Network Security

The road network and vehicle industry are at the beginning of a period of significant change as innovative solutions are sought to improve the safety, serviceability, sustainability and resilience of infrastructure. The way in which networks are managed and the way in which road space is utilised is evolving – with greater use of technology to monitor network conditions and to actively manage traffic. (See ITS and Network Monitoring and Traffic Management) There has also been a significant increase in the complexity of vehicle technology – for example, the use of hybrid and electric vehicles, and developments relating to vehicle connectivity and automation. (See Driver Support)

Changes in the use of technology create vulnerabilities. These are open to exploitation for malicious or hostile reasons – risking interference with vehicles and infrastructure. A security minded approach is necessary to assess and minimise potential risks and to manage incidents and evaluate measures taken.

A security-minded approach is defined as the understanding of the need for – and routine application of – appropriate and proportionate security measures to deter and/or disrupt hostile, malicious, fraudulent and criminal behaviours or activities. This approach needs to address four areas – people, processes, physical security and technical security.

By integrating these four areas it is possible to create an approach to network security that delivers:

• safety - preventing the creation of harmful situations which may lead to injury or loss of life or unintentional environmental damage
• authenticity - ensuring that inputs and outputs are genuine and no tampering has occurred
• availability (including reliability) – ensuring road infrastructure accessibility and usability in an appropriate and timely way
• confidentiality - ensuring control of access and prevention of unauthorised access to both physical and information assets
• integrity - maintaining consistency, coherence and configuration of the road infrastructure and systems
• possession - preventing unauthorised control, manipulation or interference with facilities and services
• resilience - ensuring the ability to transform, renew and recover service in a timely fashion in response to adverse events
• utility - ensuring usability and usefulness over time, of data, information and systems.

The application of a security-minded approach requires road operators to work with partner organisations, such as the police, and security advisers. (See Planning and Reporting) This helps to develop an understanding of potential threats and their impact, key vulnerabilities and the nature of mitigating measures required. A failure of security – for any reason – will require a full assessment so that the reasons for failure are understood and lessons can be learnt. (See Emergency Response)