecessary maintenance workers, or cause the appearance of excessive traffic violations, leading to further unnecessary investigation. A delay in reporting this may cause a delay in necessary maintenance, but (a) this is not time-critical and (b) there are other channels for reporting malfunctioning. Additionally, there is a message received notification, which means that RSE can ensure that all intersection safety issues are delivered.
Multi-Access Edge Computing Traffic Management Center restricted lanes application status Moderate Moderate Low
This information could be of interest to a malicious individual who is attempting to determine the best way to accomplish a crime. As such it would be best to not make it easily accessible. If this is compromised, it could send unnecessary maintenance workers, or cause the appearance of excessive traffic violations, leading to further unnecessary investigation. A delay in reporting this may cause a delay in necessary maintenance, but (a) this is not time-critical and (b) there are other channels for reporting malfunctioning. Additionally, there is a message received notification, which means that RSE can ensure that all intersection safety issues are delivered.
Multi-Access Edge Computing Traffic Management Center vehicle signage application status Moderate Moderate Low
This information could be of interest to a malicious individual who is attempting to determine the best way to accomplish a crime. As such it would be best to not make it easily accessible. DISC: WYO believes this to be LOW If this is compromised, it could send unnecessary maintenance workers, or cause the appearance of excessive traffic violations, or not properly communicate areas where maintenance workers are operating for example. Not HIGH because regardless of the application, this flow alone does not directly drive injury or damage. DISC: WYO believes this to be HIGH. A delay in reporting this may cause a delay in necessary maintenance, but (a) this is not time-critical and (b) there are other channels for reporting malfunctioning. Additionally, there is a message received notification, which means that RSE can ensure that all intersection safety issues are delivered.
Multi-Access Edge Computing Vehicle restricted lanes information Not Applicable Moderate Moderate
Broadcast and intended for public consumption. Should be correct or receiving vehicles may not take advantage of (if licensed) or violate (if not) limited access lanes. While there could be a safety impact, this is generally not the case. In areas with a noted significant safety impact due to illegitimate use of the limited access facility, this may be HIGH. Should be timely or receiving vehicles may not take advantage of (if licensed) or violate (if not) limited access lanes. While there could be a safety impact, this is generally not the case.
Multi-Access Edge Computing Vehicle vehicle signage data Low Moderate Moderate
This data is intentionally transmitted to everyone via a broadcast. It is meant to augment other signage data, and by definition is meant to be shared with everyone. These signs are meant to augment other visual cues to the driver. They should be accurate, but any inaccuracies should be corrected for by other means. These notifications are helpful to a driver, but if the driver does not receive this notification immediately, there should still be other visual cues.
Multimodal Crossing Equipment Traffic Management Center lane management inputs Low Moderate Low
There should be no sensitive information in this flow. Raise to MODERATE if reverse engineering of a proprietary interface is a concern. Since this information will be used to determine which types of vehicles are allowed in each lane, if it were intercepted and modified or corrupted, this could lead to decreased mobility and/or abuse of the lane management system. Should not require rapid response or frequent update. Raise to MODERATE if frequent real-time updates are part of the system scope.
Other ITS Roadway Equipment ITS Roadway Equipment dynamic sign coordination Moderate Moderate Moderate
Any control flow has some confidentiality requirement, as observation of the flow may enable an attacker to analyze and learn how to assume control. MODERATE for most flows as the potential damage is likely contained, though anything that could have a significant safety impact may be assigned HIGH. Since this directly impacts device control, we consider it the same as a control flow. Control flows, even for seemingly innocent devices, should have MODERATE integrity at minimum, just to guarantee that intended control messages are received. Incorrect, corrupted, intercepted and modified control messages can or will result in target field devices not behaving according to operator intent. The severity of this depends on the type of device, which is why some devices are set MODERATE and some HIGH. Since this directly impacts device control, we consider it the same as a control flow. Control flow availability is related to the criticality of being able to remotely control the device. For most devices, this is MODERATE. For purely passive devices with no incident relationship, this will be LOW. All devices should have default modes that enable them to operate without backhaul connectivity, so no device warrants a HIGH.
Other ITS Roadway Equipment ITS Roadway Equipment lane management coordination Moderate Moderate Moderate
Any control flow has some confidentiality requirement, as observation of the flow may enable an attacker to analyze and learn how to assume control. MODERATE for most flows as the potential damage is likely contained, though anything that could have a significant safety impact may be assigned HIGH. Since this directly impacts device control, we consider it the same as a control flow. Control flows, even for seemingly innocent devices, should have MODERATE integrity at minimum, just to guarantee that intended control messages are received. Incorrect, corrupted, intercepted and modified control messages can or will result in target field devices not behaving according to operator intent. The severity of this depends on the type of device, which is why some devices are set MODERATE and some HIGH. Since this directly impacts device control, we consider it the same as a control flow. Control flow availability is related to the criticality of being able to remotely control the device. For most devices, this is MODERATE. For purely passive devices with no incident relationship, this will be LOW. All devices should have default modes that enable them to operate without backhaul connectivity, so no device warrants a HIGH.
Other ITS Roadway Equipment ITS Roadway Equipment shoulder management coordination Moderate Moderate Moderate
Any control flow has some confidentiality requirement, as observation of the flow may enable an attacker to analyze and learn how to assume control. MODERATE for most flows as the potential damage is likely contained, though anything that could have a significant safety impact may be assigned HIGH. Since this directly impacts device control, we consider it the same as a control flow. Control flows, even for seemingly innocent devices, should have MODERATE integrity at minimum, just to guarantee that intended control messages are received. Incorrect, corrupted, intercepted and modified control messages can or will result in target field devices not behaving according to operator intent. The severity of this depends on the type of device, which is why some devices are set MODERATE and some HIGH. Since this directly impacts device control, we consider it the same as a control flow. Control flow availability is related to the criticality of being able to remotely control the device. For most devices, this is MODERATE. For purely passive devices with no incident relationship, this will be LOW. All devices should have default modes that enable them to operate without backhaul connectivity, so no device warrants a HIGH.
Other ITS Roadway Equipment ITS Roadway Equipment traffic detector coordination Moderate Moderate Low
Any control flow has some confidentiality requirement, as observation of the flow may enable an attacker to analyze and learn how to assume control. MODERATE for most flows as the potential damage is likely contained, though anything that could have a significant safety impact may be assigned HIGH. Since this directly impacts device control, we consider it the same as a control flow. Control flows, even for seemingly innocent devices, should have MODERATE integrity at minimum, just to guarantee that intended control messages are received. Incorrect, corrupted, intercepted and modified control messages can or will result in target field devices not behaving according to operator intent. The severity of this depends on the type of device, which is why some devices are set MODERATE and some HIGH. Since this directly impacts device control, we consider it the same as a control flow. Control flow availability is related to the criticality of being able to remotely control the device. For most devices, this is MODERATE. For purely passive devices with no incident relationship, this will be LOW. All devices should have default modes that enable them to operate without backhaul connectivity, so no device warrants a HIGH.
Other ITS Roadway Equipment ITS Roadway Equipment video surveillance coordination Moderate Moderate Moderate
Any control flow has some confidentiality requirement, as observation of the flow may enable an attacker to analyze and learn how to assume control. MODERATE for most flows as the potential damage is likely contained, though anything that could have a significant safety impact may be assigned HIGH. Since this directly impacts device control, we consider it the same as a control flow. Control flows, even for seemingly innocent devices, should have MODERATE integrity at minimum, just to guarantee that intended control messages are received. Incorrect, corrupted, intercepted and modified control messages can or will result in target field devices not behaving according to operator intent. The severity of this depends on the type of device, which is why some devices are set MODERATE and some HIGH. Since this directly impacts device control, we consider it the same as a control flow. Control flow availability is related to the criticality of being able to remotely control the device. For most devices, this is MODERATE. For purely passive devices with no incident relationship, this will be LOW. All devices should have default modes that enable them to operate without backhaul connectivity, so no device warrants a HIGH.
Other Traffic Management Centers Traffic Management Center device control request Moderate High Moderate
Control flows, even for seemingly innocent devices, should be kept confidential to minimize attack vectors. While an individual installation may not be particularly impacted by a cyberattack of its sensor network, another installation might be severely impacted, and different installations are likely to use similar methods, so compromising one leads to compromising all. Control flows, even for seemingly innocent devices, should have MODERATE integrity at minimum, just to guarantee that intended control messages are received. Incorrect, corrupted, intercepted and modified control messages can or will result in target field devices not behaving according to operator intent. The severity of this depends on the type of device, which is why some devices are set MODERATE and some HIGH. There should be multiple mechanisms for this information to arrive at the end recipient. If this is the only mechanism, should be raised to MODERATE.
Other Traffic Management Centers Traffic Management Center device data Moderate Moderate Low
Contains device identity, location and capabilities. If this information were available to a cybercriminal, it may make his task easier and compromise the systems involved. If this is corrupted, the other center will not properly understand the device capabilities and not properly leverage them, costing performance. Probably does not need to be updated often.
Other Traffic Management Centers Traffic Management Center device status Moderate Moderate Moderate
Device status information should be concealed, as an unauthorized observer could use this to reverse engineer device control systems. Device status information needs to be available and correct, or the controlling system may take inappropriate maintenance action, costing time and money. Device status information needs to be available and correct, or the controlling system may take inappropriate maintenance action, costing time and money.
Traffic Management Center Connected Vehicle Roadside Equipment vehicle signage application info Moderate Moderate Moderate
Control flows, even for seemingly innocent devices, should be kept confidential to minimize attack vectors. While an individual installation may not be particularly impacted by a cyberattack of its sensor network, another installation might be severely impacted, and different installations are likely to use similar methods, so compromising one leads to compromising all. If this is compromised, it could send unnecessary maintenance workers, or cause the appearance of excessive traffic violations, or not properly communicate areas where maintenance workers are operating for example. Not HIGH because regardless of the application, this flow alone does not directly drive injury or damage. DISC: WYO believes this to be HIGH. Control flow availability is related to the criticality of being able to remotely control the device. For most devices, this is MODERATE. This data should be received in a timely manner after it is sent. This will determine which lanes are blocked off for emergency vehicle use in incident management applications. For purely passive devices with no incident relationship, this will be LOW. All devices should have default modes that enable them to operate without backhaul connectivity, so no device warrants a HIGH.
Traffic Management Center Enforcement Center lane violation notification Moderate Moderate Moderate
Contains PII and intended to be used for enforcement. Thus privacy implications that, while they may affect only a single individual at a time, could yield significant negative consequences to that individual. Contains PII and intended to be used for enforcement. Thus privacy implications that, while they may affect only a single individual at a time, could yield significant negative consequences to that individual. Must be correct to avoid false accusations. More or less important depending on the context. Could even be LOW if areas of minimal import, depending on local policies.
Traffic Management Center Enforcement Center request for enforcement Moderate Moderate Low
If this request were intercepted by a third party, that party may learn where enforcement assets would be and so could use that information to avoid such assets in the commission of a crime. Inaccurate or corrupted information here could lead to enforcement in areas not requested, and/or no enforcement in the area that was requested. Given that the request is possibly safety-based, this can negatively impact safety and/or mobility in that area. The setup of enforcement in a given area will likely be given and granted at low frequency; that is on the order of instances/week, not a real time request, so this flow does not need to be continuously available.
Traffic Management Center Intermodal Terminal intermodal freight traffic information Moderate Moderate Moderate
While this likely does not contain any private or competitive data, it may contain a large bundle of freight movement information, that if observed by a hostile third party, would provide a snapshot that enabled that attacker to identify targets without needing to be physically present. CVO decisions including job acceptance, routing and work planning are impacted by the quality of this data, so incorrect, unavailable or fraudulent data could have a significant financial impact. CVO decisions including job acceptance, routing and work planning are impacted by the quality of this data, so incorrect, unavailable or fraudulent data could have a significant financial impact.
Traffic Management Center ITS Roadway Equipment lane management control Moderate High Moderate
Control flows, even for seemingly innocent devices, should be kept confidential to minimize attack vectors. While an individual installation may not be particularly impacted by a cyberattack of its sensor network, another installation might be severely impacted, and different installations are likely to use similar methods, so compromising one leads to compromising all. Control flows, even for seemingly innocent devices, should have MODERATE integrity at minimum, just to guarantee that intended control messages are received. Incorrect, corrupted, intercepted and modified control messages can or will result in target field devices not behaving according to operator intent. The severity of this depends on the type of device, which is why some devices are set MODERATE and some HIGH. Control flow availability is related to the criticality of being able to remotely control the device. For most devices, this is MODERATE. For purely passive devices with no incident relationship, this will be LOW. All devices should have default modes that enable them to operate without backhaul connectivity, so no device warrants a HIGH.
Traffic Management Center ITS Roadway Equipment roadway dynamic signage data Moderate Moderate Moderate
Device control information should not be available, as those with criminal intent may use this information toward their own ends. Data is intended to feed dissemination channels, either C-ITS messages or DMS or other channels, so it should generally be correct as it is distributed widely and any forgery or corrupted data will have widespread impact. Occasional outages of this flow will delay dissemination of the data to travelers (the eventual end user) which could have significant impacts on travel, both safety and mobility impacts.
Traffic Management Center ITS Roadway Equipment shoulder management control Moderate High Moderate
Control flows, even for seemingly innocent devices, should be kept confidential to minimize attack vectors. While an individual installation may not be particularly impacted by a cyberattack of its sensor network, another installation might be severely impacted, and different installations are likely to use similar methods, so compromising one leads to compromising all. Control flows, even for seemingly innocent devices, should have MODERATE integrity at minimum, just to guarantee that intended control messages are received. Incorrect, corrupted, intercepted and modified control messages can or will result in target field devices not behaving according to operator intent. The severity of this depends on the type of device, which is why some devices are set MODERATE and some HIGH. Control flow availability is related to the criticality of being able to remotely control the device. For most devices, this is MODERATE. For purely passive devices with no incident relationship, this will be LOW. All devices should have default modes that enable them to operate without backhaul connectivity, so no device warrants a HIGH.
Traffic Management Center ITS Roadway Equipment traffic detector control Moderate Moderate Low
Control flows, even for seemingly innocent devices, should be kept confidential to minimize attack vectors. While an individual installation may not be particularly impacted by a cyberattack of its sensor network, another installation might be severely impacted, and different installations are likely to use similar methods, so compromising one leads to compromising all. DISC: THEA, WYO believe this to be LOW: encrypted, authenticated, proprietary; but should not cause severe damage if seen Control flows, even for seemingly innocent devices, should have MODERATE integrity at minimum, just to guarantee that intended control messages are received. Incorrect, corrupted, intercepted and modified control messages can or will result in target field devices not behaving according to operator intent. The severity of this depends on the type of device, which is why some devices are set MODERATE and some HIGH.. From THEA: should be accurate and not be tampered with; could enable outside control of traffic sensors but should not cause severe harm, but could cause issues with traffic sensor data received and be detrimental to operations Control flow availability is related to the criticality of being able to remotely control the device. For most devices, this is MODERATE. For purely passive devices with no incident relationship, this will be LOW. All devices should have default modes that enable them to operate without backhaul connectivity, so no device warrants a HIGH.. From THEA: want updates but delayed information will not be severe; should be able to operate from a previous/default control/config. DISC: WYO believes this to be MODERATE
Traffic Management Center ITS Roadway Equipment video surveillance control Moderate Moderate Moderate
Control flows, even for seemingly innocent devices, should be kept confidential to minimize attack vectors. While an individual installation may not be particularly impacted by a cyberattack of its sensor network, another installation might be severely impacted, and different installations are likely to use similar methods, so compromising one leads to compromising all. Control flows, even for seemingly innocent devices, should have MODERATE integrity at minimum, just to guarantee that intended control messages are received. Incorrect, corrupted, intercepted and modified control messages can or will result in target field devices not behaving according to operator intent. The severity of this depends on the type of device, which is why some devices are set MODERATE and some HIGH. Control flow availability is related to the criticality of being able to remotely control the device. For most devices, this is MODERATE. For purely passive devices with no incident relationship, this will be LOW. All devices should have default modes that enable them to operate without backhaul connectivity, so no device warrants a HIGH.
Traffic Management Center Multi-Access Edge Computing restricted lanes application info Low Moderate Moderate
Broadcast and intended for public consumtion. Should be correct or receiving vehicles may not take advantage of (if licensed) or violate (if not) limited access lanes. While there could be a safety impact, this is generally not the case. In areas with a noted significant safety impact due to illegitimate use of the limited access facility, this may be HIGH. Should be timely or receiving vehicles may not take advantage of (if licensed) or violate (if not) limited access lanes. While there could be a safety impact, this is generally not the case.
Traffic Management Center Multi-Access Edge Computing vehicle signage application info Moderate Moderate Moderate
Control flows, even for seemingly innocent devices, should be kept confidential to minimize attack vectors. While an individual installation may not be particularly impacted by a cyberattack of its sensor network, another installation might be severely impacted, and different installations are likely to use similar methods, so compromising one leads to compromising all. If this is compromised, it could send unnecessary maintenance workers, or cause the appearance of excessive traffic violations, or not properly communicate areas where maintenance workers are operating for example. Not HIGH because regardless of the application, this flow alone does not directly drive injury or damage. DISC: WYO believes this to be HIGH. Control flow availability is related to the criticality of being able to remotely control the device. For most devices, this is MODERATE. This data should be received in a timely manner after it is sent. This will determine which lanes are blocked off for emergency vehicle use in incident management applications. For purely passive devices with no incident relationship, this will be LOW. All devices should have default modes that enable them to operate without backhaul connectivity, so no device warrants a HIGH.
Traffic Management Center Other Traffic Management Centers device control request Moderate High Moderate
Control flows, even for seemingly innocent devices, should be kept confidential to minimize attack vectors. While an individual installation may not be particularly impacted by a cyberattack of its sensor network, another installation might be severely impacted, and different installations are likely to use similar methods, so compromising one leads to compromising all. Control flows, even for seemingly innocent devices, should have MODERATE integrity at minimum, just to guarantee that intended control messages are received. Incorrect, corrupted, intercepted and modified control messages can or will result in target field devices not behaving according to operator intent. The severity of this depends on the type of device, which is why some devices are set MODERATE and some HIGH. There should be multiple mechanisms for this information to arrive at the end recipient. If this is the only mechanism, should be raised to MODERATE.
Traffic Management Center Other Traffic Management Centers device data Moderate Moderate Low
Contains device identity, location and capabilities. If this information were available to a cybercriminal, it may make his task easier and compromise the systems involved. info needs to be accurate and should not be tampered but should be able to cope with some bad data; includes inventory data which could lead to loss of assets if compromised data should be timely and readily available, but should not have limited consequences if not
Traffic Management Center Other Traffic Management Centers device status Moderate Moderate Low
Device status information should be concealed, as an unauthorized observer could use this to reverse engineer device control systems. info needs to be accurate and should not be tampered but should be able to cope with some bad data' could delay maintenance actions or waste resources checking devices that are actually in good status status infor should be timely and readily available, but should have very limited consequences if not
Traffic Management Center Traffic Operations Personnel traffic operator data Moderate Moderate Moderate
Backoffice operations flows should have minimal protection from casual viewing, as otherwise imposters could gain illicit control or information that should not be generally available. Information presented to backoffice system operators must be consistent or the operator may perform actions that are not appropriate to the real situation. The backoffice system operator should have access to system operation. If this interface is down then control is effectively lost, as without feedback from the system the operator has no way of knowing what is the correct action to take.
Traffic Operations Personnel Traffic Management Center traffic operator input Moderate High High
Backoffice operations flows should have minimal protection from casual viewing, as otherwise imposters could gain illicit control or information that should not be generally available. Backoffice operations flows should generally be correct and available as these are the primary interface between operators and system. Backoffice operations flows should generally be correct and available as these are the primary interface between operators and system.
Vehicle Connected Vehicle Roadside Equipment vehicle location and motion Not Applicable High Moderate
This data is intentionally transmitted to everyone via a broadcast. Much of its information content can also be determined via other visual indicators Incorrect information could lead to the system not operating properly. If the system does not properly know where the vehicle is, it cannot make an accurate decision about whether there is going to be a pedestrian in the crosswalk that the vehicle is approaching. This can have a safety impact.; DISC: NYC believes this to be MODERATE This data is required for the system to operate properly. If this data is not available, the system cannot give accurate warning information.
Vehicle Connected Vehicle Roadside Equipment vehicle profile Low High Moderate
Includes no PII and probably includes information that could be observed, so no need for obfuscation. As this information will be used to determine the vehicle's ability to access services or be charged usage fees, it must be correct and not easily forgeable. This flow enables various services; if the flow is not available the vehicle may not be able to use those services, and also may be charged incorrectly.
Vehicle Driver driver updates Not Applicable Moderate Moderate
This data is informing the driver about the safety of a nearby area. It should not contain anything sensitive, and does not matter if another person can observe it. This is the information that is presented to the driver. If they receive incorrect information, they may act in an unsafe manner. However, there are other indicators that would alert them to any hazards, such as an oncoming vehicle or crossing safety lights. If this information is not made available to the driver, then the system has not operated correctly.
Vehicle Multi-Access Edge Computing vehicle location and motion Not Applicable High Moderate
This data is intentionally transmitted to everyone via a broadcast. Much of its information content can also be determined via other visual indicators Incorrect information could lead to the system not operating properly. If the system does not properly know where the vehicle is, it cannot make an accurate decision about whether there is going to be a pedestrian in the crosswalk that the vehicle is approaching. This can have a safety impact. This data is required for the system to operate properly. If this data is not available, the system cannot give accurate warning information.
Vehicle Multi-Access Edge Computing vehicle profile Low High Moderate
Includes no PII and probably includes information that could be observed, so no need for obfuscation. As this information will be used to determine the vehicle's ability to access services or be charged usage fees, it must be correct and not easily forgeable. This flow enables various services; if the flow is not available the vehicle may not be able to use those services, and also may be charged incorrectly.
Vehicle Characteristics ITS Roadway Equipment vehicle characteristics

Standards

The following table lists the standards associated with physical objects in this service package. For standards related to interfaces, see the specific information flow triple pages. These pages can be accessed directly from the SVG diagram(s) located on the Physical tab, by clicking on each information flow line on the diagram.

NameTitlePhysical Object
CTI 4001 RSU Roadside Unit (RSU) Standard Connected Vehicle Roadside Equipment
ITE 5201 ATC Advanced Transportation Controller ITS Roadway Equipment
ITE 5202 ATC Model 2070 Model 2070 Controller Standard ITS Roadway Equipment
ITE 5301 ATC ITS Cabinet Intelligent Transportation System Standard Specification for Roadside Cabinets ITS Roadway Equipment
ITE 5401 ATC API Application Programming Interface Standard for the Advanced Transportation Controller ITS Roadway Equipment
NEMA TS 8 Cyber and Physical Security Cyber and Physical Security for Intelligent Transportation Systems ITS Roadway Equipment
Traffic Management Center
NEMA TS2 Traffic Controller Assemblies Traffic Controller Assemblies with NTCIP Requirements ITS Roadway Equipment
NEMA TS4 Hardware Standards for DMS Hardware Standards for Dynamic Message Signs (DMS) With NTCIP Requirements ITS Roadway Equipment




System Requirements

No System Requirements