Secure, privacy-protected, effective ITS depends on a qualified and dedicated workforce. This has made cybersecurity a growing element of every transportation professional’s responsibilities. The ITS Professional Capacity Building Program (ITS PCB), the U.S. DOT’s primary mechanism for educating the transportation workforce about ITS, with its partners, has created a range of resources to support transportation professionals who need to build greater knowledge and skills regarding ITS cybersecurity risks and how to manage them. Resources include basic introductory training, guides, and other materials on how to manage risk for organizations and professionals to address cyber threat prevention, protection, response, and recovery.
Training and Educational Resources
- ITS Standards Module Training: Introduction to Cybersecurity for Transportation Agencies – This module provides an overview of key topics relating to cybersecurity for transportation agencies. It first discusses the need for cybersecurity, including typical threats that transportation agencies face to their centers, field equipment, and communications. Next, the module introduces the NIST Cybersecurity Framework, which enables organizations to apply the principles and best practices of risk management to improving security and resilience. The module then discusses how to apply the framework to a transportation agency. Finally, the module looks at resources that are available to agencies for sharing information about cybersecurity threats and incidents and identifies additional resources on cybersecurity for the roadway transportation infrastructure. Provider: ITS PCB. Cost: Free.
- ITS Standards Module Training : Introduction to the Communications Protocols and Their Uses in ITS Applications – This module explains how the NTCIP Framework offers design solutions through use of the Simple Network Management Protocol (SNMP) and the Simple Transportation Management Protocol (STMP) to fulfill operational needs, control and commands, and monitoring of the range of field devices in ITS operations. This module introduces basic concepts of the International Organization of Standards (ISO) seven-layer Open Systems Interconnection Reference Model (OSI-RM), and mapping to the five levels of the NTCIP Framework, which contain protocols for center-to-field (C2F) and center-to-center (C2C) communication. This module explains the application of these protocols in deploying field devices such as dynamic message signs (DMS), closed-circuit television (CCTV), and actuated traffic signal control (ASC) without going into details on protocol constructs. The transportation field is constrained by issues such as bandwidth, latency, and errors, which are concerns in transportation field deployments and are introduced in this module. This module also introduces the concepts of interoperability and interchangeability with NTCIP. Students are introduced to standards such as NTCIP 1203 and 1103 to better understand STMP. Examples of field deployments using both system engineering (SE) and non-SE standards are presented. Provider: ITS PCB. Cost: Free.
- Applications & Planning for CV Systems (Blended) – This course provides a foundation for why connected vehicle applications should be implemented and how they are connected to current transportation needs. As part of this course, you will conduct your own regional analysis to identify local needs, performance goals, and connected vehicle applications that address these needs and goals. (Available ONLY in blended-learning format). Provider: CITE. Cost: Yes.
- ITS Systems Engineering Bundle – The courses in this bundle focus on the systems side of transportation, specifically the benefits of applying SE approaches as a means of developing quality systems. It also emphasizes the importance of database design, use, and management to ITS. The courses cover technical practices such as modeling, prototyping, trade-off analysis and testing, and management practices such as risk assessment and mitigation, which make up best practices in the systems engineering arena. In addition, the courses in this bundle introduce the techniques of systems integration associated with regional systems. Provider: CITE. Cost: Yes.
- Telecommunications and Networking Fundamentals (Blended) – Telecommunications is the backbone of all ITS applications. It provides the means for sending data, voice, and video information between devices. This course is a primer on telecommunications for the ITS professional with little or no formal training in telecommunications. With so many ITS projects now requiring a telecommunications aspect, this course is a must for project managers. Provider: CITE. Cost: Yes.
- Talking Technology and Transportation (T3) Webinar: A Framework for Connected Vehicle Privacy – To support the emerging deployment of connected vehicle (CV) deployments across the U.S. and to better understand the privacy risks and mitigations associated with those deployments, the ITS Program sponsored the creation of a Privacy Risk Assessment Methodology (PRAM) for CV environments. The PRAM is a tool developed by the National Institute of Standards and Technology (NIST) that helps organizations analyze, assess, and prioritize privacy risks to determine how to respond and select appropriate solutions. The PRAM can help drive collaboration and communication among various components of an organization, including privacy, cybersecurity, business, and IT personnel. This webinar explains the benefits of the PRAM and how to use it. (3/10/20) Provider: ITS PCB. Cost: Free.
- Talking Technology and Transportation (T3) Webinar: Applying the NIST Cybersecurity Framework to Connected Vehicle Deployments – To support the emerging deployment of connected vehicle (CV) deployments across the U.S., the ITS Program sponsored the creation of Cybersecurity Framework Profiles. The Connected Vehicle Profile provides consistent cybersecurity guidance for deployers of CV environments and is based on the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF). This webinar explains the benefits of the profile and how to use it. (2/26/20) Provider: ITS PCB. Cost: Free.
- Securing Transportation Systems Webcast . Provider: FHWA and National Operations Center of Excellence - This webinar introduces the issues and concerns related to securing three types of ITS technologies and shares best practices to help mitigate some of the potential vulnerabilities. The webinar is hosted by Ray Murphy, ITS Specialist with FHWA Office of Technical Services. Provider: ITS PCB. Cost: Free.
- Cybersecurity Risks – This web page includes resources that provide overviews of cybersecurity risks and threats and how to manage them. The Risks and Threats section includes resources on threats and risks like ransomware, spyware, phishing, and website security. The Risk Management section includes resources that describe the importance of managing risk and common security risk and mitigation misunderstandings.
- Update of Security 101: A Physical and Cybersecurity Primer for Transportation Agencies – This National Cooperative Highway Research Program (NCHRP) report provides transportation managers and employees with an introductory-level reference document containing essential security concepts, guidelines, definitions, and standards. The current version of the primer addresses both physical security and cybersecurity.
- The DHS Cybersecurity and Infrastructure Security Agency (CISA) is the nation’s risk advisor, working with partners to defend against today’s threats and collaborating to build a more secure and resilient infrastructure for the future. CISA’s Cyber Essentials is a guide for leaders of small businesses as well as leaders of small and local government agencies to develop an actionable understanding of where to start implementing organizational cybersecurity practices. Consistent with the NIST Cybersecurity Framework and other standards, the Cyber Essentials are the starting point to cyber readiness.
- Tailored CV Cybersecurity Framework (CFS) and Privacy Risk Assessment Methodology (PRAM) – To support emerging CV deployments across the U.S., ITS JPO sponsored the creation of a CSF and PRAM adapted for a connected transportation environment. These documents discuss how organizations can use these best practices to manage cybersecurity risk.