Research Project Statement 17-117 FY 2017 Annual Program

Form ProjStat
(Rev. 5/2013)
Research Project Statement 17-117
FY 2017 Annual Program
Investigating the Security of TxDOT's Traffic Signal Systems (Deliverable Based)
The Problem:
Modern traffic signal systems have evolved from series of standalone pieces of technologies
coordinated through synchronized time clocks to a series of sophisticated programs running on a
series of connected computers operating networked together using both wireline and wireless
technologies. While new technologies have greatly enhanced how agencies design and operate
their traffic signal systems, it has also increased the exposure of agencies to a new cyber
security threat. Recently, a study performed at the University of Michigan, in cooperation with a
local agency, analyzed the security of the traffic signal system infrastructure in a city in Michigan.
The researchers discovered a number of security vulnerabilities existed in that community. With
permission from the local agency, these researchers demonstrated that they were able to
successfully compromise the security measures used by agencies and access the agency’s
traffic signal system network. Their attacks showed that an adversary could gain access to the
traffic signal system, potentially disrupting service, compromising safety, and altering operations
of the traffic signal to provide advantage to unauthorized users. Their study demonstrated that a
systematic lack of security consciousness exists in how traffic signal systems are deployed and
the agency’s need to have a test plan in place to assess the security vulnerabilities of their traffic
signal system.
This project will be divided into two Phases. Phase I will focus on developing a methodology for
assessing the security of TxDOT's traffic signal systems. In Phase I, the research team will first
conduct a review of general practices used by agencies to secure their traffic signal system
infrastructure, both in the cabinet and network level. The research team will also examine the
type of vulnerabilities and threats that exist with traffic signal system. The research team will
then propose a methodology for testing the vulnerability of traffic signal systems to security
In Phase II, the research team will test the methodology by conducting an assessment of the
physical and cybersecurity of the traffic signal system network in as many as five municipalities in
Texas. The assessment will examine both TxDOT traffic signal systems as well as traffic signal
system operated by municipalities of different sizes and capabilities. The assessment will
examine the vulnerabilities and potential consequences of different types of attacks on traffic
signal system networks. The assessment will also provide recommendations on how agencies
can improve the security of the traffic signal network. At the conclusion of the assessment, the
research team will prepare a final report documenting the general state of cybersecurity of traffic
signal system in Texas, identified vulnerabilities, potential impacts and consequences of
successful security attacks, and recommendations for improving the security of traffic signal
system infrastructure.
1. Value of Research (VoR) that includes both qualitative and economic benefits.
2. Project summary report.
3. Final project report documenting the general types of physical and cybersecurity vulnerability
identified through the assessments and potential corrections to these vulnerabilities.
1. Utilize the deliverable based templates (see the appendices provided or in the University
2. Proposals will be considered non-responsive and will not be accepted for technical
evaluation if they are not received by the deadline or do not meet the requirements stated in
RTI’s University Handbook.
3. Proposals should be submitted in PDF format, 1 PDF file per proposal. File name should
include project name and university abbreviation.
Project Statement 17-117
Form ProjStat
(Rev. 5/2013)
Wednesday, March 23, 2016
11:00 – 11:30AM
Austin Riverside Campus
118 E. Riverside Dr.
RTI Conference Room, 1st Floor
Webex Information:
1. Go to
2. Meeting Number: 735 915 144
3. If requested, enter your name and email address.
4. If a password is required, enter the meeting password: FY17
5. Click "Join".
Teleconference Information:
Provide your phone number when you join the meeting to receive a call back. Alternatively, you
can call:
Call-in toll-free number: 1-866-637-1408 (US)
Conference Code: 951 211 7290
Notifying RTI of
Intent to
Notify your University Liaison of your intent to submit a proposal. Your Liaison will provide
information regarding the RFP.
Proposals are due to RTI by 4:00 P.M. Central Daylight Time, April 14, 2016. Email
submissions should be sent to [email protected]
Project Statement 17-117