NEMA TS 8
Cyber and Physical Security for Intelligent Transportation Systems (ITS)
|Publication Date:||1 January 2018|
NEMA TS 8 defines functional cybersecurity attributes along with minimum performance baselines that owners and operators of critical infrastructure transportation systems can use for procurement purposes. NEMA TS 8 addresses the following products:
a) Signal display and signal elements, e.g., signal heads, pedestrian displays, and dynamic message signs (DMS).
b) Fixed, configurable and programmable traffic controllers and associated cabinet devices, including traffic controllers, conflict monitors (e.g., MMU, CMU), ramp meters, and auxiliary devices.
c) Communications interface devices and systems, e.g., National Transportation Communications for Intelligent Transportation System Protocol (NTCIP) interface units, and other communication interface devices.
d) Software and firmware modules, e.g., application system software, and Transportation Management Center (TMC) software.
e) Mounting, protection, power supply, and fastening equipment, e.g., cabinets and enclosures.
f) Computing assemblies for transportation management systems, e.g., incident monitoring and reporting stations and toll collection and management stations.
g) Associated devices for transportation system management control devices, e.g., automatic vehicle location devices, weigh-in-motion systems, and detection devices such as loop detectors, traffic cameras, and ultrasonic sensors.
The security of other elements of a complete Intelligent Transportation System (ITS), such as communications networks, is outside the scope of NEMA TS 8.
NEMA TS 8 addresses the following areas of concern: physical security, local access security, communications security (between field and central system), and central system security. For each of these areas, NEMA TS 8 identifies potential threat areas and the severity of their consequences, prevention and mitigation techniques that manufacturers can use to minimize their impacts, and methods to effectively rate security performance.
Communication between individual components of a field system is outside the scope of NEMA TS 8, for example:
a) Communication between a signal head and a traffic controller;
b) Communication between a sign controller and display boards, and
c) Communication between a traffic controller and an MMU