This article is more than 1 year old
Australian traffic lights need better security says auditor-general
Poor passwords, proprietary code ... what could possibly go - CRASH! - wrong?
The Auditor-General of the Australian State of New South Wales (NSW) and the state's roads bureaucrats are at loggerheads over whether or not traffic signal infrastructure is vulnerable to attacks over the Internet.
In a report on critical infrastructure security, the audit office asserts that “systems in place to manage traffic signals are not as secure as they should be”.
The report adds that “there is a potential for unauthorised access to sensitive information and systems that could result in traffic disruptions, and even accidents in one particular section of the road network”.
The report, naturally enough, doesn't identify where the vulnerabilities might exist.
The bloodstream of the network is the locally-developed SCATS – Sydney Co-ordinated Adaptive Traffic System – which was first developed in the 1970s by the current Roads & Maritime Services predecessor, the Roads and Traffic Authority.
The auditor identifies key risks as being poor SCATS password control; and asserts that some servers in the network are only receiving anti-virus updates on a weekly basis (Transport for NSW {TfNSW} says servers have since been reconfigured to receive daily updates).
There's also concern that the roadside cabinets – the immediate control of traffic signals – are too easy to break into, that staff aren't well trained to respond to security incidents, and that some software isn't patched frequently enough.
The operating system patching note is interesting: “TMC IT staff were not aware that TfNSW had organised NSW Government extended support for these components”, the report states, which raises the awful prospect that the systems are still operating on quite old Windows operating system versions.
The Transport Management Centre was also the focus of some criticism, since TfNSW is in the process of creating a backup data centre for the TMC. That means while it's easy to switch locations if the centre itself is unable to function, a failure in the data centre would currently be catastrophic.
TfNSW, however, isn't certain that things are dire. In its response, published as part of the report, it states:
“Whilst Transport accepts that there is a possibility for unauthorised access to sensitive information and systems, as there is for all inter-connected industrial control systems, we refute the suggestion the result could " ... cause accidents on one particular section of the road network”."
Even the auditor's report notes that attacks on the traffic light infrastructure are unlikely to lead to a cascade of Camrys nose-to-tailing:
“Traffic light controllers are highly resistant to standard hacking techniques. The devices in use have been certified to formal Australian Standards that require safety interlocks. These interlocks are used to prevent simultaneous green lights creating a dangerous situation at an intersection. Electromechanical testing done to TSC4 (an RMS standard adopted by the Australian Standards AS2578.2009) ensures that an intersection cannot create an accident, that is green-green or yellow-green“.
The same report also recommended improvements to the Sydney Water security infrastructure, citing the infamous Maroochy Shire attack in Queensland in 2000*.
Most of the recommendations for Sydney Water relate to policy, but the authority accepts that it should improve its SCADA security monitoring and security event logging.
Sydney Water rejected a finding that risk management at its Prospect Facility, managed by Degremont, is inadequate.
Bootnote: *In that case, often cited as the world's first critical infrastructure “cyber attack”, a disgruntled ex-employee of the shire Vitek Boden, used his login to the local control system to release sewage. Boden was sentenced to two years' prison for the attack.
That attack has become urban legend, and frequently Boden is described as using the Internet for his attack, rather than accessing a local wireless system (as was the case). ®