202

D.C. to audit traffic system security vulnerabilities

DC is set to audit potential security holes in its traffic system (WTOP/Neal Augenstein)

WASHINGTON — The possibility of cyber criminals hacking into, and manipulating the District’s traffic light system is prompting transportation leaders to investigate where and how hackers are likely to strike.

Amid claims from an Argentine hacker that he successfully hacked D.C.’s traffic lights during a 2014 visit, D.C.’s Department of Transportation says it is determined to stay ahead of criminals who would try to gain control of a major city’s traffic infrastructure.

“DDOT is starting a cybersecurity audit project this summer in which we will evaluate potential security vulnerabilities to the DDOT operations system network,” Keith St. Clair, acting DDOT communications director tells WTOP.

The agency will evaluate current potential security holes in its equipment and procedures.

“Following this audit, we will explore any next-generation equipment that could improve the system and develop recommendations for improving (the) system network,” says St. Clair.

He says DDOT’s current traffic signals communicate to a central system server via a standalone network, which is physically segregated from any paths to the Internet and the outside world.

St. Clair says the standalone nature of the system prevents intrusion.

“The central server is protected by a firewall and communicates to the traffic signals via a proprietary communications protocol over this private network,” he says.

David Jordan, chief information security officers for Arlington County, Virginia, says most traffic controllers in the region are less vulnerable to hackers.

“Most of the systems out there today are older, and hardwired to prevent four-way-green from occurring,” Jordan told WTOP.

DDOT disputes hacker claims

The District’s Department of Transporation says some of the claims Argentine security researcher Cesar Cerrudo made to The New York Times  can’t be true.

The Times article said Cerrudo “found he could turn red lights green and green lights red,” but St. Clair says that’s not possible.

“The wireless sensor technology that is the subject of this article is connected to a port in the traffic signal that can only request a green light,” he says.

Jordan says the newer, wireless systems that are used to increase the performance of traffic flow, can be vulnerable to mischievous re-setting of estimated travel times from point A to point B.

“You might be able to change the signage that said a 5-minute commute was going to take 35 minutes,” for example, said Jordan.

Jordan is confident since vulnerabilties of traffic systems are being made known, “those infrastructure providers, if there was a real possibility of an exploit, they’d be working on a patch for that.”

While the New York Times article describes “paralyzed emergency responders” or “shut down all roads to the Capitol,” St. Clair says several features of the current system would prevent those scenarios.

Despite the apparent ability of hackers to request a green light with the wireless sensor technology, “these sensors are in use at approximately 50 of the District’s 1,650 intersections,” says St.Clair, who adds they are only used “where traffic on the side street is extremely light.”

The system limits the length a light can remain green, he says.

To prevent crashes, “each traffic signal has a built-in safety monitor that inhibits two opposing greens and/or yellows,” says St. Clair.

Follow @WTOP on Twitter and WTOP on Facebook.

© 2015 WTOP. All Rights Reserved.