PT05: Transit Security
This service package provides for the physical security of transit passengers and transit vehicle operators. On-board equipment performs surveillance and sensor monitoring in order to identify potentially hazardous situations. The surveillance equipment includes video (e.g., CCTV cameras), audio systems and/or event recorder systems. The sensor equipment includes threat sensors (e.g., chemical agent, toxic industrial chemical, biological, explosives, and radiological sensors) and object detection sensors (e.g., metal detectors). Transit user or transit vehicle operator activated alarms are provided on-board. Public areas (e.g., transit stops, park and ride lots, stations) are also monitored with similar surveillance and sensor equipment and provided with transit user activated alarms. In addition this service package provides surveillance and sensor monitoring of non-public areas of transit facilities (e.g., transit yards) and transit infrastructure such as bridges, tunnels, and transit railways or bus rapid transit (BRT) guideways. The surveillance equipment includes video and/or audio systems. The sensor equipment includes threat sensors and object detection sensors as described above as well as, intrusion or motion detection sensors and infrastructure integrity monitoring (e.g., rail track continuity checking or bridge structural integrity monitoring).
Most of the surveillance and sensor data that is collected by this service package may be monitored by either the Emergency Management Center or the Transit Management Center, providing two possible approaches to implementing this service package. This service package also supports remote transit vehicle disabling and transit vehicle operator authentication by the Transit Management Center.
Relevant Regions: Australia, Canada, European Union, and United States
- Enterprise
- Functional
- Physical
- Goals and Objectives
- Needs and Requirements
- Sources
- Security
- Standards
- System Requirements
Enterprise
Development Stage Roles and Relationships
Installation Stage Roles and Relationships
Operations and Maintenance Stage Roles and Relationships
(hide)
| Source | Destination | Role/Relationship |
|---|---|---|
| Alerting and Advisory System Maintainer | Alerting and Advisory System | Maintains |
| Alerting and Advisory System Manager | Alerting and Advisory System | Manages |
| Alerting and Advisory System Owner | Alerting and Advisory System Maintainer | System Maintenance Agreement |
| Alerting and Advisory System Owner | Alerting and Advisory System Manager | Operations Agreement |
| Alerting and Advisory System Owner | Emergency Management Center Maintainer | Maintenance Data Exchange Agreement |
| Alerting and Advisory System Owner | Emergency Management Center Owner | Information Provision Agreement |
| Alerting and Advisory System Owner | Emergency Management Center User | Service Usage Agreement |
| Alerting and Advisory System Owner | Emergency System Operator | Application Usage Agreement |
| Alerting and Advisory System Supplier | Alerting and Advisory System Owner | Warranty |
| Basic Transit Vehicle Maintainer | Basic Transit Vehicle | Maintains |
| Basic Transit Vehicle Manager | Basic Transit Vehicle | Manages |
| Basic Transit Vehicle Manager | Transit Vehicle Operator | System Usage Agreement |
| Basic Transit Vehicle Owner | Basic Transit Vehicle Maintainer | System Maintenance Agreement |
| Basic Transit Vehicle Owner | Basic Transit Vehicle Manager | Operations Agreement |
| Basic Transit Vehicle Owner | Transit Vehicle OBE Maintainer | Maintenance Data Exchange Agreement |
| Basic Transit Vehicle Owner | Transit Vehicle OBE Owner | Expectation of Data Provision |
| Basic Transit Vehicle Owner | Transit Vehicle OBE User | Service Usage Agreement |
| Basic Transit Vehicle Owner | Transit Vehicle Operator | Application Usage Agreement |
| Basic Transit Vehicle Owner | Transit Vehicle Operator | Vehicle Operating Agreement |
| Basic Transit Vehicle Supplier | Basic Transit Vehicle Owner | Warranty |
| Emergency Management Center Maintainer | Emergency Management Center | Maintains |
| Emergency Management Center Manager | Emergency Management Center | Manages |
| Emergency Management Center Manager | Emergency System Operator | System Usage Agreement |
| Emergency Management Center Owner | Emergency Management Center Maintainer | System Maintenance Agreement |
| Emergency Management Center Owner | Emergency Management Center Manager | Operations Agreement |
| Emergency Management Center Owner | Other Emergency Management Centers Maintainer | Maintenance Data Exchange Agreement |
| Emergency Management Center Owner | Other Emergency Management Centers Owner | Information Exchange Agreement |
| Emergency Management Center Owner | Other Emergency Management Centers User | Service Usage Agreement |
| Emergency Management Center Owner | Rail Operations Center Maintainer | Maintenance Data Exchange Agreement |
| Emergency Management Center Owner | Rail Operations Center Owner | Information Provision Agreement |
| Emergency Management Center Owner | Rail Operations Center User | Service Usage Agreement |
| Emergency Management Center Owner | Security Monitoring Equipment Maintainer | Maintenance Data Exchange Agreement |
| Emergency Management Center Owner | Security Monitoring Equipment Owner | Information Provision Agreement |
| Emergency Management Center Owner | Security Monitoring Equipment User | Service Usage Agreement |
| Emergency Management Center Owner | Transit Management Center Maintainer | Maintenance Data Exchange Agreement |
| Emergency Management Center Owner | Transit Management Center Owner | Information Exchange Agreement |
| Emergency Management Center Owner | Transit Management Center User | Service Usage Agreement |
| Emergency Management Center Owner | Transit Operations Personnel | Application Usage Agreement |
| Emergency Management Center Owner | Transit Vehicle OBE Maintainer | Maintenance Data Exchange Agreement |
| Emergency Management Center Owner | Transit Vehicle OBE Owner | Information Provision Agreement |
| Emergency Management Center Owner | Transit Vehicle OBE User | Service Usage Agreement |
| Emergency Management Center Owner | Transit Vehicle Operator | Application Usage Agreement |
| Emergency Management Center Owner | Traveler | Application Usage Agreement |
| Emergency Management Center Owner | Traveler Support Equipment Maintainer | Maintenance Data Exchange Agreement |
| Emergency Management Center Owner | Traveler Support Equipment Owner | Information Provision Agreement |
| Emergency Management Center Owner | Traveler Support Equipment User | Service Usage Agreement |
| Emergency Management Center Supplier | Emergency Management Center Owner | Warranty |
| Emergency System Operator | Emergency Management Center | Operates |
| Media Maintainer | Media | Maintains |
| Media Manager | Media | Manages |
| Media Owner | Media Maintainer | System Maintenance Agreement |
| Media Owner | Media Manager | Operations Agreement |
| Media Supplier | Media Owner | Warranty |
| Other Emergency Management Centers Maintainer | Other Emergency Management Centers | Maintains |
| Other Emergency Management Centers Manager | Other Emergency Management Centers | Manages |
| Other Emergency Management Centers Owner | Emergency Management Center Maintainer | Maintenance Data Exchange Agreement |
| Other Emergency Management Centers Owner | Emergency Management Center Owner | Information Exchange Agreement |
| Other Emergency Management Centers Owner | Emergency Management Center User | Service Usage Agreement |
| Other Emergency Management Centers Owner | Emergency System Operator | Application Usage Agreement |
| Other Emergency Management Centers Owner | Other Emergency Management Centers Maintainer | System Maintenance Agreement |
| Other Emergency Management Centers Owner | Other Emergency Management Centers Manager | Operations Agreement |
| Other Emergency Management Centers Supplier | Other Emergency Management Centers Owner | Warranty |
| Rail Operations Center Maintainer | Rail Operations Center | Maintains |
| Rail Operations Center Manager | Rail Operations Center | Manages |
| Rail Operations Center Owner | Rail Operations Center Maintainer | System Maintenance Agreement |
| Rail Operations Center Owner | Rail Operations Center Manager | Operations Agreement |
| Rail Operations Center Supplier | Rail Operations Center Owner | Warranty |
| Security Monitoring Equipment Maintainer | Security Monitoring Equipment | Maintains |
| Security Monitoring Equipment Manager | Security Monitoring Equipment | Manages |
| Security Monitoring Equipment Owner | Emergency Management Center Maintainer | Maintenance Data Exchange Agreement |
| Security Monitoring Equipment Owner | Emergency Management Center Owner | Information Exchange and Action Agreement |
| Security Monitoring Equipment Owner | Emergency Management Center User | Service Usage Agreement |
| Security Monitoring Equipment Owner | Emergency System Operator | Application Usage Agreement |
| Security Monitoring Equipment Owner | Security Monitoring Equipment Maintainer | System Maintenance Agreement |
| Security Monitoring Equipment Owner | Security Monitoring Equipment Manager | Operations Agreement |
| Security Monitoring Equipment Supplier | Security Monitoring Equipment Owner | Warranty |
| Transit Management Center Maintainer | Transit Management Center | Maintains |
| Transit Management Center Manager | Transit Management Center | Manages |
| Transit Management Center Manager | Transit Operations Personnel | System Usage Agreement |
| Transit Management Center Owner | Emergency Management Center Maintainer | Maintenance Data Exchange Agreement |
| Transit Management Center Owner | Emergency Management Center Owner | Information Exchange Agreement |
| Transit Management Center Owner | Emergency Management Center User | Service Usage Agreement |
| Transit Management Center Owner | Emergency System Operator | Application Usage Agreement |
| Transit Management Center Owner | Media Maintainer | Maintenance Data Exchange Agreement |
| Transit Management Center Owner | Media Owner | Information Provision Agreement |
| Transit Management Center Owner | Media User | Service Usage Agreement |
| Transit Management Center Owner | Transit Management Center Maintainer | System Maintenance Agreement |
| Transit Management Center Owner | Transit Management Center Manager | Operations Agreement |
| Transit Management Center Owner | Transit Vehicle OBE Maintainer | Maintenance Data Exchange Agreement |
| Transit Management Center Owner | Transit Vehicle OBE Owner | Information Provision Agreement |
| Transit Management Center Owner | Transit Vehicle OBE User | Service Usage Agreement |
| Transit Management Center Owner | Transit Vehicle Operator | Application Usage Agreement |
| Transit Management Center Owner | Transportation Information Center Maintainer | Maintenance Data Exchange Agreement |
| Transit Management Center Owner | Transportation Information Center Owner | Information Provision Agreement |
| Transit Management Center Owner | Transportation Information Center User | Service Usage Agreement |
| Transit Management Center Owner | Traveler | Application Usage Agreement |
| Transit Management Center Owner | Traveler Support Equipment Maintainer | Maintenance Data Exchange Agreement |
| Transit Management Center Owner | Traveler Support Equipment Owner | Information Provision Agreement |
| Transit Management Center Owner | Traveler Support Equipment User | Service Usage Agreement |
| Transit Management Center Supplier | Transit Management Center Owner | Warranty |
| Transit Operations Personnel | Transit Management Center | Operates |
| Transit Vehicle OBE Maintainer | Transit Vehicle OBE | Maintains |
| Transit Vehicle OBE Manager | Transit Vehicle OBE | Manages |
| Transit Vehicle OBE Manager | Transit Vehicle Operator | System Usage Agreement |
| Transit Vehicle OBE Owner | Basic Transit Vehicle Maintainer | Maintenance Data Exchange Agreement |
| Transit Vehicle OBE Owner | Basic Transit Vehicle Owner | Expectation of Data Provision |
| Transit Vehicle OBE Owner | Basic Transit Vehicle User | Service Usage Agreement |
| Transit Vehicle OBE Owner | Emergency Management Center Maintainer | Maintenance Data Exchange Agreement |
| Transit Vehicle OBE Owner | Emergency Management Center Owner | Expectation of Data Provision |
| Transit Vehicle OBE Owner | Emergency Management Center User | Service Usage Agreement |
| Transit Vehicle OBE Owner | Emergency System Operator | Application Usage Agreement |
| Transit Vehicle OBE Owner | Emergency System Operator | Vehicle Operating Agreement |
| Transit Vehicle OBE Owner | Transit Management Center Maintainer | Maintenance Data Exchange Agreement |
| Transit Vehicle OBE Owner | Transit Management Center Owner | Expectation of Data Provision |
| Transit Vehicle OBE Owner | Transit Management Center User | Service Usage Agreement |
| Transit Vehicle OBE Owner | Transit Operations Personnel | Application Usage Agreement |
| Transit Vehicle OBE Owner | Transit Operations Personnel | Vehicle Operating Agreement |
| Transit Vehicle OBE Owner | Transit Vehicle OBE Maintainer | System Maintenance Agreement |
| Transit Vehicle OBE Owner | Transit Vehicle OBE Manager | Operations Agreement |
| Transit Vehicle OBE Owner | Transit Vehicle Operator | Application Usage Agreement |
| Transit Vehicle OBE Owner | Transit Vehicle Operator | Vehicle Operating Agreement |
| Transit Vehicle OBE Supplier | Transit Vehicle OBE Owner | Warranty |
| Transit Vehicle Operator | Basic Transit Vehicle | Operates |
| Transit Vehicle Operator | Transit Vehicle OBE | Operates |
| Transportation Information Center Maintainer | Transportation Information Center | Maintains |
| Transportation Information Center Manager | Transportation Information Center | Manages |
| Transportation Information Center Owner | Transportation Information Center Maintainer | System Maintenance Agreement |
| Transportation Information Center Owner | Transportation Information Center Manager | Operations Agreement |
| Transportation Information Center Supplier | Transportation Information Center Owner | Warranty |
| Traveler | Traveler Support Equipment | Operates |
| Traveler Support Equipment Maintainer | Traveler Support Equipment | Maintains |
| Traveler Support Equipment Manager | Traveler | System Usage Agreement |
| Traveler Support Equipment Manager | Traveler Support Equipment | Manages |
| Traveler Support Equipment Owner | Emergency Management Center Maintainer | Maintenance Data Exchange Agreement |
| Traveler Support Equipment Owner | Emergency Management Center Owner | Information Exchange and Action Agreement |
| Traveler Support Equipment Owner | Emergency Management Center User | Service Usage Agreement |
| Traveler Support Equipment Owner | Emergency System Operator | Application Usage Agreement |
| Traveler Support Equipment Owner | Transit Management Center Maintainer | Maintenance Data Exchange Agreement |
| Traveler Support Equipment Owner | Transit Management Center Owner | Information Exchange and Action Agreement |
| Traveler Support Equipment Owner | Transit Management Center User | Service Usage Agreement |
| Traveler Support Equipment Owner | Transit Operations Personnel | Application Usage Agreement |
| Traveler Support Equipment Owner | Traveler Support Equipment Maintainer | System Maintenance Agreement |
| Traveler Support Equipment Owner | Traveler Support Equipment Manager | Operations Agreement |
| Traveler Support Equipment Supplier | Traveler Support Equipment Owner | Warranty |
Functional
This service package includes the following Functional View PSpecs:
Physical
The physical diagram can be viewed in SVG or PNG format and the current format is SVG.SVG Diagram
PNG Diagram
Includes Physical Objects:
| Physical Object | Class | Description |
|---|---|---|
| Alerting and Advisory System | Center | 'Alerting and Advisory System' represents the federal, state, and local alerting and advisory systems that provide alerts, advisories, and other potential threat information that is relevant to surface transportation systems. This includes systems such as the Information Sharing and Analysis Centers (ISACS), the National Infrastructure Protection Center (NIPC), the Homeland Security Advisory System (HSAS), and other systems that provide intelligence about potential, imminent, or actual attacks on the transportation infrastructure or its supporting information systems. This system also represents the early warning and emergency alert systems operated by federal, state, county, and local agencies that provide advisories and alerts regarding all types of emergencies including natural hazards (floods, hurricanes, tornados, earthquakes), accidents (chemical spills, nuclear power plant emergencies) and other civil emergencies such as child abduction alerts that impact transportation system operation and/or require immediate public notification. Note that weather related watches and warnings, such as those issued by the National Hurricane Center, are provided by both this terminator and the Weather Service terminator since many alerting and advisory systems and the National Weather Service both provide severe weather and related hazards information. The alerts and advisories that are provided by the systems represented by this terminator are based on analysis of potential threat information that is collected from a variety of sources, including information collected by ITS systems. The bidirectional interface with this terminator allows potential threat information that is collected by ITS systems to be provided to the alerting and advisory systems to improve their ability to identify threats and provide useful and timely information. The types of information provided by this terminator include general assessments and incident awareness information, advisories that identify potential threats or recommendations to increase preparedness levels, alerts regarding imminent or in-progress emergencies, and specific threat information such as visual imagery used for biometric image processing. |
| Basic Transit Vehicle | Vehicle | The 'Basic Transit Vehicle' represents the transit vehicle that hosts the on-board equipment that provides ITS functions. It includes a specialized and extended databus that is subject to different vehicle databus standards and hosts a broad range of components that are unique to a transit vehicle including the farebox and associated electronics, passenger counters, and transit security systems. The Transit Vehicle may represent a bus, paratransit vehicle, light rail vehicle, or other vehicle designed to carry passengers. |
| Emergency Management Center | Center | The 'Emergency Management Center' represents systems that support incident management, disaster response and evacuation, security monitoring, and other security and public safety-oriented ITS applications. It includes the functions associated with fixed and mobile public safety communications centers including public safety call taker and dispatch centers operated by police (including transit police), fire, and emergency medical services. It includes the functions associated with Emergency Operations Centers that are activated at local, regional, state, and federal levels for emergencies and the portable and transportable systems that support Incident Command System operations at an incident. This Center also represents systems associated with towing and recovery, freeway service patrols, HAZMAT response teams, and mayday service providers. It manages sensor and surveillance equipment used to enhance transportation security of the roadway infrastructure (including bridges, tunnels, interchanges, and other key roadway segments) and the public transportation system (including transit vehicles, public areas such as transit stops and stations, facilities such as transit yards, and transit infrastructure such as rail, bridges, tunnels, or bus guideways). It provides security/surveillance services to improve traveler security in public areas not a part of the public transportation system. It monitors alerts, advisories, and other threat information and prepares for and responds to identified emergencies. It coordinates emergency response involving multiple agencies with peer centers. It stores, coordinates, and utilizes emergency response and evacuation plans to facilitate this coordinated response. Emergency situation information including damage assessments, response status, evacuation information, and resource information are shared The Emergency Management Center also provides a focal point for coordination of the emergency and evacuation information that is provided to the traveling public, including wide-area alerts when immediate public notification is warranted. It tracks and manages emergency vehicle fleets using real-time road network status and routing information from the other centers to aid in selecting the emergency vehicle(s) and routes, and works with other relevant centers to tailor traffic control to support emergency vehicle ingress and egress, implementation of special traffic restrictions and closures, evacuation traffic control plans, and other special strategies that adapt the transportation system to better meet the unique demands of an emergency. |
| Emergency System Operator | Center | 'Emergency System Operator' represents the public safety personnel that monitor emergency requests, (including those from the E911 Operator) and set up pre-defined responses to be executed by an emergency management system. The operator may also override predefined responses where it is observed that they are not achieving the desired result. This also includes dispatchers who manage an emergency fleet (police, fire, ambulance, HAZMAT, etc.) or higher order emergency managers who provide response coordination during emergencies. |
| Media | Center | 'Media' represents the information systems that provide traffic reports, travel conditions, and other transportation-related news services to the traveling public through radio, TV, and other media. Traffic and travel advisory information that are collected by ITS are provided to this object. It is also a source for traffic flow information, incident and special event information, and other events that may have implications for the transportation system. |
| Other Emergency Management Centers | Center | 'Other Emergency Management Centers' provides a source and destination for information flows between various communications centers operated by public safety agencies, emergency management agencies, other allied agencies, and private companies that participate in coordinated management of transportation-related incidents, including disasters. The interface represented by this object enables emergency management activities to be coordinated across jurisdictional boundaries and between functional areas, supporting requirements for general networks connecting many allied agencies. It also supports interface to other allied agencies like utility companies that also participate in the coordinated response to selected highway-related incidents. |
| Rail Operations Center | Center | 'Rail Operations Center' represents the (usually) centralized control point for a substantial segment of a freight railroad's operations and maintenance activities. It is roughly the railroad equivalent to a highway Traffic Management Center. It is the source and destination of information that can be used to coordinate rail and highway traffic management and maintenance operations. It is also the source and destination for incident, incident response, disaster, or evacuation information that is exchanged with an Emergency Management Center. The use of a single object for multiple sources and destination for information exchange with railroads implies the need for a single, consistent interface between a given railroad's operations and maintenance activities and ITS. |
| Security Monitoring Equipment | Field | 'Security Monitoring Equipment' includes surveillance and sensor equipment used to provide enhanced security and safety for transportation facilities or infrastructure. The equipment is located in non-public areas of transportation facilities (e.g. maintenance and transit yards), on or near non-roadway parts of the transportation infrastructure (e.g. transit railway and guideways), and in public areas (e.g., transit stops, transit stations, intermodal terminals). This equipment also includes surveillance and sensor equipment located on or near major roadway features such as bridges, tunnels, and interchanges, when the equipment's primary function is one of security and safety. If the primary function of the equipment is traffic surveillance or incident detection, then the surveillance or sensors would be covered as part of the 'ITS Roadway Equipment'. The surveillance equipment includes video (e.g. CCTV cameras) and/or audio systems. The sensor equipment includes threat sensors (e.g. chemical agent, toxic industrial chemical, biological, explosives, and radiological sensors), object detection (e.g. metal detectors), intrusion or motion detection, and infrastructure integrity monitoring (e.g. rail track continuity checking or bridge structural integrity monitoring). Limited processing of collected sensor and surveillance data is also included in this subsystem to support threat detection and classification. |
| Transit Management Center | Center | The 'Transit Management Center' manages transit vehicle fleets and coordinates with other modes and transportation services. It provides operations, maintenance, customer information, planning and management functions for the transit property. It spans distinct central dispatch and garage management systems and supports the spectrum of fixed route, flexible route, paratransit services, transit rail, and bus rapid transit (BRT) service. The physical object's interfaces support communication between transit departments and with other operating entities such as emergency response services and traffic management systems. |
| Transit Operations Personnel | Center | 'Transit Operations Personnel' represents the people that are responsible for fleet management, maintenance operations, and scheduling activities of the transit system. These different roles represent a variety of individuals in the transit industry. Within the transit industry the person responsible for fleet management is known by many names: Street Supervisor, Starter, Dispatcher, Supervisor, Traffic Controller, Transportation Coordinator. This person actively monitors, controls, and modifies the transit fleet routes and schedules on a day to day basis (dynamic scheduling). The modifications will take account of abnormal situations such as vehicle breakdown, vehicle delay, detours around work zones or incidents (detour management, connection protection, and service restoration), and other causes of route or schedule deviations. Transit operations personnel are also responsible for demand responsive transit operation and for managing emergency situations within the transit network such as silent alarms on board transit vehicles, or the remote disabling of the vehicle. In addition the Transit Operations Personnel may be responsible for assigning vehicle operators to routes, checking vehicle operators in and out, and managing transit stop issues. This object also represents the personnel in the transit garage that are responsible for maintenance of the transit fleets, including monitoring vehicle status, matching vehicles with operators, and maintenance checking of transit vehicles. Finally, it represents the people responsible for planning, development, and management of transit routes and schedules. |
| Transit Vehicle OBE | Vehicle | The 'Transit Vehicle On-Board Equipment' (OBE) resides in a transit vehicle and provides the sensory, processing, storage, and communications functions necessary to support safe and efficient movement of passengers. The types of transit vehicles containing this physical object include buses, paratransit vehicles, light rail vehicles, other vehicles designed to carry passengers, and supervisory vehicles. It collects ridership levels and supports electronic fare collection. It supports a traffic signal prioritization function that communicates with the roadside physical object to improve on-schedule performance. Automated vehicle location enhances the information available to the transit operator enabling more efficient operations. On-board sensors support transit vehicle maintenance. The physical object supports on-board security and safety monitoring. This monitoring includes transit user or vehicle operator activated alarms (silent or audible), as well as surveillance and sensor equipment. The surveillance equipment includes video (e.g. CCTV cameras), audio systems and/or event recorder systems. It also furnishes travelers with real-time travel information, continuously updated schedules, transfer options, routes, and fares. A separate 'Vehicle OBE' physical object supports the general vehicle safety and driver information capabilities that apply to all vehicles, including transit vehicles. The Transit Vehicle OBE supplements these general capabilities with capabilities that are specific to transit vehicles. |
| Transit Vehicle Operator | Vehicle | The 'Transit Vehicle Operator' represents the person that receives and provides additional information that is specific to operating the ITS functions in all types of transit vehicles. The information received by the operator would include status of on-board systems. Additional information received depends upon the type of transit vehicle. In the case of fixed route transit vehicles, the Transit Vehicle Operator would receive operator instructions that might include actions to take to correct schedule deviations. In the case of flexible fixed routes and demand response routes the information would also include dynamic routing or passenger pickup information. |
| Transportation Information Center | Center | The 'Transportation Information Center' collects, processes, stores, and disseminates transportation information to system operators and the traveling public. The physical object can play several different roles in an integrated ITS. In one role, the TIC provides a data collection, fusing, and repackaging function, collecting information from transportation system operators and redistributing this information to other system operators in the region and other TICs. In this information redistribution role, the TIC provides a bridge between the various transportation systems that produce the information and the other TICs and their subscribers that use the information. The second role of a TIC is focused on delivery of traveler information to subscribers and the public at large. Information provided includes basic advisories, traffic and road conditions, transit schedule information, yellow pages information, ride matching information, and parking information. The TIC is commonly implemented as a website or a web-based application service, but it represents any traveler information distribution service. |
| Traveler | Personal | The 'Traveler' represents any individual who uses transportation services. The interfaces to the traveler provide general pre-trip and en-route information supporting trip planning, personal guidance, and requests for assistance in an emergency that are relevant to all transportation system users. It also represents users of a public transportation system and addresses interfaces these users have within a transit vehicle or at transit facilities such as roadside stops and transit centers. |
| Traveler Support Equipment | Field | 'Traveler Support Equipment' provides access to traveler information at transit stations, transit stops, other fixed sites along travel routes (e.g., rest stops, merchant locations), and major trip generation locations such as special event centers, hotels, office complexes, amusement parks, and theaters. Traveler information access points include kiosks and informational displays supporting varied levels of interaction and information access. At transit stops this might be simple displays providing schedule information and imminent arrival signals. This may be extended to include multi-modal information including traffic conditions and transit schedules to support mode and route selection at major trip generation sites. Personalized route planning and route guidance information can also be provided based on criteria supplied by the traveler. It also supports service enrollment and electronic payment of transit fares. In addition to the traveler information provision, it also enhances security in public areas by supporting traveler activated silent alarms. |
Includes Functional Objects:
| Functional Object | Description | Physical Object |
|---|---|---|
| Emergency Response Management | 'Emergency Response Management' provides the strategic emergency response capabilities and broad inter-agency interfaces that are implemented for extraordinary incidents and disasters that require response from outside the local community. It provides the functional capabilities and interfaces commonly associated with Emergency Operations Centers. It develops and stores emergency response plans and manages overall coordinated response to emergencies. It monitors real-time information on the state of the regional transportation system including current traffic and road conditions, weather conditions, special event and incident information. It tracks the availability of resources and assists in the appropriate allocation of these resources for a particular emergency response. It also provides coordination between multiple allied agencies before and during emergencies to implement emergency response plans and track progress through the incident. It also coordinates with the public through the Emergency Telecommunication Systems (e.g., Reverse 911). It coordinates with public health systems to provide the most appropriate response for emergencies involving biological or other medical hazards. | Emergency Management Center |
| Emergency Secure Area Alarm Support | 'Emergency Secure Area Alarm Support' receives traveler or transit vehicle operator alarm messages, notifies the system operator, and provides acknowledgement of alarm receipt back to the originator of the alarm. The alarms received can be generated by silent or audible alarm systems and may originate from public areas (e.g. transit stops, park and ride lots, transit stations, rest areas) or transit vehicles. The nature of the emergency may be determined based on the information in the alarm message as well as other inputs. | Emergency Management Center |
| Emergency Secure Area Sensor Management | 'Emergency Secure Area Sensor Management' manages sensors that monitor secure areas in the transportation system, processes the collected data, performs threat analysis in which data is correlated with other sensor, surveillance, and advisory inputs, and then disseminates resultant threat information to emergency personnel and other agencies. In response to identified threats, the operator may request activation of barrier and safeguard systems to preclude an incident, control access during and after an incident or mitigate impact of an incident. The sensors may be in secure areas frequented by travelers (i.e., transit stops, transit stations, rest areas, park and ride lots, modal interchange facilities, on-board a transit vehicle, etc.) or around transportation infrastructure such as bridges, tunnels and transit railways or guideways. The types of sensors include acoustic, threat (e.g. chemical agent, toxic industrial chemical, biological, explosives, and radiological sensors), infrastructure condition and integrity, motion and object sensors. | Emergency Management Center |
| Emergency Secure Area Surveillance | 'Emergency Secure Area Surveillance' monitors surveillance inputs from secure areas in the transportation system. The surveillance may be of secure areas frequented by travelers (i.e., transit stops, transit stations, rest areas, park and ride lots, modal interchange facilities, on-board a transit vehicle, etc.) or around transportation infrastructure such as bridges, tunnels and transit railways or guideways. It provides both video and audio surveillance information to emergency personnel and automatically alerts emergency personnel of potential incidents. | Emergency Management Center |
| Field Secure Area Sensor Monitoring | 'Field Secure Area Sensor Monitoring' includes sensors that monitor conditions of secure areas including facilities (e.g. transit yards), transportation infrastructure (e.g. Bridges, tunnels, interchanges, and transit railways or guideways), and public areas (e.g., transit stops, transit stations, rest areas, park and ride lots, modal interchange facilities). A range of acoustic, environmental threat (e.g. Chemical agent, toxic industrial chemical, biological, explosives, and radiological sensors), infrastructure condition and integrity and motion and object sensors are included. | Security Monitoring Equipment |
| Field Secure Area Surveillance | 'Field Secure Area Surveillance' includes video and audio surveillance equipment that monitors conditions of secure areas including facilities (e.g. transit yards), transportation infrastructure (e.g. as bridges, tunnels, interchanges, and transit railways or guideways), and public areas (e.g., transit stops, transit stations, rest areas, park and ride lots, modal interchange facilities). It provides the surveillance information to the Emergency Management Center for possible threat detection. It also provides local processing of the video or audio information, providing processed or analyzed results to the Emergency Management Center. | Security Monitoring Equipment |
| Transit Center Security | 'Transit Center Security' monitors transit vehicle operator or traveler activated alarms received from on-board a transit vehicle. It supports transit vehicle operator authentication and provides the capability to remotely disable a transit vehicle. It also includes the capability to alert operators and police to potential incidents identified by these security features. | Transit Management Center |
| Transit Vehicle Security | 'Transit Vehicle Security' provides security and safety functions on-board the transit vehicle. It includes surveillance and sensor systems that monitor the on-board environment, silent alarms that can be activated by transit user or vehicle operator, operator authentication, and a remote vehicle disable function. The surveillance equipment includes video (e.g. CCTV cameras), audio systems and/or event recorder systems. The sensor equipment includes threat sensors (e.g. chemical agent, toxic industrial chemical, biological, explosives, and radiological sensors) and object detection sensors (e.g. metal detectors). | Transit Vehicle OBE |
| Traveler Security | 'Traveler Security' provides the capability to report an emergency or summon assistance from secure areas such as transit stops, transit stations, modal transfer facilities, rest stops and picnic areas, park-and-ride areas, tourism and travel information areas, and emergency pull off areas. This object includes interfaces that support initiation of an alarm and presentation of the returned alarm acknowledgement as well as a broadcast message to advise or warn the traveler. | Traveler Support Equipment |
Includes Information Flows:
| Information Flow | Description |
|---|---|
| alarm acknowledge | Confirmation that alarm was received, instructions and additional information for the alarm initiator, and requests for additional information. |
| alarm notification | Notification of activation of an audible or silent alarm by a traveler in a public area or by a transit vehicle operator using an on-board device. |
| emergency operations input | Emergency operator input supporting call taking, dispatch, emergency operations, security monitoring, and other operations and communications center operator functions. |
| emergency operations status | Presentation of information to the operator including emergency operations data, supporting a range of emergency operating positions including call taker, dispatch, emergency operations, security monitoring, and various other operations and communications center operator positions. |
| host transit vehicle status | Information provided to the ITS on-board equipment from other systems on the Transit Vehicle Platform. |
| incident information | Notification of existence of incident and expected severity, location, time and nature of incident. As additional information is gathered and the incident evolves, updated incident information is provided. Incidents include any event that impacts transportation system operation ranging from routine incidents (e.g., disabled vehicle at the side of the road) through large-scale natural or human-caused disasters that involve loss of life, injuries, extensive property damage, and multi-jurisdictional response. This also includes special events, closures, and other planned events that may impact the transportation system. |
| incident report | Report of an identified incident including incident location, type, severity and other information necessary to initiate an appropriate incident response. |
| incident response status | Status of the current incident response including a summary of incident status and its impact on the transportation system, traffic management strategies implemented at the site (e.g., closures, diversions, traffic signal control overrides), and current and planned response activities. |
| infrastructure monitoring sensor control | Data used to configure and control infrastructure monitoring sensors. |
| infrastructure monitoring sensor data | Data read from infrastructure-based sensors that monitor the condition or integrity of transportation infrastructure including bridges, tunnels, interchanges, pavement, culverts, signs, transit rail or guideway, and other roadway infrastructure. Includes sensor data and the operational status of the sensors. |
| remote vehicle disable | Signal used to remotely disable a transit vehicle. |
| secure area sensor control | Information used to configure and control threat sensors (e.g., thermal, acoustic, radiological, chemical), object, motion and intrusion detection sensors. The provided information controls sensor data collection, aggregation, filtering, and other local processing. |
| secure area sensor data | Data provided by threat sensors (e.g., thermal, acoustic, radiological, chemical), and intrusion, motion, and object detection sensors in secure areas indicating the sensor's operational status, raw and processed sensor data, and alarm indicators when a threat has been detected. |
| secure area surveillance control | Information used to configure and control audio and video surveillance systems used for transportation infrastructure security in secure areas. The provided information controls surveillance data collection, aggregation, filtering, and other local processing. |
| secure area surveillance data | Data collected from surveillance systems used to monitor secure areas. Includes video, audio, processed surveillance data, equipment operational status, and alarm indicators when a threat has been detected. |
| threat information | Threats regarding transportation infrastructure, facilities, or systems detected by a variety of methods (sensors, surveillance, threat analysis of advisories from outside agencies, etc. |
| threat information coordination | Sensor, surveillance, and threat data including raw and processed data that is collected by sensor and surveillance equipment located in secure areas. |
| threat support data | Information provided to help receiving agency identify possible threats, including biometric image processing support data. |
| transit emergency data | Initial notification of transit emergency at a transit stop or on transit vehicles and further coordination as additional details become available and the response is coordinated. |
| transit incident information | Information on transit incidents that impact transit services for public dissemination. |
| transit operations personnel input | User input from transit operations personnel including instructions governing service availability, schedules, emergency response plans, transit personnel assignments, transit maintenance requirements, and other inputs that establish general system operating requirements and procedures. |
| transit operations status | Presentation of information to transit operations personnel including accumulated schedule and fare information, ridership and on-time performance information, emergency response plans, transit personnel information, maintenance records, and other information intended to support overall planning and management of a transit property. |
| transit vehicle conditions | Operating conditions of transit vehicle (e.g., engine running, oil pressure, fuel level and usage). It includes status of other on-board systems including user displays, passenger counters, and security systems. This overall status information is also collected from unused (out of service) vehicles. |
| transit vehicle control | Control commands to transit-specific hardware supporting transit fare collection, passenger counting, traveler information systems, and other transit-specific control systems on-board the transit vehicle. This flow also includes the signal disabling or enabling transit vehicle operation sent as a result of a transit vehicle operator authentication failure or a remote disable command. See also 'vehicle control', which includes general control commands that are applicable to all vehicles. |
| transit vehicle location data | Current transit vehicle location and related operational conditions data provided by a transit vehicle. |
| transit vehicle operator authentication information | Information regarding on-board transit operator authentication |
| transit vehicle operator authentication update | Results of authentication process or update of on-board authentication database. |
| transit vehicle operator display | Visual, audible, and tactile outputs to the transit vehicle operator including vehicle surveillance information, alarm information, vehicle system status, information from the operations center, and information indicating the status of all other on-board ITS services. |
| transit vehicle operator input | Transit vehicle operator inputs to on-board ITS equipment, including tactile and verbal inputs. Includes authentication information, on-board system control, emergency requests, and fare transaction data. |
| traveler input | User input from a traveler to summon assistance, request travel information, make a reservation, or request any other traveler service. |
| traveler interface updates | Visual or audio information (e.g., routes, messages, guidance, emergency information) that is provided to the traveler. |
Goals and Objectives
Associated Planning Factors and Goals
| Planning Factor | Goal |
|---|---|
| B. Increase the safety of the transportation system for motorized and nonmotorized users; | Reduce fatalities and injuries |
| C. Increase the security of the transportation system for motorized and nonmotorized users; | Improve security |
| D. Increase the accessibility and mobility of people and for freight; | Reduce congestion |
Associated Objective Categories 
| Objective Category |
|---|
| Emergency/Incident Management: Incident Duration |
| Security: Crime |
| Security: Terrorism, Natural Disasters, and Hazardous Material Incidents |
| Transit Operations and Management: Safety |
Associated Objectives and Performance Measures
Since the mapping between objectives and service packages is not always straight-forward and often situation-dependent, these mappings should only be used as a starting point. Users should do their own analysis to identify the best service packages for their region.
Needs and Requirements
| Need | Functional Object | Requirement | ||
|---|---|---|---|---|
| 01 | Transit Operations needs to be able to monitor conditions on a transit vehicle in order to provide a secure environment for travelers. | Emergency Secure Area Alarm Support | 02 | The center shall collect silent and audible alarms received from transit vehicles, originated by the traveler or the transit vehicle operator. |
| 03 | After the alarm message has been received, the center shall generate an alarm acknowledgment to the sender. | |||
| 06 | The center shall forward the alarm message to center personnel and respond to the traveler or transit vehicle operator as directed by the personnel. | |||
| Emergency Secure Area Sensor Management | 03 | The center shall remotely monitor and control security sensor data collected on-board transit vehicles. The types of security sensor data include environmental threat (e.g. chemical agent, toxic industrial chemical, biological, explosives, and radiological sensors) and object detection sensors. The data may be raw or pre-processed in the field. | ||
| 10 | The center shall respond to control data from center personnel regarding security sensor data collection, processing, threat detection, and threat analysis. | |||
| Emergency Secure Area Surveillance | 03 | The center shall remotely monitor video images and audio surveillance data collected on-board transit vehicles. The data may be raw or pre-processed in the field. | ||
| 09 | The center shall remotely control security surveillance devices on-board transit vehicles. | |||
| Transit Center Security | 01 | The center shall monitor transit vehicle operational data to determine if the transit vehicle is off-route and assess whether a security incident is occurring. | ||
| 02 | The center shall receive reports of emergencies on-board transit vehicles entered directly be the transit vehicle operator or from a traveler through interfaces such as panic buttons or alarm switches. | |||
| Transit Vehicle Security | 01 | The transit vehicle shall perform video and audio surveillance inside of transit vehicles and output raw video or audio data for either local monitoring (for processing or direct output to the transit vehicle operator), remote monitoring or for local storage (e.g., in an event recorder). | ||
| 02 | The transit vehicle shall perform local monitoring of video or audio surveillance data collected inside of transit vehicles, and identify potential incidents or threats based on received processing parameters. | |||
| 03 | The transit vehicle shall output an indication of potential incidents or threats and the processed video or audio information to the center along with the vehicle's current location. | |||
| 04 | The transit vehicle shall detect potential threats via sensors for chemical agents, toxic industrial chemicals, biological agents, explosives, and radiation. | |||
| 05 | The transit vehicle shall detect potential threats via object detection sensors (e.g. metal detectors). | |||
| 06 | The transit vehicle shall output an indication of potential incidents or threats and the processed sensor information to the center along with the vehicle's current location. | |||
| 07 | The transit vehicle shall accept sensor control data to allow remote control of the sensors. | |||
| 08 | The transit vehicle shall monitor and output surveillance and sensor equipment status and fault indications. | |||
| 09 | The transit vehicle shall accept emergency inputs from either the transit vehicle operator or a traveler through such interfaces as panic buttons, silent or audible alarms, etc. | |||
| 10 | The transit vehicle shall output reported emergencies to the center. | |||
| 11 | The transit vehicle shall receive acknowledgments of the emergency request from the center and output this acknowledgment to the transit vehicle operator or to the travelers. | |||
| 12 | The transit vehicle shall be capable of receiving an emergency message for broadcast to the travelers or to the transit vehicle operator. | |||
| 02 | Transit Operations needs to be able to monitor transit stops and transit stations in order to provide a secure environment for travelers. | Emergency Secure Area Alarm Support | 01 | The center shall collect silent and audible alarms received from travelers in secure areas (such as transit stops, rest areas, park and ride lots, modal interchange facilities). |
| 03 | After the alarm message has been received, the center shall generate an alarm acknowledgment to the sender. | |||
| 06 | The center shall forward the alarm message to center personnel and respond to the traveler or transit vehicle operator as directed by the personnel. | |||
| Emergency Secure Area Sensor Management | 10 | The center shall respond to control data from center personnel regarding security sensor data collection, processing, threat detection, and threat analysis. | ||
| 12 | The center shall maintain the status of the security sensor field equipment. | |||
| Emergency Secure Area Surveillance | 02 | The center shall remotely monitor video images and audio surveillance data collected in traveler secure areas, which include transit stations, transit stops, rest areas, park and ride lots, and other fixed sites along travel routes (e.g., emergency pull-off areas and travel information centers). The data may be raw or pre-processed in the field. | ||
| 08 | The center shall remotely control security surveillance devices in traveler secure areas, which include transit stations, transit stops, rest areas, park and ride lots, and other fixed sites along travel routes (e.g., emergency pull-off areas and travel information centers). | |||
| Field Secure Area Sensor Monitoring | 10 | The field element shall include security sensors that monitor conditions in traveler secure areas, which include transit stations, transit stops, rest areas, park and ride lots, and other fixed sites along travel routes (e.g., emergency pull-off areas and travel information centers). | ||
| Field Secure Area Surveillance | 06 | The field element shall include video and/or audio surveillance of traveler secure areas including transit stations, transit stops, rest areas, park and ride lots, and other fixed sites along travel routes (e.g., emergency pull-off areas and traveler information centers). | ||
| Traveler Security | 01 | The public interface for travelers shall provide the capability for a traveler to report an emergency and summon assistance from secure areas such as transit stops, transit stations, modal transfer facilities, rest stops, park-and-ride areas, travel information areas, and emergency pull off areas. | ||
| 02 | When initiated by a traveler, the public interface for travelers shall forward a request for assistance to an emergency management function and acknowledge the request. | |||
| 03 | The public interface for travelers shall provide the capability to broadcast a message to advise or warn a traveler. | |||
| 04 | The public interface for travelers shall accept input and provide information to the traveler in a form suitable for travelers with physical disabilities. | |||
| 03 | Transit Operations needs to be able to monitor transit secure areas such as bus or rail yards and transit infrastructure such as tracks and tunnels in order to provide security for transit assets. | Emergency Secure Area Sensor Management | 01 | The center shall remotely monitor and control security sensor data collected in secure areas including facilities (e.g. transit yards) and transportation infrastructure (e.g. bridges, tunnels, interchanges, roadway infrastructure, and transit railways or guideways). The types of security sensor data include environmental threat (e.g. chemical agent, toxic industrial chemical, biological, explosives, and radiological sensors), infrastructure condition and integrity, intrusion and motion, and object detection sensors. The data may be raw or pre-processed in the field. |
| 02 | The center shall remotely monitor and control security sensor data collected in traveler secure areas, which include transit stations, transit stops, rest areas, park and ride lots, and other fixed sites along travel routes (e.g., emergency pull-off areas and travel information centers). The types of security sensor data include environmental threat (e.g. chemical agent, toxic industrial chemical, biological, explosives, and radiological sensors), intrusion and motion, and object detection sensors. The data may be raw or pre-processed in the field. | |||
| Emergency Secure Area Surveillance | 01 | The center shall remotely monitor video images and audio surveillance data collected in secure areas including facilities (e.g. transit yards) and transportation infrastructure (e.g. bridges, tunnels, interchanges, roadway infrastructure, and transit railways or guideways). The data may be raw or pre-processed in the field. | ||
| 07 | The center shall remotely control security surveillance devices in secure areas including facilities (e.g. transit yards) and transportation infrastructure (e.g. bridges, tunnels, interchanges, roadway infrastructure, and transit railways or guideways). | |||
| Field Secure Area Sensor Monitoring | 01 | The field element shall include security sensors that monitor conditions of secure areas including facilities (e.g. transit yards) and transportation infrastructure (e.g. bridges, tunnels, interchanges, roadway infrastructure, and transit railways or guideways). | ||
| 02 | The field element sensor monitoring shall be remotely controlled by a center. | |||
| 03 | The field element shall provide equipment status and fault indication of security sensor equipment to a center. | |||
| 04 | The field element shall include environmental threat sensors (e.g. chemical agent, toxic industrial chemical, biological, explosives, and radiological). | |||
| 05 | The field element shall include infrastructure condition and integrity monitoring sensors. | |||
| 06 | The field element shall include motion and intrusion detection sensors. | |||
| 07 | The field element shall include object detection sensors (such as metal detectors). | |||
| 08 | The field element shall provide raw security sensor data. | |||
| 09 | The field element shall remotely process security sensor data and provide an indication of potential incidents or threats to a center. | |||
| Field Secure Area Surveillance | 01 | The field element shall include video and/or audio surveillance of secure areas including facilities (e.g. transit yards) and transportation infrastructure (e.g. bridges, tunnels, interchanges, roadway infrastructure, and transit railways or guideways). | ||
| 02 | The field element shall be remotely controlled by a center. | |||
| 03 | The field element shall provide equipment status and fault indication of surveillance equipment to a center. | |||
| 04 | The field element shall provide raw video or audio data. | |||
| 05 | The field element shall remotely process video and audio data and provide an indication of potential incidents or threats to a center. | |||
| 04 | Transit Operations needs to be able to authenticate operators of transit vehicles and perform remote disabling of vehicles if necessary in order to ensure secure operation of the vehicles. | Transit Center Security | 03 | The center shall support the back-office portion of functionality to authenticate transit vehicle operators. |
| 09 | The center shall provide support to remotely disable (or reset the disabling of) a transit vehicle in service. | |||
| Transit Vehicle Security | 13 | The transit vehicle shall be capable of being disabled or enabled based on commands from the center or authentic inputs from the transit vehicle operator | ||
| 14 | The transit vehicle shall perform authentication of the transit vehicle operator. | |||
| 05 | Transit Operations needs to be able to alert emergency services to incidents on vehicles, at stations/stops, or other monitored assets. | Emergency Response Management | 06 | The center shall allocate the appropriate emergency services, resources, and vehicle (s) to respond to incidents, and shall provide the capability to override the current allocation to suit the special needs of a current incident. |
| 10 | The center shall provide the capability to request transit resource availability from transit centers for use during disaster and evacuation operations. | |||
| 11 | The center shall assimilate the damage assessment of the transit, traffic, rail, maintenance, and other emergency center services and systems to create an overall transportation system status, and disseminate to each of these centers and the traveling public via traveler information providers. | |||
| Emergency Secure Area Alarm Support | 04 | After the alarm message becomes a verified incident, the center shall determine the appropriate response. | ||
| 05 | The center shall determine whether the alarm message indicates an emergency that requires the attention of public safety agencies, and forward alarm message data to the appropriate agency as necessary. | |||
| Emergency Secure Area Sensor Management | 04 | The center shall exchange security sensor data with other emergency centers. | ||
| 05 | The center shall identify potential security threats based on collected security sensor data. | |||
| 06 | The center shall verify potential security threats by correlating security sensor data from multiple sources. | |||
| 07 | The center shall perform threat analysis based on correlations of security sensor and surveillance data. | |||
| Emergency Secure Area Surveillance | 04 | The center shall exchange surveillance data with other emergency centers. | ||
| 05 | The center shall identify potential security threats based on collected security surveillance data. | |||
| 06 | The center shall verify potential security threats by correlating security surveillance data from multiple sources. | |||
| Transit Center Security | 04 | The center shall provide transit incident information along with other service data to emergency centers. | ||
| 07 | The center shall coordinate the response to security incidents involving transit with other agencies including Emergency Management, other transit agencies, media, traffic management, and traveler information service providers. | |||
| 06 | Transit Operations needs to be able to inform traveler information systems or the media regarding transit related incidents in order to keep the traveling public informed of the impacts these incidents may have on their trips. | Transit Center Security | 10 | The center shall provide transit incident information to traveler information providers and the media. |
Security
In order to participate in this service package, each physical object should meet or exceed the following security levels.
| Physical Object Security | ||||
|---|---|---|---|---|
| Physical Object | Confidentiality | Integrity | Availability | Security Class |
| Alerting and Advisory System | Moderate | High | High | Class 5 |
| Basic Transit Vehicle | ||||
| Emergency Management Center | High | High | High | Class 5 |
| Media | Low | Low | Moderate | Class 1 |
| Other Emergency Management Centers | High | High | High | Class 5 |
| Rail Operations Center | Moderate | Moderate | High | Class 5 |
| Security Monitoring Equipment | High | Moderate | Moderate | Class 4 |
| Transit Management Center | High | High | High | Class 5 |
| Transit Vehicle OBE | Moderate | High | High | Class 5 |
| Transportation Information Center | Low | Low | Moderate | Class 1 |
| Traveler Support Equipment | Moderate | High | Moderate | Class 3 |
In order to participate in this service package, each information flow triple should meet or exceed the following security levels.
| Information Flow Security | |||||
|---|---|---|---|---|---|
| Source | Destination | Information Flow | Confidentiality | Integrity | Availability |
| Basis | Basis | Basis | |||
| Alerting and Advisory System | Emergency Management Center | threat support data | Moderate | High | High |
| This data is used to determine if there may be a threat to the transportation infrastructure. As this may provoke a response against that threat, this information should be protected from viewing by parties that may be related to the threat. | If this data is corrupted, potential security threats will not be detected. If this data is modified in transit, it could be used to suggest the presence or non-presence of specific individuals, which is a grave threat to the response to an incident and significant also for the cover up of illicit activity in the post-operational phase. | Since this information may indicate a threat against the transportation system, including personal safety, we can justify a HIGH rating. Lack of information could lead to extreme consequences if no response is taken. In areas where responses are already part of daily activity, this may be reduced to MODERATE. | |||
| Basic Transit Vehicle | Transit Vehicle OBE | host transit vehicle status | Moderate | Moderate | Moderate |
| This can include some sensitive data. However, other data, such as vehicle location and motion will then be broadcast. There also may be proprietary information included in this. DISC THEA believes this to be LOW: "sensor data is not confidential; harm should not come from seeing status." | This is used later on to determine whether a vehicle should request priority at an intersection. If this information is incorrect the vehicle may make false requests. All other flows that use the data from this flow have a MODERATE integrity requirement, therefore, this must also have a MODERATE integrity requirement. DISC: THEA believes this should be HIGH: "sensor data needs to be accurate and should not be tampered with." | This information would need to be available immediately for the application to work.DISC: THEA believes this should be HIGH: "sensor data must be consistently available to feed BSMs broadcast at 10Hz, notifications, etc.." | |||
| Emergency Management Center | Emergency System Operator | emergency operations status | Moderate | High | High |
| Emergency system controls should not be casually viewable as they impact the availability of emergency services, which if known could be leveraged for illegal activity. | Backoffice operations flows should generally be correct and available as these are the primary interface between operators and system. | Backoffice operations flows should generally be correct and available as these are the primary interface between operators and system. | |||
| Emergency Management Center | Other Emergency Management Centers | incident report | High | Moderate | Moderate |
| This data contains all information regarding the incident. This could include personal information regarding persons involved in the incident. It could also include sensitive information regarding special events or closures. DISC: WYO believes this to be MODERATE. | Minor discrepancies in this data should not have a catastrophic effect, but it should be reasonably controlled and accurate. | A few missed messages should not have a significant effect. However, most messages should make it through and the EMC should be able to know if the TMC has received a message. | |||
| Emergency Management Center | Other Emergency Management Centers | threat information coordination | Moderate | High | High |
| Coordination of threat response would be useful to the source of the threat, and allow them to respond to maximize intent. As such, this information must be kept from them if possible. Given that the EMC is the source of threat response, we justify HIGH. If threat responses in the area are typically similar to day-to-day opeations, can be MODERATE. | All threat-related flows should have some measure of confidence assigned to them, as they will necessarily provoke responses from the receiving entities. Corrupted or forged data could inhibit that response or cause one when none is warranted. Both of these cases offer significant negative impacts. Given the scope of the transportation system, we set this HIGH. For small-scoped systems, this may be MODERATE if the response would never be significantly different than daily operations. | Since this information may indicate a threat against the transportation system, including personal safety, we can justify a HIGH rating. Lack of information could lead to extreme consequences if no response is taken. In areas where responses are already part of daily activity, this may be reduced to MODERATE. | |||
| Emergency Management Center | Rail Operations Center | threat information | Moderate | High | High |
| This data is used to determine if there may be a threat to the transportation infrastructure. As this may provoke a response against that threat, this information should be protected from viewing by parties that may be related to the threat. | All threat-related flows should have some measure of confidence assigned to them, as they will necessarily provoke responses from the receiving entities. Corrupted or forged data could inhibit that response or cause one when none is warranted. Both of these cases offer significant negative impacts. Given the scope of the transportation system, we set this HIGH. For small-scoped systems, this may be MODERATE if the response would never be significantly different than daily operations. | Since this information may indicate a threat against the transportation system, including personal safety, we can justify a HIGH rating. Lack of information could lead to extreme consequences if no response is taken. In areas where responses are already part of daily activity, this may be reduced to MODERATE. | |||
| Emergency Management Center | Security Monitoring Equipment | infrastructure monitoring sensor control | Moderate | High | Moderate |
| Control flows, even for seemingly innocent devices, should be kept confidential to minimize attack vectors. While an individual installation may not be particularly impacted by a cyberattack of its sensor network, another installation might be severely impacted, and different installations are likely to use similar methods, so compromising one leads to compromising all. DISC: NYC believes this to be low: "This information is directly observable." | Control flows, even for seemingly innocent devices, should have MODERATE integrity at minimum, just to guarantee that intended control messages are received. Incorrect, corrupted, intercepted and modified control messages can or will result in target field devices not behaving according to operator intent. The severity of this depends on the type of device, which is why some devices are set MODERATE and some HIGH. From NYC: The information sent from TMC directly affect the ITS-RE speed "announcement". | Control flow availability is related to the criticality of being able to remotely control the device. For most devices, this is MODERATE. For purely passive devices with no incident relationship, this will be LOW. All devices should have default modes that enable them to operate without backhaul connectivity, so no device warrants a HIGH.. From NYC: The ITS-RE can work accordingly or in fail-safe if information is not available. | |||
| Emergency Management Center | Security Monitoring Equipment | secure area sensor control | Moderate | High | Moderate |
| Control flows, even for seemingly innocent devices, should be kept confidential to minimize attack vectors. While an individual installation may not be particularly impacted by a cyberattack of its sensor network, another installation might be severely impacted, and different installations are likely to use similar methods, so compromising one leads to compromising all. DISC: NYC believes this to be low: "This information is directly observable." | Control flows, even for seemingly innocent devices, should have MODERATE integrity at minimum, just to guarantee that intended control messages are received. Incorrect, corrupted, intercepted and modified control messages can or will result in target field devices not behaving according to operator intent. The severity of this depends on the type of device, which is why some devices are set MODERATE and some HIGH. From NYC: The information sent from TMC directly affect the ITS-RE speed "announcement". | Control flow availability is related to the criticality of being able to remotely control the device. For most devices, this is MODERATE. For purely passive devices with no incident relationship, this will be LOW. All devices should have default modes that enable them to operate without backhaul connectivity, so no device warrants a HIGH.. From NYC: The ITS-RE can work accordingly or in fail-safe if information is not available. | |||
| Emergency Management Center | Security Monitoring Equipment | secure area surveillance control | Moderate | High | Moderate |
| Control flows, even for seemingly innocent devices, should be kept confidential to minimize attack vectors. While an individual installation may not be particularly impacted by a cyberattack of its sensor network, another installation might be severely impacted, and different installations are likely to use similar methods, so compromising one leads to compromising all. DISC: NYC believes this to be low: "This information is directly observable." | Control flows, even for seemingly innocent devices, should have MODERATE integrity at minimum, just to guarantee that intended control messages are received. Incorrect, corrupted, intercepted and modified control messages can or will result in target field devices not behaving according to operator intent. The severity of this depends on the type of device, which is why some devices are set MODERATE and some HIGH. From NYC: The information sent from TMC directly affect the ITS-RE speed "announcement". | Control flow availability is related to the criticality of being able to remotely control the device. For most devices, this is MODERATE. For purely passive devices with no incident relationship, this will be LOW. All devices should have default modes that enable them to operate without backhaul connectivity, so no device warrants a HIGH.. From NYC: The ITS-RE can work accordingly or in fail-safe if information is not available. | |||
| Emergency Management Center | Transit Management Center | incident information | High | Moderate | Moderate |
| This data contains all of the information regarding the incident. This could include personal information regarding persons involved in the incident. It could also include sensitive information regarding special events or closures. | Minor discrepancies in this data should not have a catastrophic effect, but it should be reasonably controlled and accurate. | A few missed messages should not have a significant effect. However, most messages should make it through and the EMC should be able to know if the Transit Management Center has received a message. | |||
| Emergency Management Center | Transit Management Center | incident response status | Moderate | Moderate | Moderate |
| This flow implies details of an incident, which could be used by an attacker as intelligence gathering and target assessment. | If this data is incorrect or unavailable then maintenance assets may not be appropriately assigned, resulting in inefficient use of maintenance assets and higher overall downtime in the incident locale. | If this data is incorrect or unavailable then maintenance assets may not be appropriately assigned, resulting in inefficient use of maintenance assets and higher overall downtime in the incident locale. | |||
| Emergency Management Center | Transit Management Center | threat information | Moderate | High | High |
| This data is used to determine if there may be a threat to the transportation infrastructure. As this may provoke a response against that threat, this information should be protected from viewing by parties that may be related to the threat. | All threat-related flows should have some measure of confidence assigned to them, as they will necessarily provoke responses from the receiving entities. Corrupted or forged data could inhibit that response or cause one when none is warranted. Both of these cases offer significant negative impacts. Given the scope of the transportation system, we set this HIGH. For small-scoped systems, this may be MODERATE if the response would never be significantly different than daily operations. | Since this information may indicate a threat against the transportation system, including personal safety, we can justify a HIGH rating. Lack of information could lead to extreme consequences if no response is taken. In areas where responses are already part of daily activity, this may be reduced to MODERATE. | |||
| Emergency Management Center | Transit Vehicle OBE | alarm acknowledge | Moderate | High | Moderate |
| While this flow may not directly include PII, it responds to one that does. Security requirements for response flows set at minimum to those of the triggering flow. | Even a minor discrepancy in this data could have a significant effect for a personal safety incident. | Data describing incidents on board a transit vehicle, station or other public transport facility likely to include one or more travelers must be timely or appropriate measures may be delayed, which could impact personal safety. Could be HIGH. | |||
| Emergency Management Center | Transit Vehicle OBE | secure area sensor control | Moderate | High | Moderate |
| Control flows, even for seemingly innocent devices, should be kept confidential to minimize attack vectors. While an individual installation may not be particularly impacted by a cyberattack of its sensor network, another installation might be severely impacted, and different installations are likely to use similar methods, so compromising one leads to compromising all. DISC: NYC believes this to be low: "This information is directly observable." | Control flows, even for seemingly innocent devices, should have MODERATE integrity at minimum, just to guarantee that intended control messages are received. Incorrect, corrupted, intercepted and modified control messages can or will result in target field devices not behaving according to operator intent. The severity of this depends on the type of device, which is why some devices are set MODERATE and some HIGH. From NYC: The information sent from TMC directly affect the ITS-RE speed "announcement". | Control flow availability is related to the criticality of being able to remotely control the device. For most devices, this is MODERATE. For purely passive devices with no incident relationship, this will be LOW. All devices should have default modes that enable them to operate without backhaul connectivity, so no device warrants a HIGH.. From NYC: The ITS-RE can work accordingly or in fail-safe if information is not available. | |||
| Emergency Management Center | Transit Vehicle OBE | secure area surveillance control | Moderate | High | Moderate |
| Control flows, even for seemingly innocent devices, should be kept confidential to minimize attack vectors. While an individual installation may not be particularly impacted by a cyberattack of its sensor network, another installation might be severely impacted, and different installations are likely to use similar methods, so compromising one leads to compromising all. DISC: NYC believes this to be low: "This information is directly observable." | Control flows, even for seemingly innocent devices, should have MODERATE integrity at minimum, just to guarantee that intended control messages are received. Incorrect, corrupted, intercepted and modified control messages can or will result in target field devices not behaving according to operator intent. The severity of this depends on the type of device, which is why some devices are set MODERATE and some HIGH. From NYC: The information sent from TMC directly affect the ITS-RE speed "announcement". | Control flow availability is related to the criticality of being able to remotely control the device. For most devices, this is MODERATE. For purely passive devices with no incident relationship, this will be LOW. All devices should have default modes that enable them to operate without backhaul connectivity, so no device warrants a HIGH.. From NYC: The ITS-RE can work accordingly or in fail-safe if information is not available. | |||
| Emergency Management Center | Traveler Support Equipment | alarm acknowledge | Moderate | High | Moderate |
| While this flow may not directly include PII, it responds to one that does. Security requirements for response flows set at minimum to those of the triggering flow. | Even a minor discrepancy in this data could have a significant effect for a personal safety incident. | Data describing incidents on board a transit vehicle, station or other public transport facility likely to include one or more travelers must be timely or appropriate measures may be delayed, which could impact personal safety. Could be HIGH. | |||
| Emergency System Operator | Emergency Management Center | emergency operations input | Moderate | High | High |
| Emergency system controls should not be casually viewable as they impact the availability of emergency services, which if known could be leveraged for illegal activity. | Backoffice operations flows should generally be correct and available as these are the primary interface between operators and system. | Backoffice operations flows should generally be correct and available as these are the primary interface between operators and system. | |||
| Other Emergency Management Centers | Emergency Management Center | incident report | High | Moderate | Moderate |
| This data contains all information regarding the incident. This could include personal information regarding persons involved in the incident. It could also include sensitive information regarding special events or closures. DISC: WYO believes this to be MODERATE. | Minor discrepancies in this data should not have a catastrophic effect, but it should be reasonably controlled and accurate. | A few missed messages should not have a significant effect. However, most messages should make it through and the EMC should be able to know if the TMC has received a message. | |||
| Other Emergency Management Centers | Emergency Management Center | threat information coordination | Moderate | High | High |
| Coordination of threat response would be useful to the source of the threat, and allow them to respond to maximize intent. As such, this information must be kept from them if possible. Given that the EMC is the source of threat response, we justify HIGH. If threat responses in the area are typically similar to day-to-day opeations, can be MODERATE. | All threat-related flows should have some measure of confidence assigned to them, as they will necessarily provoke responses from the receiving entities. Corrupted or forged data could inhibit that response or cause one when none is warranted. Both of these cases offer significant negative impacts. Given the scope of the transportation system, we set this HIGH. For small-scoped systems, this may be MODERATE if the response would never be significantly different than daily operations. | Since this information may indicate a threat against the transportation system, including personal safety, we can justify a HIGH rating. Lack of information could lead to extreme consequences if no response is taken. In areas where responses are already part of daily activity, this may be reduced to MODERATE. | |||
| Security Monitoring Equipment | Emergency Management Center | infrastructure monitoring sensor data | High | Moderate | Moderate |
| Includes asset status and security-related monitoring both of which if available to a hostile third party would be useful in developing targets and inflicting damage. May be MODERATE if little such data is available or assets and potential impact is limited. | Real-time monitoring of transportation asset data should be accurate and timely to protect the monitored assets. Given that the destintation of this flow cannot act directly, it is difficult to justify HIGH, unless 'infrastructure situation data' does not exist. | As this flow includes data that reflects the condition of transportation assets, and can be used to infer the safety of use of those assets, loss of this flow means loss of asset safety monitoring, which has a potentially significant impact. | |||
| Security Monitoring Equipment | Emergency Management Center | secure area sensor data | Moderate | Moderate | Moderate |
| Any security or surveillance data should be protected from casual viewing. An attacker could use this information to assess a facility's susceptibility to attack, or intercept it and use it to monitor their own progress. | Security and surveillance data needs guarantee of accuracy. However, there will be procedures in place to verify any alarms or alerts, suggesting this could be MODERATE in most instances. For sensitive areas, this might be HIGH. | Surveillance and security data should be generally available to security systems; if this goes down it could indicate some kind of hostile action against the monitored facility. This might be HIGH for areas that are sensitive or have particularly high value equipment. | |||
| Security Monitoring Equipment | Emergency Management Center | secure area surveillance data | Moderate | Moderate | Moderate |
| Any security or surveillance data should be protected from casual viewing. An attacker could use this information to assess a facility's susceptibility to attack, or intercept it and use it to monitor their own progress. | Security and surveillance data needs guarantee of accuracy. However, there will be procedures in place to verify any alarms or alerts, suggesting this could be MODERATE in most instances. For sensitive areas, this might be HIGH. | Surveillance and security data should be generally available to security systems; if this goes down it could indicate some kind of hostile action against the monitored facility. This might be HIGH for areas that are sensitive or have particularly high value equipment. | |||
| Transit Management Center | Emergency Management Center | transit emergency data | Moderate | High | High |
| Security event or other emergency could be used by an attacker to confirm or further a crime in progress. | This must be accurate to ensure correct response, as human safety may be at stake. | Human safety could be at stake, which suggest sever consequences. | |||
| Transit Management Center | Media | transit incident information | Low | Moderate | Moderate |
| Generally, center-originating flows destined for a TIC don't contain any personal or confidential information, and are eventually intended for some kind of public consumption. | While accuracy of this data is important for decision making purposes, applications should be able to cfunction without it. Thus MODERATE generally. | While availability of this data is important for decision making purposes, applications should be able to function without it. Thus MODERATE generally. | |||
| Transit Management Center | Transit Operations Personnel | transit operations status | Moderate | High | High |
| Backoffice operations flows should have minimal protection from casual viewing, as otherwise imposters could gain illicit control or information that should not be generally available. | Backoffice operations flows should generally be correct and available as these are the primary interface between operators and system. | Backoffice operations flows should generally be correct and available as these are the primary interface between operators and system. | |||
| Transit Management Center | Transit Vehicle OBE | alarm acknowledge | Moderate | High | Moderate |
| While this flow may not directly include PII, it responds to one that does. Security requirements for response flows set at minimum to those of the triggering flow. | Even a minor discrepancy in this data could have a significant effect for a personal safety incident. | Data describing incidents on board a transit vehicle, station or other public transport facility likely to include one or more travelers must be timely or appropriate measures may be delayed, which could impact personal safety. Could be HIGH. | |||
| Transit Management Center | Transit Vehicle OBE | remote vehicle disable | Moderate | High | Moderate |
| This flow disables the target vehicle. While its integrity is thus obviously paramount, if this flow were observed by a third party they might understand what was occuring, which provides intelligence that is not necessarily visible otherwise. | Since this flow disables the target vehicle, it must be correct and difficult to forge or modify to ensure the safe operation of the vehicle. | This is one of several security-focused mechanisms that may be implemented to secure the transit vehicle. If this particular flow is relied on exclusively for security, HIGH might be considered, but given the constraint of a wireless medium, that is likely impractical. | |||
| Transit Management Center | Transit Vehicle OBE | transit vehicle operator authentication update | Moderate | High | High |
| Authentication information exchanged probably does not include PII, but even so it betrays actions that are otherwise not easy to observe and not designed to be observable. Attackers might use this information during the commission of a crime. | As this may be used as part of transit vehicle security processes, any corruption or manipulation of this flow could defeat those processes, impacting vehicle security. | There are likely onboard mechanisms for coping with a loss of availability, but if this flow is a critical part of transit security then it really should be protected at all costs. Possibly MODERATE. | |||
| Transit Management Center | Transportation Information Center | transit incident information | Low | Moderate | Moderate |
| Generally, center-originating flows destined for a TIC don't contain any personal or confidential information, and are eventually intended for some kind of public consumption. | While accuracy of this data is important for decision making purposes, applications should be able to cfunction without it. Thus MODERATE generally. | While availability of this data is important for decision making purposes, applications should be able to function without it. Thus MODERATE generally. | |||
| Transit Management Center | Traveler Support Equipment | alarm acknowledge | Moderate | High | Moderate |
| While this flow may not directly include PII, it responds to one that does. Security requirements for response flows set at minimum to those of the triggering flow. | Even a minor discrepancy in this data could have a significant effect for a personal safety incident. | Data describing incidents on board a transit vehicle, station or other public transport facility likely to include one or more travelers must be timely or appropriate measures may be delayed, which could impact personal safety. Could be HIGH. | |||
| Transit Operations Personnel | Transit Management Center | transit operations personnel input | Moderate | High | High |
| Backoffice operations flows should have minimal protection from casual viewing, as otherwise imposters could gain illicit control or information that should not be generally available. | Backoffice operations flows should generally be correct and available as these are the primary interface between operators and system. | Backoffice operations flows should generally be correct and available as these are the primary interface between operators and system. | |||
| Transit Vehicle OBE | Basic Transit Vehicle | transit vehicle control | Moderate | High | High |
| Internal vehicle flow that if reverse engineered could enable third party vehicle control. Largely a competitive question, could be set LOW if manufacturer and operator are not concerned with this type of compromise. | Includes vehicle control commands, which must be timely and accurate to support safe vehicle operation. | Includes vehicle control commands, which must be timely and accurate to support safe vehicle operation. | |||
| Transit Vehicle OBE | Emergency Management Center | alarm notification | Moderate | High | Moderate |
| This flow contains regarding an issue aboard a transit vehicle. This identity of the vehicle as well as its location will be included. Video and personal information regarding persons involved in the incident and the type of incident could also be included. All of this could be PII. | Even a minor discrepancy in this data could have a significant effect for a personal safety incident. | Data describing incidents on board a transit vehicle must be timely or appropriate measures may be delayed, which could impact safety on board the vehicle. Could be HIGH. | |||
| Transit Vehicle OBE | Emergency Management Center | secure area sensor data | Moderate | Moderate | Moderate |
| Any security or surveillance data should be protected from casual viewing. An attacker could use this information to assess a facility's susceptibility to attack, or intercept it and use it to monitor their own progress. | Security and surveillance data needs guarantee of accuracy. However, there will be procedures in place to verify any alarms or alerts, suggesting this could be MODERATE in most instances. For sensitive areas, this might be HIGH. | Surveillance and security data should be generally available to security systems; if this goes down it could indicate some kind of hostile action against the monitored facility. This might be HIGH for areas that are sensitive or have particularly high value equipment. | |||
| Transit Vehicle OBE | Emergency Management Center | secure area surveillance data | Moderate | Moderate | Moderate |
| Any security or surveillance data should be protected from casual viewing. An attacker could use this information to assess a facility's susceptibility to attack, or intercept it and use it to monitor their own progress. | Security and surveillance data needs guarantee of accuracy. However, there will be procedures in place to verify any alarms or alerts, suggesting this could be MODERATE in most instances. For sensitive areas, this might be HIGH. | Surveillance and security data should be generally available to security systems; if this goes down it could indicate some kind of hostile action against the monitored facility. This might be HIGH for areas that are sensitive or have particularly high value equipment. | |||
| Transit Vehicle OBE | Transit Management Center | alarm notification | Moderate | High | Moderate |
| This flow contains regarding an issue aboard a transit vehicle. This identity of the vehicle as well as its location will be included. Video and personal information regarding persons involved in the incident and the type of incident could also be included. All of this could be PII. | Even a minor discrepancy in this data could have a significant effect for a personal safety incident. | Data describing incidents on board a transit vehicle must be timely or appropriate measures may be delayed, which could impact safety on board the vehicle. Could be HIGH. | |||
| Transit Vehicle OBE | Transit Management Center | transit vehicle conditions | Moderate | Moderate | Moderate |
| Basic diagnostic information should not be sensitive, but any warnings or alarms could be, particularly if they are related to an incident or hostile event related to the vehicle. Such information could be used as part of damage assessment or target identification. | This needs to be accurate to properly schedule maintenance activities (for the basic maintenance data items) and to properly respond to warning indicators. If corrupted or unavailable, there could be a significant repurcussion for the vehicle and by extension, the vehicle operator. | This needs to be accurate to properly schedule maintenance activities (for the basic maintenance data items) and to properly respond to warning indicators. If corrupted or unavailable, there could be a significant repurcussion for the vehicle and by extension, the vehicle operator. | |||
| Transit Vehicle OBE | Transit Management Center | transit vehicle location data | Moderate | Moderate | Moderate |
| While internal, contains identification, passenger load and routing data that if observed could be used by an attacker to identify targets. | Applications relying on this data will not function properly if the data is incorrect, so it must be protected commensurate to the value of the application. | Applications relying on this data will not function properly if the data is incorrect, so it must be protected commensurate to the value of the application. Location data is dynamic, so probably needs to be updated frequently. | |||
| Transit Vehicle OBE | Transit Management Center | transit vehicle operator authentication information | Moderate | High | High |
| Authentication information exchanged probably does not include PII, but even so it betrays actions that are otherwise not easy to observe and not designed to be observable. Attackers might use this information during the commission of a crime. | As this may be used as part of transit vehicle security processes, any corruption or manipulation of this flow could defeat those processes, impacting vehicle security. | There are likely onboard mechanisms for coping with a loss of availability, but if this flow is a critical part of transit security then it really should be protected at all costs. Possibly MODERATE. | |||
| Transit Vehicle OBE | Transit Vehicle Operator | transit vehicle operator display | Low | Moderate | Low |
| This should not include any sensitive information. It would be possible for a person standing behind the driver to observe the information transmitted. | Some minimal guarantee of data integrity is necessary for all C-ITS flows. This entire application should not directly affect the drivers driving habits. The operator should still be slowing and stopping at yellow or red lights, along with observing all other driving regulations. DISC: Original V2I analysis classified this as LOW. | Even if the operator is not made aware of the signal preemption, the system should still operate correctly. The operator should be using the traffic lights to influence their decision about whether or not to stop, not the display. | |||
| Transit Vehicle OBE | Traveler | traveler interface updates | Not Applicable | Moderate | Moderate |
| This data is informing the vehicle of operational information that is relevant to the operation of the vehicle. It should not contain anything sensitive, and does not matter if another person can observe it. | Should be accurate as the Traveler will be relying on this information for routing and related choices. Lack of accuracy will result in lack of confidence from the traveler as well as an unsatisfactory trip, leading to a negative feedback spiral. | Users expect their devices to work. If information is not presented to the operator, the relevant applications simply won't be used. | |||
| Transit Vehicle Operator | Transit Vehicle OBE | transit vehicle operator input | Low | Moderate | Low |
| This information is transmitted through systems on board the Transit Vehicle. Even if the vehicle were compromised and these communications monitored, most of this information is directly observable. | Some minimal guarantee of data integrity is necessary for all C-ITS flows. If this is compromised, it could result in an incorrect signal priority request, which has minimal impact. DISC: Original V2I analysis classified this as LOW. | A delay in reporting this may result in a signal priority request not going through, which has minimal impact. | |||
| Traveler | Transit Vehicle OBE | traveler input | Not Applicable | Moderate | Low |
| This data is informing the vehicle of operational information that is relevant to the operation of the vehicle. It should not contain anything sensitive, and does not matter if another person can observe it. | While public, information must be correct or travelers may make incorrect decisions with regard to their travel plans. | Information is available through other means, though depending on the location this might not always be the case, in which case this would be MODERATE. | |||
| Traveler | Traveler Support Equipment | traveler input | Not Applicable | Moderate | Low |
| Publicly available information, while not directly observable, is intended for widespread distribution | While public, information must be correct or travelers may make incorrect decisions with regard to their travel plans. | Information is available through other means, though depending on the location this might not always be the case, in which case this would be MODERATE. | |||
| Traveler Support Equipment | Emergency Management Center | alarm notification | Moderate | High | Moderate |
| This flow contains regarding an issue at a public location that could involve human safety. This identity of the device reporting the alarm as well as its location will be included. Other data incuding video if available, and relevant personal information regarding persons involved in the incident and the type of incident may also be provided, all of which is PII. | Even a minor discrepancy in this data could have a significant effect for a personal safety incident. | Data describing incidents at a publicly managed area must be timely or appropriate measures might be delayed, which could impact safety at the location. Could be HIGH. | |||
| Traveler Support Equipment | Transit Management Center | alarm notification | Moderate | High | Moderate |
| This flow contains regarding an issue at a public location that could involve human safety. This identity of the device reporting the alarm as well as its location will be included. Other data incuding video if available, and relevant personal information regarding persons involved in the incident and the type of incident may also be provided, all of which is PII. | Even a minor discrepancy in this data could have a significant effect for a personal safety incident. | Data describing incidents at a publicly managed area must be timely or appropriate measures might be delayed, which could impact safety at the location. Could be HIGH. | |||
| Traveler Support Equipment | Traveler | traveler interface updates | Not Applicable | Moderate | Moderate |
| Publicly available information, while not directly observable, is intended for widespread distribution | Should be accurate as the Traveler will be relying on this information for routing and related choices. Lack of accuracy will result in lack of confidence from the traveler as well as an unsatisfactory trip, leading to a negative feedback spiral. | Users expect their devices to work. If information is not presented to the operator, the relevant applications simply won't be used. | |||
Standards
Currently, there are no standards associated with the physical objects in this service package. For standards related to interfaces, see the specific information flow triple pages.
System Requirements
| System Requirement | Need | ||
|---|---|---|---|
| 001 | The system shall allocate the appropriate emergency services, resources, and vehicle (s) to respond to incidents, and shall provide the capability to override the current allocation to suit the special needs of a current incident. | 05 | Transit Operations needs to be able to alert emergency services to incidents on vehicles, at stations/stops, or other monitored assets. |
| 002 | The system shall provide the capability to request transit resource availability from transit centers for use during disaster and evacuation operations. | 05 | Transit Operations needs to be able to alert emergency services to incidents on vehicles, at stations/stops, or other monitored assets. |
| 003 | The system shall assimilate the damage assessment of the transit, traffic, rail, maintenance, and other emergency center services and systems to create an overall transportation system status, and disseminate to each of these centers and the traveling pub | 05 | Transit Operations needs to be able to alert emergency services to incidents on vehicles, at stations/stops, or other monitored assets. |
| 004 | The system shall collect silent and audible alarms received from travelers in secure areas (such as transit stops, rest areas, park and ride lots, modal interchange facilities). | 02 | Transit Operations needs to be able to monitor transit stops and transit stations in order to provide a secure environment for travelers. |
| 005 | The system shall collect silent and audible alarms received from transit vehicles, originated by the traveler or the transit vehicle operator. | 01 | Transit Operations needs to be able to monitor conditions on a transit vehicle in order to provide a secure environment for travelers. |
| 006 | After the alarm message has been received, the system shall generate an alarm acknowledgment to the sender. | 01 | Transit Operations needs to be able to monitor conditions on a transit vehicle in order to provide a secure environment for travelers. |
| 02 | Transit Operations needs to be able to monitor transit stops and transit stations in order to provide a secure environment for travelers. | ||
| 007 | After the alarm message becomes a verified incident, the system shall determine the appropriate response. | 05 | Transit Operations needs to be able to alert emergency services to incidents on vehicles, at stations/stops, or other monitored assets. |
| 008 | The system shall determine whether the alarm message indicates an emergency that requires the attention of public safety agencies, and forward alarm message data to the appropriate agency as necessary. | 05 | Transit Operations needs to be able to alert emergency services to incidents on vehicles, at stations/stops, or other monitored assets. |
| 009 | The system shall forward the alarm message to center personnel and respond to the traveler or transit vehicle operator as directed by the personnel. | 01 | Transit Operations needs to be able to monitor conditions on a transit vehicle in order to provide a secure environment for travelers. |
| 02 | Transit Operations needs to be able to monitor transit stops and transit stations in order to provide a secure environment for travelers. | ||
| 010 | The system shall remotely monitor and control security sensor data collected in secure areas including facilities (e.g. transit yards) and transportation infrastructure (e.g. bridges, tunnels, interchanges, roadway infrastructure, and transit railways or | 03 | Transit Operations needs to be able to monitor transit secure areas such as bus or rail yards and transit infrastructure such as tracks and tunnels in order to provide security for transit assets. |
| 011 | The system shall remotely monitor and control security sensor data collected in traveler secure areas, which include transit stations, transit stops, rest areas, park and ride lots, and other fixed sites along travel routes (e.g., emergency pull-off areas | 03 | Transit Operations needs to be able to monitor transit secure areas such as bus or rail yards and transit infrastructure such as tracks and tunnels in order to provide security for transit assets. |
| 012 | The system shall remotely monitor and control security sensor data collected on-board transit vehicles. The types of security sensor data include environmental threat (e.g. chemical agent, toxic industrial chemical, biological, explosives, and radiologic | 01 | Transit Operations needs to be able to monitor conditions on a transit vehicle in order to provide a secure environment for travelers. |
| 013 | The system shall exchange security sensor data with other emergency centers. | 05 | Transit Operations needs to be able to alert emergency services to incidents on vehicles, at stations/stops, or other monitored assets. |
| 014 | The system shall identify potential security threats based on collected security sensor data. | 05 | Transit Operations needs to be able to alert emergency services to incidents on vehicles, at stations/stops, or other monitored assets. |
| 015 | The system shall verify potential security threats by correlating security sensor data from multiple sources. | 05 | Transit Operations needs to be able to alert emergency services to incidents on vehicles, at stations/stops, or other monitored assets. |
| 016 | The system shall perform threat analysis based on correlations of security sensor and surveillance data. | 05 | Transit Operations needs to be able to alert emergency services to incidents on vehicles, at stations/stops, or other monitored assets. |
| 017 | The system shall respond to control data from center personnel regarding security sensor data collection, processing, threat detection, and threat analysis. | 01 | Transit Operations needs to be able to monitor conditions on a transit vehicle in order to provide a secure environment for travelers. |
| 02 | Transit Operations needs to be able to monitor transit stops and transit stations in order to provide a secure environment for travelers. | ||
| 018 | The system shall maintain the status of the security sensor field equipment. | 02 | Transit Operations needs to be able to monitor transit stops and transit stations in order to provide a secure environment for travelers. |
| 019 | The system shall remotely monitor video images and audio surveillance data collected in secure areas including facilities (e.g. transit yards) and transportation infrastructure (e.g. bridges, tunnels, interchanges, roadway infrastructure, and transit rail | 03 | Transit Operations needs to be able to monitor transit secure areas such as bus or rail yards and transit infrastructure such as tracks and tunnels in order to provide security for transit assets. |
| 020 | The system shall remotely monitor video images and audio surveillance data collected in traveler secure areas, which include transit stations, transit stops, rest areas, park and ride lots, and other fixed sites along travel routes (e.g., emergency pull-o | 02 | Transit Operations needs to be able to monitor transit stops and transit stations in order to provide a secure environment for travelers. |
| 021 | The system shall remotely monitor video images and audio surveillance data collected on-board transit vehicles. The data may be raw or pre-processed in the field. | 01 | Transit Operations needs to be able to monitor conditions on a transit vehicle in order to provide a secure environment for travelers. |
| 022 | The system shall exchange surveillance data with other emergency centers. | 05 | Transit Operations needs to be able to alert emergency services to incidents on vehicles, at stations/stops, or other monitored assets. |
| 023 | The system shall identify potential security threats based on collected security surveillance data. | 05 | Transit Operations needs to be able to alert emergency services to incidents on vehicles, at stations/stops, or other monitored assets. |
| 024 | The system shall verify potential security threats by correlating security surveillance data from multiple sources. | 05 | Transit Operations needs to be able to alert emergency services to incidents on vehicles, at stations/stops, or other monitored assets. |
| 025 | The system shall remotely control security surveillance devices in secure areas including facilities (e.g. transit yards) and transportation infrastructure (e.g. bridges, tunnels, interchanges, roadway infrastructure, and transit railways or guideways). | 03 | Transit Operations needs to be able to monitor transit secure areas such as bus or rail yards and transit infrastructure such as tracks and tunnels in order to provide security for transit assets. |
| 026 | The system shall remotely control security surveillance devices in traveler secure areas, which include transit stations, transit stops, rest areas, park and ride lots, and other fixed sites along travel routes (e.g., emergency pull-off areas and travel i | 02 | Transit Operations needs to be able to monitor transit stops and transit stations in order to provide a secure environment for travelers. |
| 027 | The system shall remotely control security surveillance devices on-board transit vehicles. | 01 | Transit Operations needs to be able to monitor conditions on a transit vehicle in order to provide a secure environment for travelers. |
| 028 | The system shall monitor transit vehicle operational data to determine if the transit vehicle is off-route and assess whether a security incident is occurring. | 01 | Transit Operations needs to be able to monitor conditions on a transit vehicle in order to provide a secure environment for travelers. |
| 029 | The system shall receive reports of emergencies on-board transit vehicles entered directly be the transit vehicle operator or from a traveler through interfaces such as panic buttons or alarm switches. | 01 | Transit Operations needs to be able to monitor conditions on a transit vehicle in order to provide a secure environment for travelers. |
| 030 | The system shall support the back-office portion of functionality to authenticate transit vehicle operators. | 04 | Transit Operations needs to be able to authenticate operators of transit vehicles and perform remote disabling of vehicles if necessary in order to ensure secure operation of the vehicles. |
| 031 | The system shall provide transit incident information along with other service data to emergency centers. | 05 | Transit Operations needs to be able to alert emergency services to incidents on vehicles, at stations/stops, or other monitored assets. |
| 032 | The system shall coordinate the response to security incidents involving transit with other agencies including Emergency Management, other transit agencies, media, traffic management, and traveler information service providers. | 05 | Transit Operations needs to be able to alert emergency services to incidents on vehicles, at stations/stops, or other monitored assets. |
| 033 | The system shall provide support to remotely disable (or reset the disabling of) a transit vehicle in service. | 04 | Transit Operations needs to be able to authenticate operators of transit vehicles and perform remote disabling of vehicles if necessary in order to ensure secure operation of the vehicles. |
| 034 | The system shall provide transit incident information to traveler information providers and the media. | 06 | Transit Operations needs to be able to inform traveler information systems or the media regarding transit related incidents in order to keep the traveling public informed of the impacts these incidents may have on their trips. |
| 035 | The system shall include security sensors that monitor conditions of secure areas including facilities (e.g. transit yards) and transportation infrastructure (e.g. bridges, tunnels, interchanges, roadway infrastructure, and transit railways or guideways). | 03 | Transit Operations needs to be able to monitor transit secure areas such as bus or rail yards and transit infrastructure such as tracks and tunnels in order to provide security for transit assets. |
| 036 | The system shall be remotely controlled by a center. | 03 | Transit Operations needs to be able to monitor transit secure areas such as bus or rail yards and transit infrastructure such as tracks and tunnels in order to provide security for transit assets. |
| 037 | The system shall provide equipment status and fault indication of security sensor equipment to a center. | 03 | Transit Operations needs to be able to monitor transit secure areas such as bus or rail yards and transit infrastructure such as tracks and tunnels in order to provide security for transit assets. |
| 038 | The system shall include environmental threat sensors (e.g. chemical agent, toxic industrial chemical, biological, explosives, and radiological). | 03 | Transit Operations needs to be able to monitor transit secure areas such as bus or rail yards and transit infrastructure such as tracks and tunnels in order to provide security for transit assets. |
| 039 | The system shall include infrastructure condition and integrity monitoring sensors. | 03 | Transit Operations needs to be able to monitor transit secure areas such as bus or rail yards and transit infrastructure such as tracks and tunnels in order to provide security for transit assets. |
| 040 | The system shall include motion and intrusion detection sensors. | 03 | Transit Operations needs to be able to monitor transit secure areas such as bus or rail yards and transit infrastructure such as tracks and tunnels in order to provide security for transit assets. |
| 041 | The system shall include object detection sensors (such as metal detectors). | 03 | Transit Operations needs to be able to monitor transit secure areas such as bus or rail yards and transit infrastructure such as tracks and tunnels in order to provide security for transit assets. |
| 042 | The system shall provide raw security sensor data. | 03 | Transit Operations needs to be able to monitor transit secure areas such as bus or rail yards and transit infrastructure such as tracks and tunnels in order to provide security for transit assets. |
| 043 | The system shall remotely process security sensor data and provide an indication of potential incidents or threats to a center. | 03 | Transit Operations needs to be able to monitor transit secure areas such as bus or rail yards and transit infrastructure such as tracks and tunnels in order to provide security for transit assets. |
| 044 | The system shall include security sensors that monitor conditions in traveler secure areas, which include transit stations, transit stops, rest areas, park and ride lots, and other fixed sites along travel routes (e.g., emergency pull-off areas and travel | 02 | Transit Operations needs to be able to monitor transit stops and transit stations in order to provide a secure environment for travelers. |
| 045 | The system shall include video and/or audio surveillance of secure areas including facilities (e.g. transit yards) and transportation infrastructure (e.g. bridges, tunnels, interchanges, roadway infrastructure, and transit railways or guideways). | 03 | Transit Operations needs to be able to monitor transit secure areas such as bus or rail yards and transit infrastructure such as tracks and tunnels in order to provide security for transit assets. |
| 046 | The system shall provide equipment status and fault indication of surveillance equipment to a center. | 03 | Transit Operations needs to be able to monitor transit secure areas such as bus or rail yards and transit infrastructure such as tracks and tunnels in order to provide security for transit assets. |
| 047 | The system shall provide raw video or audio data. | 03 | Transit Operations needs to be able to monitor transit secure areas such as bus or rail yards and transit infrastructure such as tracks and tunnels in order to provide security for transit assets. |
| 048 | The system shall remotely process video and audio data and provide an indication of potential incidents or threats to a center. | 03 | Transit Operations needs to be able to monitor transit secure areas such as bus or rail yards and transit infrastructure such as tracks and tunnels in order to provide security for transit assets. |
| 049 | The system shall include video and/or audio surveillance of traveler secure areas including transit stations, transit stops, rest areas, park and ride lots, and other fixed sites along travel routes (e.g., emergency pull-off areas and traveler information | 02 | Transit Operations needs to be able to monitor transit stops and transit stations in order to provide a secure environment for travelers. |
| 050 | The system shall provide the capability for a traveler to report an emergency and summon assistance from secure areas such as transit stops, transit stations, modal transfer facilities, rest stops, park-and-ride areas, travel information areas, and emerge | 02 | Transit Operations needs to be able to monitor transit stops and transit stations in order to provide a secure environment for travelers. |
| 051 | The system shall forward a request for assistance to an emergency management function and acknowledge the request. | 02 | Transit Operations needs to be able to monitor transit stops and transit stations in order to provide a secure environment for travelers. |
| 052 | The system shall provide the capability to broadcast a message to advise or warn a traveler. | 02 | Transit Operations needs to be able to monitor transit stops and transit stations in order to provide a secure environment for travelers. |
| 053 | The system shall accept input and provide information to the traveler in a form suitable for travelers with physical disabilities. | 02 | Transit Operations needs to be able to monitor transit stops and transit stations in order to provide a secure environment for travelers. |
| 054 | The system shall perform video and audio surveillance inside of transit vehicles and output raw video or audio data for either local monitoring (for processing or direct output to the transit vehicle operator), remote monitoring or for local storage (e.g. | 01 | Transit Operations needs to be able to monitor conditions on a transit vehicle in order to provide a secure environment for travelers. |
| 055 | The system shall perform local monitoring of video or audio surveillance data collected inside of transit vehicles, and identify potential incidents or threats based on received processing parameters. | 01 | Transit Operations needs to be able to monitor conditions on a transit vehicle in order to provide a secure environment for travelers. |
| 056 | The system shall output an indication of potential incidents or threats and the processed video or audio information to the center along with the vehicle's current location. | 01 | Transit Operations needs to be able to monitor conditions on a transit vehicle in order to provide a secure environment for travelers. |
| 057 | The system shall detect potential threats via sensors for chemical agents, toxic industrial chemicals, biological agents, explosives, and radiation. | 01 | Transit Operations needs to be able to monitor conditions on a transit vehicle in order to provide a secure environment for travelers. |
| 058 | The system shall detect potential threats via object detection sensors (e.g. metal detectors). | 01 | Transit Operations needs to be able to monitor conditions on a transit vehicle in order to provide a secure environment for travelers. |
| 059 | The system shall output an indication of potential incidents or threats and the processed sensor information to the center along with the vehicle's current location. | 01 | Transit Operations needs to be able to monitor conditions on a transit vehicle in order to provide a secure environment for travelers. |
| 060 | The system shall accept sensor control data to allow remote control of the sensors. | 01 | Transit Operations needs to be able to monitor conditions on a transit vehicle in order to provide a secure environment for travelers. |
| 061 | The system shall monitor and output surveillance and sensor equipment status and fault indications. | 01 | Transit Operations needs to be able to monitor conditions on a transit vehicle in order to provide a secure environment for travelers. |
| 062 | The system shall accept emergency inputs from either the transit vehicle operator or a traveler through such interfaces as panic buttons, silent or audible alarms, etc. | 01 | Transit Operations needs to be able to monitor conditions on a transit vehicle in order to provide a secure environment for travelers. |
| 063 | The system shall output reported emergencies to the center. | 01 | Transit Operations needs to be able to monitor conditions on a transit vehicle in order to provide a secure environment for travelers. |
| 064 | The system shall receive acknowledgments of the emergency request from the center and output this acknowledgment to the transit vehicle operator or to the travelers. | 01 | Transit Operations needs to be able to monitor conditions on a transit vehicle in order to provide a secure environment for travelers. |
| 065 | The system shall receive an emergency message for broadcast to the travelers or to the transit vehicle operator. | 01 | Transit Operations needs to be able to monitor conditions on a transit vehicle in order to provide a secure environment for travelers. |
| 066 | The system shall be disabled or enabled based on commands from the center or authentic inputs from the transit vehicle operator | 04 | Transit Operations needs to be able to authenticate operators of transit vehicles and perform remote disabling of vehicles if necessary in order to ensure secure operation of the vehicles. |
| 067 | The system shall perform authentication of the transit vehicle operator. | 04 | Transit Operations needs to be able to authenticate operators of transit vehicles and perform remote disabling of vehicles if necessary in order to ensure secure operation of the vehicles. |