Cybersecurity for the Advanced Transportation Controller (ATC) Standards

The United States Department of Transportation has supported the development of Advanced Transportation Controller (ATC) family of standards including ATC 5201 v06a, ATC 5401 v02A Application Programming Interface for the Advanced Transportation Controller Standard, and ATC 5301 v02 ATC Cabinet Standard for more than 20 years. The infrastructure community has supported the development of these ATC family of standards as they are critically important to the deployment of ITS systems that are interoperable and sustainable nationwide. The deployment of connected vehicle (CV) technologies has brought urgency to the need for heightened security on ITS infrastructure devices and is driving changes to the ATC family of standards to ensure connected infrastructure readiness.

The Institute of Transportation Engineers (ITE), with support from the National Electrical Manufacturers Association (NEMA), American Association of State Highway and Transportation Officials (AASHTO), SAE International, and other organizations, will develop security standards consistent with the ATC standards family to help increase the security of ITS infrastructure deployments nationwide. The project will use a systems engineering process and cybersecurity framework principles combined with a standards development process to produce interim and final deliverables.

The procedure for standards development is generally outlined as follows: Once a decision is made to develop an ITE Standard or Recommended Practice, a committee is assigned the preparation task. The draft material is subjected to a review process before the proposed standard is published. A list of persons interested in the standard is maintained, and these individuals are kept abreast of the development of the standard. Notices are also published by ITE notifying interested parties of the status of specific standards. All comments and input received on proposed standards are addressed prior to final adoption. An appeals process is provided to resolve any final disagreements on a specific standard or to address the standards development procedures.

This project has the following four major objectives:

Establish a stakeholder group with balanced representation from both current infrastructure as well as the Connected environment that is focused on cybersecurity of all deployments based on the ATC standards (published and currently in ballot).
Ensure broad outreach to infrastructure, security, and connected vehicle communities represented by AASHTO, NEMA, SAE, ITE, and other organizations. With the help of stakeholders, create a set of security needs, requirements, and design through a systems engineering process.
Build a design for security for the ATC family that is deployable and sustainable nationwide. This security design improvement could also be applicable to other infrastructure and Connected Vehicle (CV) systems.
Publish security updates to the ATC standards family that ensures resiliency to include the CV environment, using the systems engineering and SDO processes.

In order to accomplish this, a broad base of stakeholders representing both the private and the public sectors is needed to provide input, review draft project deliverables, provide comments, and be a resource of expertise for the project team. The development of the standard will follow a consensus-based systems engineering process that will produce a concept of operations with user needs identified, requirements, and design details for the standard. At each phase, there will be a walkthrough reviews with the stakeholders. It is anticipated that there could be up to fifteen web-enabled meetings over the course of the project through March 2024. You do not need to be an expert in the ATC standards to contribute.

Stakeholders in the cybersecurity of transportation field equipment are invited including:

Traffic operations (especially field equipment)
Traffic control equipment (familiarity with ATC standards is ideal)
Cybersecurity (systems, devices, communications, information technology)
Transportation field applications (in use today and expected in the near future)
Automotive industry (manufacturers, suppliers, vehicle-infrastructure applications)
Data and services (providers of roadway data, metadata, and services that are based on roadway information)

To participate in this project, please email as follows:

Address: standards@ite.org

Subject: ATC Cybersecurity Stakeholder

Version No.	Standard/Document Name	Overall Status- Not Started/ Under Development / Published	Date Completed
	ATC Cybersecurity Test Report	Not Started
	Jointly Approved ATC Cybersecurity Standard	Not Started
	Recommended ATC Cybersecurity Standard	Not Started
	UCD Comments Disposition Report	Not Started
	User Comment Draft (UCD) ATC Cybersecurity Standard	Not Started
	SDD Walkthrough Comment Resolution Report	Not Started
	SDD Walkthorugh Workbook	Not Started
	SDD Walkthrough Plan	Not Started
	Draft System Design Details (SDD)	Not Started
	Final SRS	Not Started
	SRS Walkthrough Comment Resolution Report	Not Started
	SRS Walkthorugh Workbook	Not Started
	SRS Walkthrough Plan	Not Started
	Draft System Requirement Specification (SRS)	Under Development
v01.03	Final ConOps	Published	8/8/2023
	ConOps Walkthrough Comment Resolution Report	Published	9/26/2023
	ConOps Walkthrough Workbook	Published	7/2/2023
	ConOps Walkthrough Plan	Published	6/15/2023
	Draft Concept of Operations (ConOps)	Published	7/2/2023
v01.02	White Paper Summarizing Prior & Ongoing Cybersecurity Research & Practices	Published	9/6/2022
	Stakeholder Interview Summary Report	Under Development
	Project Management Plan (PMP) and System Engineering Management Plan (SEMP)	Published	11/21/2022
	Schedule	Published	1/8/2024
	Period of Performance (POP)		9/22/21- 3/21/24