TM20: Variable Speed Limits
This service package sets variable speed limits along a roadway to create more uniform speeds, to promote safer driving during adverse conditions (such as fog), and/or to reduce air pollution. Also known as speed harmonization, this service monitors traffic and environmental conditions along the roadway. Based on the measured data, the system calculates and sets suitable speed limits, usually by lane. Equipment over and along the roadway displays the speed limits and additional information such as basic safety rules and current traffic information. The system can be centrally monitored and controlled by a traffic management center or it can be autonomous.
This service establishes variable speed limits and communicates the speed limits to drivers. Speed warnings and enforcement of speeds limits, including variable speed limits, is covered in the TM17-Speed Warning and Enforcement service package.
Variable speed limits are an Active Traffic Management (ATM) strategy and are typically used in conjunction with other ATM strategies (such as TM22-Dynamic Lane Management and Shoulder Use and TM23-Dynamic Roadway Warning).
Relevant Regions: Australia, Canada, European Union, and United States
- Enterprise
- Functional
- Physical
- Goals and Objectives
- Needs and Requirements
- Sources
- Security
- Standards
- System Requirements
Enterprise
Development Stage Roles and Relationships
Installation Stage Roles and Relationships
Operations and Maintenance Stage Roles and Relationships
(hide)
Source | Destination | Role/Relationship |
---|---|---|
Driver | Roadway Owner | Expectation of Roadway Condition Management |
ITS Roadway Equipment Maintainer | ITS Roadway Equipment | Maintains |
ITS Roadway Equipment Manager | ITS Roadway Equipment | Manages |
ITS Roadway Equipment Owner | ITS Roadway Equipment Maintainer | System Maintenance Agreement |
ITS Roadway Equipment Owner | ITS Roadway Equipment Manager | Operations Agreement |
ITS Roadway Equipment Owner | Other ITS Roadway Equipment Maintainer | Maintenance Data Exchange Agreement |
ITS Roadway Equipment Owner | Other ITS Roadway Equipment Owner | Information Exchange and Action Agreement |
ITS Roadway Equipment Owner | Other ITS Roadway Equipment User | Service Usage Agreement |
ITS Roadway Equipment Owner | Traffic Management Center Maintainer | Maintenance Data Exchange Agreement |
ITS Roadway Equipment Owner | Traffic Management Center Owner | Information Exchange and Action Agreement |
ITS Roadway Equipment Owner | Traffic Management Center User | Service Usage Agreement |
ITS Roadway Equipment Owner | Traffic Operations Personnel | Application Usage Agreement |
ITS Roadway Equipment Supplier | ITS Roadway Equipment Owner | Warranty |
Other ITS Roadway Equipment Maintainer | Other ITS Roadway Equipment | Maintains |
Other ITS Roadway Equipment Manager | Other ITS Roadway Equipment | Manages |
Other ITS Roadway Equipment Owner | ITS Roadway Equipment Maintainer | Maintenance Data Exchange Agreement |
Other ITS Roadway Equipment Owner | ITS Roadway Equipment Owner | Information Exchange and Action Agreement |
Other ITS Roadway Equipment Owner | ITS Roadway Equipment User | Service Usage Agreement |
Other ITS Roadway Equipment Owner | Other ITS Roadway Equipment Maintainer | System Maintenance Agreement |
Other ITS Roadway Equipment Owner | Other ITS Roadway Equipment Manager | Operations Agreement |
Other ITS Roadway Equipment Supplier | Other ITS Roadway Equipment Owner | Warranty |
Roadway Maintainer | Roadway Environment | Maintains |
Roadway Manager | Roadway Environment | Manages |
Roadway Owner | Roadway Maintainer | System Maintenance Agreement |
Roadway Owner | Roadway Manager | Operations Agreement |
Traffic Management Center Maintainer | Traffic Management Center | Maintains |
Traffic Management Center Manager | Traffic Management Center | Manages |
Traffic Management Center Manager | Traffic Operations Personnel | System Usage Agreement |
Traffic Management Center Owner | ITS Roadway Equipment Maintainer | Maintenance Data Exchange Agreement |
Traffic Management Center Owner | ITS Roadway Equipment Owner | Information Provision Agreement |
Traffic Management Center Owner | ITS Roadway Equipment User | Service Usage Agreement |
Traffic Management Center Owner | Traffic Management Center Maintainer | System Maintenance Agreement |
Traffic Management Center Owner | Traffic Management Center Manager | Operations Agreement |
Traffic Management Center Supplier | Traffic Management Center Owner | Warranty |
Traffic Operations Personnel | Traffic Management Center | Operates |
Vehicle Characteristics Maintainer | Vehicle Characteristics | Maintains |
Vehicle Characteristics Manager | Vehicle Characteristics | Manages |
Vehicle Characteristics Owner | Vehicle Characteristics Maintainer | System Maintenance Agreement |
Vehicle Characteristics Owner | Vehicle Characteristics Manager | Operations Agreement |
Vehicle Characteristics Supplier | Vehicle Characteristics Owner | Warranty |
Functional
This service package includes the following Functional View PSpecs:
Physical
The physical diagram can be viewed in SVG or PNG format and the current format is SVG.SVG Diagram
PNG Diagram
Includes Physical Objects:
Physical Object | Class | Description |
---|---|---|
Driver | Vehicle | The 'Driver' represents the person that operates a vehicle on the roadway. Included are operators of private, transit, commercial, and emergency vehicles where the interactions are not particular to the type of vehicle (e.g., interactions supporting vehicle safety applications). The Driver originates driver requests and receives driver information that reflects the interactions which might be useful to all drivers, regardless of vehicle classification. Information and interactions which are unique to drivers of a specific vehicle type (e.g., fleet interactions with transit, commercial, or emergency vehicle drivers) are covered by separate objects. |
ITS Roadway Equipment | Field | 'ITS Roadway Equipment' represents the ITS equipment that is distributed on and along the roadway that monitors and controls traffic and monitors and manages the roadway. This physical object includes traffic detectors, environmental sensors, traffic signals, highway advisory radios, dynamic message signs, CCTV cameras and video image processing systems, grade crossing warning systems, and ramp metering systems. Lane management systems and barrier systems that control access to transportation infrastructure such as roadways, bridges and tunnels are also included. This object also provides environmental monitoring including sensors that measure road conditions, surface weather, and vehicle emissions. Work zone systems including work zone surveillance, traffic control, driver warning, and work crew safety systems are also included. |
Other ITS Roadway Equipment | Field | Representing another set of ITS Roadway Equipment, 'Other ITS Roadway Equipment' supports 'field device' to 'field device' communication and coordination, and provides a source and destination for information that may be exchanged between ITS Roadway Equipment. The interface enables direct coordination between field equipment. Examples include the direct interface between sensors and other roadway devices (e.g., Dynamic Message Signs) and the direct interface between roadway devices (e.g., between a Signal System Master and Signal System Local equipment) or a connection between an arterial signal system master and a ramp meter controller. |
Roadway Environment | Field | 'Roadway Environment' represents the physical condition and geometry of the road surface, markings, signs, and other objects on or near the road surface. It also represents the environmental conditions immediately surrounding the roadway. The roadway environment must be sensed and interpreted to support automated vehicle services. Surrounding conditions may include fog, ice, snow, rain, wind, etc. which will influence the way in which a vehicle can be safely operated on the roadway. The roadway environment must be monitored to enable corrective action and information dissemination regarding roadway conditions which may adversely affect travel. Infrastructure owner/operators can improve the roadway environment to improve the performance and accuracy of vehicle-based sensors that must sense and interpret this environment. Improvements could include changes in the shape, size, design, and materials used in signs, pavement markings, and other road features. |
Traffic Management Center | Center | The 'Traffic Management Center' monitors and controls traffic and the road network. It represents centers that manage a broad range of transportation facilities including freeway systems, rural and suburban highway systems, and urban and suburban traffic control systems. It communicates with ITS Roadway Equipment and Connected Vehicle Roadside Equipment (RSE) to monitor and manage traffic flow and monitor the condition of the roadway, surrounding environmental conditions, and field equipment status. It manages traffic and transportation resources to support allied agencies in responding to, and recovering from, incidents ranging from minor traffic incidents through major disasters. |
Traffic Operations Personnel | Center | 'Traffic Operations Personnel' represents the people that operate a traffic management center. These personnel interact with traffic control systems, traffic surveillance systems, incident management systems, work zone management systems, and travel demand management systems. They provide operator data and command inputs to direct system operations to varying degrees depending on the type of system and the deployment scenario. |
Vehicle Characteristics | Vehicle | 'Vehicle Characteristics' represents the external view of individual vehicles of any class from cars and light trucks up to large commercial vehicles and down to micromobility vehicles (MMVs). It includes vehicle physical characteristics such as height, width, length, weight, and other properties (e.g., magnetic properties, number of axles) of individual vehicles that can be sensed and measured or classified. This physical object represents the physical properties of vehicles that can be sensed by vehicle-based or infrastructure-based sensors to support vehicle automation and traffic sensor systems. The analog properties provided by this terminator represent the sensor inputs that are used to detect and assess vehicle(s) within the sensor's range to support safe AV operation and/or responsive and safe traffic management. |
Includes Functional Objects:
Functional Object | Description | Physical Object |
---|---|---|
Roadway Basic Surveillance | 'Roadway Basic Surveillance' monitors traffic conditions using fixed equipment such as loop detectors and CCTV cameras. | ITS Roadway Equipment |
Roadway Environmental Monitoring | 'Roadway Environmental Monitoring' measures environmental conditions and communicates the collected information back to a center where it can be monitored and analyzed or to other field devices to support communications to vehicles. A broad array of weather and road surface information may be collected. Weather conditions that may be measured include temperature, wind, humidity, precipitation, and visibility. Surface and sub-surface sensors can measure road surface temperature, moisture, icing, salinity, and other metrics. | ITS Roadway Equipment |
Roadway Traffic Information Dissemination | 'Roadway Traffic Information Dissemination' includes field elements that provide information to drivers, including dynamic message signs and highway advisory radios. | ITS Roadway Equipment |
Roadway Variable Speed Limits | 'Roadway Variable Speed Limits' includes the field equipment, physical overhead lane signs and associated control electronics that are used to manage and control variable speed limits systems. This equipment monitors traffic and environmental conditions along the roadway. The system can be centrally monitored and controlled by a Traffic Management Center or it can be autonomous, calculating and setting suitable speed limits, usually by lane. This application displays the speed limits and additional information such as basic safety rules and current traffic information to drivers. | ITS Roadway Equipment |
TMC Basic Surveillance | 'TMC Basic Surveillance' remotely monitors and controls traffic sensor systems and surveillance (e.g., CCTV) equipment, and collects, processes and stores the collected traffic data. Current traffic information and other real-time transportation information is also collected from other centers. The collected information is provided to traffic operations personnel and made available to other centers. | Traffic Management Center |
TMC Environmental Monitoring | 'TMC Environmental Monitoring' assimilates current and forecast road conditions and surface weather information using a combination of weather service provider information, information collected by other centers such as the Maintenance and Construction Management Center, data collected from environmental sensors deployed on and about the roadway, and information collected from connected vehicles. The collected environmental information is monitored and presented to the operator. This information can be used to issue general traveler advisories and support location specific warnings to drivers. | Traffic Management Center |
TMC Traffic Information Dissemination | 'TMC Traffic Information Dissemination' disseminates traffic and road conditions, closure and detour information, incident information, driver advisories, and other traffic-related data to other centers, the media, and driver information systems. It monitors and controls driver information system field equipment including dynamic message signs and highway advisory radio, managing dissemination of driver information through these systems. | Traffic Management Center |
TMC Variable Speed Limits | 'TMC Variable Speed Limits' provides center monitoring and control of variable speed limits systems. It monitors data on traffic and environmental conditions collected from sensors along the roadway. Based on the measured data, it calculates and sets suitable speed limits usually by lane. It controls equipment that posts the current speed limits and displays additional information such as basic safety rules and current traffic information to drivers. | Traffic Management Center |
Includes Information Flows:
Information Flow | Description |
---|---|
driver information | Regulatory, warning, guidance, and other information provided to the driver to support safe and efficient vehicle operation. |
dynamic sign coordination | The direct flow of information between field equipment. This includes information used to initialize, configure, and control dynamic message signs. This flow can provide message content and delivery attributes, local message store maintenance requests, control mode commands, status queries, and all other commands and associated parameters that support local management of these devices. Current operating status of dynamic message signs is returned. |
environmental conditions | Current road conditions (e.g., surface temperature, subsurface temperature, moisture, icing, treatment status) and surface weather conditions (e.g., air temperature, wind speed, precipitation, visibility) that are measured by environmental sensors. |
environmental sensor control | Data used to configure and control environmental sensors. |
environmental sensor coordination | The direct flow of information between field equipment. This includes configuration and control of environmental sensors and the current road conditions (e.g., surface temperature, subsurface temperature, moisture, icing, treatment status) and surface weather conditions (e.g., air temperature, wind speed, precipitation, visibility) as measured and reported by fixed and/or mobile environmental sensors. Operational status of the sensors is also included. |
environmental sensor data | Current road conditions (e.g., surface temperature, subsurface temperature, moisture, icing, treatment status) and surface weather conditions (e.g., air temperature, wind speed, precipitation, visibility) as measured and reported by fixed and/or mobile environmental sensors. Operational status of the sensors is also included. |
roadway dynamic signage data | Information used to initialize, configure, and control dynamic message signs. This flow can provide message content and delivery attributes, local message store maintenance requests, control mode commands, status queries, and all other commands and associated parameters that support remote management of these devices. |
roadway dynamic signage status | Current operating status of dynamic message signs. |
traffic detector control | Information used to configure and control traffic detector systems such as inductive loop detectors and machine vision sensors. |
traffic detector coordination | The direct flow of information between field equipment. This includes information used to configure and control traffic detector systems such as inductive loop detectors and machine vision sensors Raw and/or processed traffic detector data is returned that allows derivation of traffic flow variables (e.g., speed, volume, and density measures) and associated information (e.g., congestion, potential incidents). This flow includes the traffic data and the operational status of the traffic detectors |
traffic detector data | Raw and/or processed traffic detector data which allows derivation of traffic flow variables (e.g., speed, volume, and density measures) and associated information (e.g., congestion, potential incidents). This flow includes the traffic data and the operational status of the traffic detectors |
traffic image meta data | Meta data that describes traffic images. Traffic images (video) are in another flow. |
traffic images | High fidelity, real-time traffic images suitable for surveillance monitoring by the operator or for use in machine vision applications. This flow includes the images. Meta data that describes the images is contained in another flow. |
traffic operator data | Presentation of traffic operations data to the operator including traffic conditions, current operating status of field equipment, maintenance activity status, incident status, video images, security alerts, emergency response plan updates and other information. This data keeps the operator appraised of current road network status, provides feedback to the operator as traffic control actions are implemented, provides transportation security inputs, and supports review of historical data and preparation for future traffic operations activities. |
traffic operator input | User input from traffic operations personnel including requests for information, configuration changes, commands to adjust current traffic control strategies (e.g., adjust signal timing plans, change DMS messages), and other traffic operations data entry. |
variable speed limit control | Information used to configure and control variable speed limit systems including the equipment used to provide current speed limits and other information to drivers. |
variable speed limit coordination | The direct flow of information between field equipment. This includes information used to configure, control, and monitor variable speed limit systems including the equipment used to provide current speed limits and other information to drivers. |
variable speed limit status | Current operating status of the variable speed limit systems including the state of the equipment. |
vehicle characteristics | The physical or visible characteristics of individual vehicles that can be used to detect, classify, and monitor vehicles and imaged to uniquely identify vehicles. |
video surveillance control | Information used to configure and control video surveillance systems. |
video surveillance coordination | The direct flow of information between field equipment. This includes information used to configure and control video surveillance systems and the high fidelity, real-time traffic images and associated meta data that are returned. |
Goals and Objectives
Associated Planning Factors and Goals
Planning Factor | Goal |
---|---|
A. Support the economic vitality of the metropolitan area, especially by enabling global competitiveness, productivity, and efficiency; | Improve freight network |
B. Increase the safety of the transportation system for motorized and nonmotorized users; | Reduce fatalities and injuries |
D. Increase the accessibility and mobility of people and for freight; | Reduce congestion |
G. Promote efficient system management and operation; | Improve efficiency |
I. Improve the resiliency and reliability of the transportation system and reduce or mitigate stormwater impacts of surface transportation; | Improve resiliency and reliability |
Associated Objective Categories
Associated Objectives and Performance Measures
Needs and Requirements
Need | Functional Object | Requirement | ||
---|---|---|---|---|
01 | Traffic Operations need to be able to collect data from multiple sources to actively recommend variable speed limits which can be based on environmental conditions. | Roadway Basic Surveillance | 01 | The field element shall collect, process, digitize, and send traffic sensor data (speed, volume, and occupancy) to the center for further analysis and storage, under center control. |
02 | The field element shall collect, process, and send traffic images to the center for further analysis and distribution. | |||
Roadway Environmental Monitoring | 01 | The field element shall include surface and sub-surface environmental sensors that measure road surface temperature, moisture, icing, salinity, and other measures. | ||
02 | The field element shall include environmental sensors that measure weather conditions including temperature, wind, humidity, precipitation, and visibility. | |||
10 | The field element shall provide weather and road surface condition data to centers. | |||
Roadway Variable Speed Limits | 01 | The field element shall monitor traffic and environmental conditions along the roadway. | ||
06 | The field element shall collect operational status of the variable speed limit field equipment and report the operational status to the controlling center. | |||
07 | The field element shall monitor and report faults to the controlling center. | |||
TMC Basic Surveillance | 01 | The center shall monitor, analyze, and store traffic sensor data (speed, volume, occupancy) collected from field elements under remote control of the center. | ||
02 | The center shall monitor, analyze, and distribute traffic images from CCTV systems under remote control of the center. | |||
07 | The center shall remotely control devices to detect traffic. | |||
TMC Environmental Monitoring | 01 | The traffic center shall remotely control environmental sensors that measure road surface conditions including temperature, moisture, icing, salinity, and other measures. | ||
02 | The traffic center shall remotely control environmental sensors that measure weather conditions including temperature, wind, humidity, precipitation, and visibility. | |||
TMC Variable Speed Limits | 01 | The center shall monitor data on traffic and environmental conditions collected from sensors along the roadway. | ||
03 | The center shall control field equipment that posts the current speed limits and displays additional information such as basic safety rules and current traffic information to drivers. | |||
04 | The center shall monitor the operational status of the variable speed limit equipment, including fault reports. | |||
02 | Traffic Operations need to be able to process current and historical data in order to provide recommended variable speed limits. | Roadway Variable Speed Limits | 03 | The field element shall receive commands from the controlling center that establish speed limits by lane. |
04 | The field element shall display the current speed limits per lane to drivers. | |||
TMC Basic Surveillance | 01 | The center shall monitor, analyze, and store traffic sensor data (speed, volume, occupancy) collected from field elements under remote control of the center. | ||
02 | The center shall monitor, analyze, and distribute traffic images from CCTV systems under remote control of the center. | |||
07 | The center shall remotely control devices to detect traffic. | |||
TMC Variable Speed Limits | 02 | Based on the measured data, the center shall calculate and set suitable speed limits by lane. | ||
03 | Traffic Operations need to be able to display variable speed limits to drivers. | Roadway Traffic Information Dissemination | 01 | The field element shall include dynamic message signs for dissemination of traffic and other information to drivers, under center control; the DMS may be either those that display variable text messages, or those that have fixed format display(s) (e.g. vehicle restrictions, or lane open/close). |
03 | The field element shall provide operational status for the driver information systems equipment (DMS, HAR, etc.) to the center. | |||
04 | The field element shall provide fault data for the driver information systems equipment (DMS, HAR, etc.) to the center for repair. | |||
TMC Traffic Information Dissemination | 03 | The center shall collect operational status for the driver information systems equipment (DMS, HAR, etc.). | ||
04 | The center shall collect fault data for the driver information systems equipment (DMS, HAR, etc.) for repair. | |||
TMC Variable Speed Limits | 06 | The center shall provide the current speed limits and additional information such as basic safety rules and current traffic information to drivers. |
Related Sources
Document Name | Version | Publication Date |
---|---|---|
ITS User Services Document | 1/1/2005 | |
Concept of Operations for Road Weather Connected Vehicle Application | Final | 5/31/2013 |
Concept of Operations For Road Weather Connected Vehicle Applications | Draft v1.4.2 | 6/26/2012 |
Security
In order to participate in this service package, each physical object should meet or exceed the following security levels.
Physical Object Security | ||||
---|---|---|---|---|
Physical Object | Confidentiality | Integrity | Availability | Security Class |
ITS Roadway Equipment | Moderate | Moderate | Moderate | Class 2 |
Other ITS Roadway Equipment | Moderate | Moderate | Moderate | Class 2 |
Roadway Environment | Not Applicable | Low | Low | Class 1 |
Traffic Management Center | Moderate | High | Moderate | Class 3 |
Vehicle Characteristics |
In order to participate in this service package, each information flow triple should meet or exceed the following security levels.
Information Flow Security | |||||
---|---|---|---|---|---|
Source | Destination | Information Flow | Confidentiality | Integrity | Availability |
Basis | Basis | Basis | |||
ITS Roadway Equipment | Driver | driver information | Not Applicable | High | Moderate |
This data is sent to all drivers and is also directly observable, by design. | This is the primary signal trusted by the driver to decide whether to go through the intersection and what speed to go through the intersection at; if it's wrong, accidents could happen. | If the lights are out you have to get a policeman to direct traffic – expensive and inefficient and may cause a cascading effect due to lack of coordination with other intersections. | |||
ITS Roadway Equipment | Other ITS Roadway Equipment | dynamic sign coordination | Moderate | Moderate | Moderate |
Any control flow has some confidentiality requirement, as observation of the flow may enable an attacker to analyze and learn how to assume control. MODERATE for most flows as the potential damage is likely contained, though anything that could have a significant safety impact may be assigned HIGH. | Since this directly impacts device control, we consider it the same as a control flow. Control flows, even for seemingly innocent devices, should have MODERATE integrity at minimum, just to guarantee that intended control messages are received. Incorrect, corrupted, intercepted and modified control messages can or will result in target field devices not behaving according to operator intent. The severity of this depends on the type of device, which is why some devices are set MODERATE and some HIGH. | Since this directly impacts device control, we consider it the same as a control flow. Control flow availability is related to the criticality of being able to remotely control the device. For most devices, this is MODERATE. For purely passive devices with no incident relationship, this will be LOW. All devices should have default modes that enable them to operate without backhaul connectivity, so no device warrants a HIGH. | |||
ITS Roadway Equipment | Other ITS Roadway Equipment | environmental sensor coordination | Moderate | Moderate | Low |
Any control flow has some confidentiality requirement, as observation of the flow may enable an attacker to analyze and learn how to assume control. MODERATE for most flows as the potential damage is likely contained, though anything that could have a significant safety impact may be assigned HIGH. | Since this directly impacts device control, we consider it the same as a control flow. Control flows, even for seemingly innocent devices, should have MODERATE integrity at minimum, just to guarantee that intended control messages are received. Incorrect, corrupted, intercepted and modified control messages can or will result in target field devices not behaving according to operator intent. The severity of this depends on the type of device, which is why some devices are set MODERATE and some HIGH. | Since this directly impacts device control, we consider it the same as a control flow. Control flow availability is related to the criticality of being able to remotely control the device. For most devices, this is MODERATE. For purely passive devices with no incident relationship, this will be LOW. All devices should have default modes that enable them to operate without backhaul connectivity, so no device warrants a HIGH. | |||
ITS Roadway Equipment | Other ITS Roadway Equipment | traffic detector coordination | Moderate | Moderate | Low |
Any control flow has some confidentiality requirement, as observation of the flow may enable an attacker to analyze and learn how to assume control. MODERATE for most flows as the potential damage is likely contained, though anything that could have a significant safety impact may be assigned HIGH. | Since this directly impacts device control, we consider it the same as a control flow. Control flows, even for seemingly innocent devices, should have MODERATE integrity at minimum, just to guarantee that intended control messages are received. Incorrect, corrupted, intercepted and modified control messages can or will result in target field devices not behaving according to operator intent. The severity of this depends on the type of device, which is why some devices are set MODERATE and some HIGH. | Since this directly impacts device control, we consider it the same as a control flow. Control flow availability is related to the criticality of being able to remotely control the device. For most devices, this is MODERATE. For purely passive devices with no incident relationship, this will be LOW. All devices should have default modes that enable them to operate without backhaul connectivity, so no device warrants a HIGH. | |||
ITS Roadway Equipment | Other ITS Roadway Equipment | variable speed limit coordination | Moderate | Moderate | Moderate |
Any control flow has some confidentiality requirement, as observation of the flow may enable an attacker to analyze and learn how to assume control. MODERATE for most flows as the potential damage is likely contained, though anything that could have a significant safety impact may be assigned HIGH. | Since this directly impacts device control, we consider it the same as a control flow. Control flows, even for seemingly innocent devices, should have MODERATE integrity at minimum, just to guarantee that intended control messages are received. Incorrect, corrupted, intercepted and modified control messages can or will result in target field devices not behaving according to operator intent. The severity of this depends on the type of device, which is why some devices are set MODERATE and some HIGH. | Since this directly impacts device control, we consider it the same as a control flow. Control flow availability is related to the criticality of being able to remotely control the device. For most devices, this is MODERATE. For purely passive devices with no incident relationship, this will be LOW. All devices should have default modes that enable them to operate without backhaul connectivity, so no device warrants a HIGH. | |||
ITS Roadway Equipment | Other ITS Roadway Equipment | video surveillance coordination | Moderate | Moderate | Moderate |
Any control flow has some confidentiality requirement, as observation of the flow may enable an attacker to analyze and learn how to assume control. MODERATE for most flows as the potential damage is likely contained, though anything that could have a significant safety impact may be assigned HIGH. | Since this directly impacts device control, we consider it the same as a control flow. Control flows, even for seemingly innocent devices, should have MODERATE integrity at minimum, just to guarantee that intended control messages are received. Incorrect, corrupted, intercepted and modified control messages can or will result in target field devices not behaving according to operator intent. The severity of this depends on the type of device, which is why some devices are set MODERATE and some HIGH. | Since this directly impacts device control, we consider it the same as a control flow. Control flow availability is related to the criticality of being able to remotely control the device. For most devices, this is MODERATE. For purely passive devices with no incident relationship, this will be LOW. All devices should have default modes that enable them to operate without backhaul connectivity, so no device warrants a HIGH. | |||
ITS Roadway Equipment | Traffic Management Center | environmental sensor data | Low | Moderate | Moderate |
Little to no impact if this data is observed | info should be correct to determine safe speeds etc.; DISC: WYO believes this to be HIGH | Updates are desireable but slightly outdated information will not be catastrophic. | |||
ITS Roadway Equipment | Traffic Management Center | roadway dynamic signage status | Moderate | Moderate | Moderate |
Device status information should not be available, as those with criminal intent may use this information toward their own ends. | Data is intended to feed dissemination channels, either C-ITS messages or DMS or other channels, so it should generally be correct as it is distributed widely and any forgery or corrupted data will have widespread impact. | Failure of this flow affects traveler information dissemination, the importance of which varies with the data contained in the flow and the scenario. Could be LOW in many instances. | |||
ITS Roadway Equipment | Traffic Management Center | traffic detector data | Low | Moderate | Moderate |
No impact if someone sees the data | Some minimal guarantee of data integrity is necessary for all C-ITS flows. THEA believes this to be LOW.only limited adverse effect if raw/processed traffic detector data is bad/compromised; DISC: WYO believes this to be HIGH | Only limited adverse effect of info is not timely/readily available, however without this information it will be difficult to perform traffic management activities, thus MODERATE. If not used for management, may be LOW. | |||
ITS Roadway Equipment | Traffic Management Center | traffic image meta data | Low | Moderate | Moderate |
Traffic image data is generally intended for public consumption, and in any event is already video captured in the public arena, so this must be LOW. | While accuracy of this data is important for decision making purposes, applications should be able to cfunction without it. Thus MODERATE generally. | While accuracy of this data is important for decision making purposes, applications should be able to function without it. Thus MODERATE generally. | |||
ITS Roadway Equipment | Traffic Management Center | traffic images | Low | Moderate | Low |
Traffic image data is generally intended for public consumption, and in any event is already video captured in the public arena, so this must be LOW. | Generally transportation coordination information should be correct between source and destination, or inappropriate actions may be taken. | While useful, there is no signficant impact if this flow is not available. | |||
ITS Roadway Equipment | Traffic Management Center | variable speed limit status | Low | Moderate | Moderate |
This information is directly observable | The TMC will react based on current status of ITS-RE and thus this information should be trusted. DISC: WYO believes this to be HIGH. | The information should be available to ensure timely response from TMC | |||
Other ITS Roadway Equipment | ITS Roadway Equipment | dynamic sign coordination | Moderate | Moderate | Moderate |
Any control flow has some confidentiality requirement, as observation of the flow may enable an attacker to analyze and learn how to assume control. MODERATE for most flows as the potential damage is likely contained, though anything that could have a significant safety impact may be assigned HIGH. | Since this directly impacts device control, we consider it the same as a control flow. Control flows, even for seemingly innocent devices, should have MODERATE integrity at minimum, just to guarantee that intended control messages are received. Incorrect, corrupted, intercepted and modified control messages can or will result in target field devices not behaving according to operator intent. The severity of this depends on the type of device, which is why some devices are set MODERATE and some HIGH. | Since this directly impacts device control, we consider it the same as a control flow. Control flow availability is related to the criticality of being able to remotely control the device. For most devices, this is MODERATE. For purely passive devices with no incident relationship, this will be LOW. All devices should have default modes that enable them to operate without backhaul connectivity, so no device warrants a HIGH. | |||
Other ITS Roadway Equipment | ITS Roadway Equipment | environmental sensor coordination | Moderate | Moderate | Low |
Any control flow has some confidentiality requirement, as observation of the flow may enable an attacker to analyze and learn how to assume control. MODERATE for most flows as the potential damage is likely contained, though anything that could have a significant safety impact may be assigned HIGH. | Since this directly impacts device control, we consider it the same as a control flow. Control flows, even for seemingly innocent devices, should have MODERATE integrity at minimum, just to guarantee that intended control messages are received. Incorrect, corrupted, intercepted and modified control messages can or will result in target field devices not behaving according to operator intent. The severity of this depends on the type of device, which is why some devices are set MODERATE and some HIGH. | Since this directly impacts device control, we consider it the same as a control flow. Control flow availability is related to the criticality of being able to remotely control the device. For most devices, this is MODERATE. For purely passive devices with no incident relationship, this will be LOW. All devices should have default modes that enable them to operate without backhaul connectivity, so no device warrants a HIGH. | |||
Other ITS Roadway Equipment | ITS Roadway Equipment | traffic detector coordination | Moderate | Moderate | Low |
Any control flow has some confidentiality requirement, as observation of the flow may enable an attacker to analyze and learn how to assume control. MODERATE for most flows as the potential damage is likely contained, though anything that could have a significant safety impact may be assigned HIGH. | Since this directly impacts device control, we consider it the same as a control flow. Control flows, even for seemingly innocent devices, should have MODERATE integrity at minimum, just to guarantee that intended control messages are received. Incorrect, corrupted, intercepted and modified control messages can or will result in target field devices not behaving according to operator intent. The severity of this depends on the type of device, which is why some devices are set MODERATE and some HIGH. | Since this directly impacts device control, we consider it the same as a control flow. Control flow availability is related to the criticality of being able to remotely control the device. For most devices, this is MODERATE. For purely passive devices with no incident relationship, this will be LOW. All devices should have default modes that enable them to operate without backhaul connectivity, so no device warrants a HIGH. | |||
Other ITS Roadway Equipment | ITS Roadway Equipment | variable speed limit coordination | Moderate | Moderate | Moderate |
Any control flow has some confidentiality requirement, as observation of the flow may enable an attacker to analyze and learn how to assume control. MODERATE for most flows as the potential damage is likely contained, though anything that could have a significant safety impact may be assigned HIGH. | Since this directly impacts device control, we consider it the same as a control flow. Control flows, even for seemingly innocent devices, should have MODERATE integrity at minimum, just to guarantee that intended control messages are received. Incorrect, corrupted, intercepted and modified control messages can or will result in target field devices not behaving according to operator intent. The severity of this depends on the type of device, which is why some devices are set MODERATE and some HIGH. | Since this directly impacts device control, we consider it the same as a control flow. Control flow availability is related to the criticality of being able to remotely control the device. For most devices, this is MODERATE. For purely passive devices with no incident relationship, this will be LOW. All devices should have default modes that enable them to operate without backhaul connectivity, so no device warrants a HIGH. | |||
Other ITS Roadway Equipment | ITS Roadway Equipment | video surveillance coordination | Moderate | Moderate | Moderate |
Any control flow has some confidentiality requirement, as observation of the flow may enable an attacker to analyze and learn how to assume control. MODERATE for most flows as the potential damage is likely contained, though anything that could have a significant safety impact may be assigned HIGH. | Since this directly impacts device control, we consider it the same as a control flow. Control flows, even for seemingly innocent devices, should have MODERATE integrity at minimum, just to guarantee that intended control messages are received. Incorrect, corrupted, intercepted and modified control messages can or will result in target field devices not behaving according to operator intent. The severity of this depends on the type of device, which is why some devices are set MODERATE and some HIGH. | Since this directly impacts device control, we consider it the same as a control flow. Control flow availability is related to the criticality of being able to remotely control the device. For most devices, this is MODERATE. For purely passive devices with no incident relationship, this will be LOW. All devices should have default modes that enable them to operate without backhaul connectivity, so no device warrants a HIGH. | |||
Roadway Environment | ITS Roadway Equipment | environmental conditions | Not Applicable | Low | Low |
Sensor-based information flows by definition have no confidentiality concerns. | While typically security concerns related to sensing ignored, if considered this would be LOW, as the obfuscation or failure of any given environmental sensor is likely to be overcome by the mass of data necessary to draw environmental concluisions. | While typically security concerns related to sensing ignored, if considered this would be LOW, as the obfuscation or failure of any given environmental sensor is likely to be overcome by the mass of data necessary to draw environmental concluisions. | |||
Traffic Management Center | ITS Roadway Equipment | environmental sensor control | Moderate | Moderate | Low |
Control flows, even for seemingly innocent devices, should be kept confidential to minimize attack vectors. While an individual installation may not be particularly impacted by a cyberattack of its sensor network, another installation might be severely impacted, and different installations are likely to use similar methods, so compromising one leads to compromising all. DISC: THEA, WYO believe this to be LOW: encrypted, authenticated, proprietary; but should not cause severe damage if seen | Should be accurate and not be tampered with; could enable outside control of traffic sensors but should not cause severe harm, but could cause issues with environmental sensor data received and be detrimental to operations; DISC: WYO believes this may be HIGH for some applications | Control flow availability is related to the criticality of being able to remotely control the device. For most devices, this is MODERATE. For purely passive devices with no incident relationship, this will be LOW. All devices should have default modes that enable them to operate without backhaul connectivity, so no device warrants a HIGH. From THEAwant updates but delayed information will not be severe; should be able to operate from a previous/default control/config; DISC: WYO believes this to be MODERATE | |||
Traffic Management Center | ITS Roadway Equipment | roadway dynamic signage data | Moderate | Moderate | Moderate |
Device control information should not be available, as those with criminal intent may use this information toward their own ends. | Data is intended to feed dissemination channels, either C-ITS messages or DMS or other channels, so it should generally be correct as it is distributed widely and any forgery or corrupted data will have widespread impact. | Occasional outages of this flow will delay dissemination of the data to travelers (the eventual end user) which could have significant impacts on travel, both safety and mobility impacts. | |||
Traffic Management Center | ITS Roadway Equipment | traffic detector control | Moderate | Moderate | Low |
Control flows, even for seemingly innocent devices, should be kept confidential to minimize attack vectors. While an individual installation may not be particularly impacted by a cyberattack of its sensor network, another installation might be severely impacted, and different installations are likely to use similar methods, so compromising one leads to compromising all. DISC: THEA, WYO believe this to be LOW: encrypted, authenticated, proprietary; but should not cause severe damage if seen | Control flows, even for seemingly innocent devices, should have MODERATE integrity at minimum, just to guarantee that intended control messages are received. Incorrect, corrupted, intercepted and modified control messages can or will result in target field devices not behaving according to operator intent. The severity of this depends on the type of device, which is why some devices are set MODERATE and some HIGH.. From THEA: should be accurate and not be tampered with; could enable outside control of traffic sensors but should not cause severe harm, but could cause issues with traffic sensor data received and be detrimental to operations | Control flow availability is related to the criticality of being able to remotely control the device. For most devices, this is MODERATE. For purely passive devices with no incident relationship, this will be LOW. All devices should have default modes that enable them to operate without backhaul connectivity, so no device warrants a HIGH.. From THEA: want updates but delayed information will not be severe; should be able to operate from a previous/default control/config. DISC: WYO believes this to be MODERATE | |||
Traffic Management Center | ITS Roadway Equipment | variable speed limit control | Moderate | High | Moderate |
Control flows, even for seemingly innocent devices, should be kept confidential to minimize attack vectors. While an individual installation may not be particularly impacted by a cyberattack of its sensor network, another installation might be severely impacted, and different installations are likely to use similar methods, so compromising one leads to compromising all.. DISC: WYO believes this to be LOW or MODERATE depending on the application. NYC believes it to be LOW, as this information is directly observable. | Control flows, even for seemingly innocent devices, should have MODERATE integrity at minimum, just to guarantee that intended control messages are received. Incorrect, corrupted, intercepted and modified control messages can or will result in target field devices not behaving according to operator intent. The severity of this depends on the type of device, which is why some devices are set MODERATE and some HIGH. From NYC: The information sent from TMC directly affect the ITS-RE speed "announcement". | NYC: The ITS-RE can work accordingly or in fail-safe if information is not available. WYO believes this to be MODERATE. Given the impacts for WYO scnearios, defaulted to MODERATE. | |||
Traffic Management Center | ITS Roadway Equipment | video surveillance control | Moderate | Moderate | Moderate |
Control flows, even for seemingly innocent devices, should be kept confidential to minimize attack vectors. While an individual installation may not be particularly impacted by a cyberattack of its sensor network, another installation might be severely impacted, and different installations are likely to use similar methods, so compromising one leads to compromising all. | Control flows, even for seemingly innocent devices, should have MODERATE integrity at minimum, just to guarantee that intended control messages are received. Incorrect, corrupted, intercepted and modified control messages can or will result in target field devices not behaving according to operator intent. The severity of this depends on the type of device, which is why some devices are set MODERATE and some HIGH. | Control flow availability is related to the criticality of being able to remotely control the device. For most devices, this is MODERATE. For purely passive devices with no incident relationship, this will be LOW. All devices should have default modes that enable them to operate without backhaul connectivity, so no device warrants a HIGH. | |||
Traffic Management Center | Traffic Operations Personnel | traffic operator data | Moderate | Moderate | Moderate |
Backoffice operations flows should have minimal protection from casual viewing, as otherwise imposters could gain illicit control or information that should not be generally available. | Information presented to backoffice system operators must be consistent or the operator may perform actions that are not appropriate to the real situation. | The backoffice system operator should have access to system operation. If this interface is down then control is effectively lost, as without feedback from the system the operator has no way of knowing what is the correct action to take. | |||
Traffic Operations Personnel | Traffic Management Center | traffic operator input | Moderate | High | High |
Backoffice operations flows should have minimal protection from casual viewing, as otherwise imposters could gain illicit control or information that should not be generally available. | Backoffice operations flows should generally be correct and available as these are the primary interface between operators and system. | Backoffice operations flows should generally be correct and available as these are the primary interface between operators and system. |
Standards
The following table lists the standards associated with physical objects in this service package. For standards related to interfaces, see the specific information flow triple pages.
Name | Title | Physical Object |
---|---|---|
ITE ATC | Advanced Transportation Controller | ITS Roadway Equipment |
ITE ATC API | Application Programming Interface Standard for the Advanced Transportation Controller | ITS Roadway Equipment |
ITE ATC ITS Cabinet | Intelligent Transportation System Standard Specification for Roadside Cabinets | ITS Roadway Equipment |
ITE ATC Model 2070 | Model 2070 Controller Standard | ITS Roadway Equipment |
NEMA TS 8 Cyber and Physical Security | Cyber and Physical Security for Intelligent Transportation Systems | ITS Roadway Equipment |
Traffic Management Center | ||
NEMA TS2 Traffic Controller Assemblies | Traffic Controller Assemblies with NTCIP Requirements | ITS Roadway Equipment |
NEMA TS4 Hardware Standards for DMS | Hardware Standards for Dynamic Message Signs (DMS) With NTCIP Requirements | ITS Roadway Equipment |
System Requirements
System Requirement | Need | ||
---|---|---|---|
001 | The system shall monitor, analyze, and store traffic sensor data (speed, volume, occupancy) collected from field elements under remote control of the center. | 01 | Traffic Operations need to be able to collect data from multiple sources to actively recommend variable speed limits which can be based on environmental conditions. |
02 | Traffic Operations need to be able to process current and historical data in order to provide recommended variable speed limits. | ||
002 | The system shall monitor, analyze, and distribute traffic images from CCTV systems under remote control of the center. | 01 | Traffic Operations need to be able to collect data from multiple sources to actively recommend variable speed limits which can be based on environmental conditions. |
02 | Traffic Operations need to be able to process current and historical data in order to provide recommended variable speed limits. | ||
003 | The system shall remotely control devices to detect traffic. | 01 | Traffic Operations need to be able to collect data from multiple sources to actively recommend variable speed limits which can be based on environmental conditions. |
02 | Traffic Operations need to be able to process current and historical data in order to provide recommended variable speed limits. | ||
004 | The system shall remotely control environmental sensors that measure road surface conditions including temperature, moisture, icing, salinity, and other measures. | 01 | Traffic Operations need to be able to collect data from multiple sources to actively recommend variable speed limits which can be based on environmental conditions. |
005 | The system shall collect operational status for the driver information systems equipment (DMS, HAR, etc.). | 03 | Traffic Operations need to be able to display variable speed limits to drivers. |
006 | The system shall collect fault data for the driver information systems equipment (DMS, HAR, etc.) for repair. | 03 | Traffic Operations need to be able to display variable speed limits to drivers. |
007 | The system shall monitor data on traffic and environmental conditions collected from sensors along the roadway. | 01 | Traffic Operations need to be able to collect data from multiple sources to actively recommend variable speed limits which can be based on environmental conditions. |
008 | The system shall calculate and set suitable speed limits by lane. | 02 | Traffic Operations need to be able to process current and historical data in order to provide recommended variable speed limits. |
009 | The system shall control field equipment that posts the current speed limits and displays additional information such as basic safety rules and current traffic information to drivers. | 01 | Traffic Operations need to be able to collect data from multiple sources to actively recommend variable speed limits which can be based on environmental conditions. |
010 | The system shall monitor the operational status of the variable speed limit equipment, including fault reports. | 01 | Traffic Operations need to be able to collect data from multiple sources to actively recommend variable speed limits which can be based on environmental conditions. |
011 | The system shall provide the current speed limits and additional information such as basic safety rules and current traffic information to drivers. | 03 | Traffic Operations need to be able to display variable speed limits to drivers. |
012 | The system shall collect, process, digitize, and send traffic sensor data (speed, volume, and occupancy) to the center for further analysis and storage, under center control. | 01 | Traffic Operations need to be able to collect data from multiple sources to actively recommend variable speed limits which can be based on environmental conditions. |
013 | The system shall collect, process, and send traffic images to the center for further analysis and distribution. | 01 | Traffic Operations need to be able to collect data from multiple sources to actively recommend variable speed limits which can be based on environmental conditions. |
014 | The system shall include surface and sub-surface environmental sensors that measure road surface temperature, moisture, icing, salinity, and other measures. | 01 | Traffic Operations need to be able to collect data from multiple sources to actively recommend variable speed limits which can be based on environmental conditions. |
015 | The system shall include environmental sensors that measure weather conditions including temperature, wind, humidity, precipitation, and visibility. | 01 | Traffic Operations need to be able to collect data from multiple sources to actively recommend variable speed limits which can be based on environmental conditions. |
016 | The system shall provide weather and road surface condition data to centers. | 01 | Traffic Operations need to be able to collect data from multiple sources to actively recommend variable speed limits which can be based on environmental conditions. |
017 | The system shall include dynamic message signs for dissemination of traffic and other information to drivers, under center control; the DMS may be either those that display variable text messages, or those that have fixed format display(s) (e.g. vehicle r | 03 | Traffic Operations need to be able to display variable speed limits to drivers. |
018 | The system shall provide operational status for the driver information systems equipment (DMS, HAR, etc.) to the center. | 03 | Traffic Operations need to be able to display variable speed limits to drivers. |
019 | The system shall provide fault data for the driver information systems equipment (DMS, HAR, etc.) to the center for repair. | 03 | Traffic Operations need to be able to display variable speed limits to drivers. |
020 | The system shall monitor traffic and environmental conditions along the roadway. | 01 | Traffic Operations need to be able to collect data from multiple sources to actively recommend variable speed limits which can be based on environmental conditions. |
021 | The system shall receive commands from the controlling center that establish speed limits by lane. | 02 | Traffic Operations need to be able to process current and historical data in order to provide recommended variable speed limits. |
022 | The system shall display the current speed limits per lane to drivers. | 02 | Traffic Operations need to be able to process current and historical data in order to provide recommended variable speed limits. |
023 | The system shall collect operational status of the variable speed limit field equipment and report the operational status to the controlling center. | 01 | Traffic Operations need to be able to collect data from multiple sources to actively recommend variable speed limits which can be based on environmental conditions. |
024 | The system shall monitor and report faults to the controlling center. | 01 | Traffic Operations need to be able to collect data from multiple sources to actively recommend variable speed limits which can be based on environmental conditions. |