NEMA - NTCIP 9014
National Transportation Communications for ITS Protocol Infrastructure Standards Security Assessment (ISSA)
|Publication Date:||1 August 2021|
The National Transportation Communications for ITS Protocol (NTCIP) Standards have been developed to provide for the interoperability of ITS systems and devices. NTCIP Standards define common data definitions and open protocols ("open" meaning available to everyone to use) that create a system environment that can be expanded and adapted with multiple types of field equipment from multiple manufacturers. The first NTCIP Standards were published in the 1990s.
The United States Department of Transportation's (USDOT's) Architecture Reference for Cooperative and Intelligent Transportation (ARC-IT) organizes communications into five link types: center-to-center (C2C), center-to-field (C2F), field-to-field (F2F), wide-area wireless, and short-range wireless. See Figure 1.
NTCIP addresses three of the five link types as follows:
a) C2C, where communications are typically between transportation and back-office systems located in fixed locations (centers);
b) C2F, where communications are between 'central systems' and transportation field devices located on or near roadways; and
c) F2F, where communications are between transportation field devices located on or near roadways.
In NTCIP, a C2C interface uses a peer-to-peer communication model. It is designed to share information between centers whose main functions may be diverse, such as traffic management systems, traveler information systems, emergency management systems, or toll collection.
A C2F interface uses a manager-agent communication model, where the central system is the manager, and the field device is the agent. Field devices include traffic controllers, cameras, detection equipment, dynamic messages signs, ramp meters, environmental sensors, street lighting, connected vehicle roadside equipment, and other devices. NTCIP C2F is designed so that a central system may configure, control, monitor, and retrieve historical reports from numerous types of field devices regardless of the manufacturer of those devices.
Within NTCIP, a F2F interface also uses a manager-agent communication model, but in this case, one of the two field devices acts as a manager and the other as the agent.
Traditionally, NTCIP C2F communications were based on Simple Network Management Protocol (SNMP) Version 1 (SNMPv1). SNMPv1 was developed in the 1980s by the Internet Engineering Task Force (IETF) to address the communications needs of network device management. The simplicity of the information exchange in SNMPv1 made it a widely accepted protocol. A shortcoming of the protocol is its lack of security. With the growing concerns associated with cybersecurity attacks and the increased connection of our transportation infrastructure, including cloud-based traffic management systems and connected vehicles, it is evident that the current NTCIP Standards do not adequately address security.
NTCIP 9014 analyzes existing NTCIP Standards and the manner in which NTCIP is deployed and provides guidance on how best to implement security for NTCIP C2F communications. Cooperation with other Standards organizations such as the IETF and the International Organization for Standardization (ISO), as appropriate, is considered.
SNMP Version 3 (SNMPv3) was identified as part of a security solution prior to the start of this project because the IETF designed SNMPv3 specifically to address the security concerns of the previous versions of SNMP. However, as discussed in NTCIP 9014, securing protocols against threats is an ongoing task, and continued development is needed to fully address vulnerabilities as they are discovered.
Other resources and mechanisms for securing NTCIP communications were also investigated. In particular, guidance from the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the IETF guidance was considered.
CISA has assumed the functions formerly performed by U.S. Computer Emergency Readiness Team (US-CERT) and Industrial Control Systems Computer Emergency Response Team (ICS-CERT).
Development of NTCIP 9014 included:
a) Identifying existing NTCIP Standards that could be affected by moving from SNMPv1 to SNMPv3;
b) Assessing the impact of migrating from SNMPv1 to SNMPv3 for current NTCIP Standards;
c) Identifying SNMPv3 references that can be included in NTCIP Standards or other NTCIP documents;
d) Developing guidance for incorporating SNMPv3 into NTCIP Standards; and
e) Developing a plan for updating the NTCIP family of Standards.