SU11: Field Equipment Maintenance
This service package supports maintenance of ITS devices that are installed in the field. Like other support service packages, this SP is drawn at a high level of abstraction so the basic interfaces and functionality associated with maintaining field ITS assets can be applied to any field equipment. In particular, this service package supports maintenance of field subsystems like ITS Payment Equipment, Parking Management Systems, Traveler Support Equipment, and Commercial Vehicle Check Equipment where maintenance is not covered by a more specific Service Package. Two Field subsystems have more specific service packages associated with their maintenance: See MC05 for maintenance of ITS Roadway Equipment and SU01 for more specific interfaces associated with maintaining Connected Vehicle Roadside Equipment.
Relevant Regions: Australia, Canada, European Union, and United States
- Enterprise
- Functional
- Physical
- Goals and Objectives
- Needs and Requirements
- Sources
- Security
- Standards
- System Requirements
Enterprise
Development Stage Roles and Relationships
Installation Stage Roles and Relationships
Operations and Maintenance Stage Roles and Relationships
(hide)
Source | Destination | Role/Relationship |
---|---|---|
Center Maintainer | Center | Maintains |
Center Manager | Center | Manages |
Center Manager | Center Personnel | System Usage Agreement |
Center Owner | Center Maintainer | System Maintenance Agreement |
Center Owner | Center Manager | Operations Agreement |
Center Owner | Field Owner | Information Exchange Agreement |
Center Owner | Maint and Constr Management Center Owner | Information Exchange Agreement |
Center Personnel | Center | Operates |
Center Supplier | Center Owner | Warranty |
Field Maintainer | Field | Maintains |
Field Maintenance Equipment Maintainer | Field Maintenance Equipment | Maintains |
Field Maintenance Equipment Manager | Field Maintenance Equipment | Manages |
Field Maintenance Equipment Manager | Maint and Constr Field Personnel | System Usage Agreement |
Field Maintenance Equipment Owner | Field Maintenance Equipment Maintainer | System Maintenance Agreement |
Field Maintenance Equipment Owner | Field Maintenance Equipment Manager | Operations Agreement |
Field Maintenance Equipment Owner | Field Owner | Information Exchange and Action Agreement |
Field Maintenance Equipment Supplier | Field Maintenance Equipment Owner | Warranty |
Field Manager | Field | Manages |
Field Manager | Field System Operator | System Usage Agreement |
Field Manager | Maint and Constr Field Personnel | System Usage Agreement |
Field Owner | Center Owner | Information Exchange Agreement |
Field Owner | Field Maintainer | System Maintenance Agreement |
Field Owner | Field Maintenance Equipment Owner | Information Exchange and Action Agreement |
Field Owner | Field Manager | Operations Agreement |
Field Owner | Maint and Constr Management Center Owner | Information Exchange Agreement |
Field Owner | Service Monitor System Owner | Information Provision Agreement |
Field Supplier | Field Owner | Warranty |
Field System Operator | Field | Operates |
Maint and Constr Center Personnel | Maint and Constr Management Center | Operates |
Maint and Constr Field Personnel | Field | Operates |
Maint and Constr Field Personnel | Field Maintenance Equipment | Operates |
Maint and Constr Management Center Maintainer | Maint and Constr Management Center | Maintains |
Maint and Constr Management Center Manager | Maint and Constr Center Personnel | System Usage Agreement |
Maint and Constr Management Center Manager | Maint and Constr Management Center | Manages |
Maint and Constr Management Center Owner | Center Owner | Information Exchange Agreement |
Maint and Constr Management Center Owner | Field Owner | Information Exchange Agreement |
Maint and Constr Management Center Owner | Maint and Constr Management Center Maintainer | System Maintenance Agreement |
Maint and Constr Management Center Owner | Maint and Constr Management Center Manager | Operations Agreement |
Maint and Constr Management Center Supplier | Maint and Constr Management Center Owner | Warranty |
Service Monitor System Maintainer | Service Monitor System | Maintains |
Service Monitor System Manager | Service Monitor System | Manages |
Service Monitor System Owner | Center Owner | Information Provision Agreement |
Service Monitor System Owner | Service Monitor System Maintainer | System Maintenance Agreement |
Service Monitor System Owner | Service Monitor System Manager | Operations Agreement |
Service Monitor System Supplier | Service Monitor System Owner | Warranty |
Functional
This service package includes the following Functional View PSpecs:
Physical
The physical diagram can be viewed in SVG or PNG format and the current format is SVG.SVG Diagram
PNG Diagram
Includes Physical Objects:
Physical Object | Class | Description |
---|---|---|
Center | Center | This general physical object is used to model core capabilities that are common to any center. |
Center Personnel | Center | 'Center Personnel' represent system operators and other personnel that work within a transportation center. This interface supports modeling of general human interactions that are common to any center. |
Field | Field | This general physical object is used to model core capabilities that are common to any piece of field equipment. |
Field Maintenance Equipment | Field | 'Field Maintenance Equipment' represents the portable equipment used by field personnel to locally troubleshoot, initialize, reprogram, and test infrastructure equipment. It may include a laptop, specialized diagnostics tools, or any other general purpose or specialized equipment that is interfaced locally to infrastructure equipment to support maintenance and repair. |
Field System Operator | Field | 'Field System Operator' represents the operators of field equipment such as parking management systems, intermodal terminals, and other field equipment that is supported by a local operator. The interface supports modeling of general human interface interactions that are common to all staffed field equipment. |
Maint and Constr Center Personnel | Center | The people that directly interface with a Maintenance and Construction Management Center. These personnel interact with fleet dispatch and management systems, road maintenance systems, incident management systems, work plan scheduling systems, and work zone management systems. They provide operator data and command inputs to direct system operations to varying degrees depending on the type of system and the deployment scenario. |
Maint and Constr Field Personnel | Field | Represents the people that perform maintenance and construction field activities including vehicle and equipment operators, field supervisory personnel, field crews, and work zone safety personnel. Information flowing from the Maintenance and Construction Field Personnel will include those system inputs specific to maintenance and construction operations, such as information regarding work zone status, or the status of maintenance actions. The field personnel are also monitored within the work zone to enhance work zone safety. Information provided to Maintenance and Construction Field Personnel includes dispatch requests, maintenance and construction actions to be performed, and work zone safety warnings. |
Maint and Constr Management Center | Center | The 'Maint and Constr Management Center' monitors and manages roadway infrastructure construction and maintenance activities. Representing both public agencies and private contractors that provide these functions, this physical object manages fleets of maintenance, construction, or special service vehicles (e.g., snow and ice control equipment). The physical object receives a wide range of status information from these vehicles and performs vehicle dispatch, routing, and resource management for the vehicle fleets and associated equipment. The physical object participates in incident response by deploying maintenance and construction resources to an incident scene, in coordination with other center physical objects. The physical object manages equipment at the roadside, including environmental sensors and automated systems that monitor and mitigate adverse road and surface weather conditions. It manages the repair and maintenance of both non-ITS and ITS equipment including the traffic controllers, detectors, dynamic message signs, signals, and other equipment associated with the roadway infrastructure. Weather information is collected and fused with other data sources and used to support advanced decision support systems. The physical object remotely monitors and manages ITS capabilities in work zones, gathering, storing, and disseminating work zone information to other systems. It manages traffic in the vicinity of the work zone and advises drivers of work zone status (either directly at the roadside or through an interface with the Transportation Information Center or Traffic Management Center physical objects.) Construction and maintenance activities are tracked and coordinated with other systems, improving the quality and accuracy of information available regarding closures and other roadway construction and maintenance activities. |
Service Monitor System | Support | The 'Service Monitor System' represents one or more center-based systems that provide monitoring, management and control services necessary to other applications and/or devices operating within the Connected Vehicle Environment. These support services enable other applications to provide transportation services. |
Includes Functional Objects:
Functional Object | Description | Physical Object |
---|---|---|
Center Field Equipment Management | 'Center Field Equipment Management' is the back office application that supports monitoring and maintenance of field equipment. It monitors the performance and configuration of the field equipment. This includes management of the infrastructure configuration as well as detection, isolation, and correction of field equipment problems. The application also includes monitoring of performance of the field equipment, including communications links. | Center |
Field System Executive | 'Field System Executive' includes the operating system kernel and executive functions that manage the overall device software configuration and operation and support configuration management, computer resource management, and govern software installation and upgrade. | Field |
Field System Monitoring and Diagnostics | 'Field System Monitoring and Diagnostics' includes background self-tests, diagnostics, watchdog timers, and other hardware and software that monitors the operating condition of field equipment. The status of the equipment and diagnostic information is provided to local maintenance personnel and the operating center. | Field |
FME On-Site Maintenance | 'FME On-Site Maintenance' provides field personnel with diagnostic information from field equipment and provides the capability for field personnel to locally control and configure this equipment to support on-site installation, repair, and maintenance. | Field Maintenance Equipment |
MCM Field Equipment Maintenance | 'MCM Field Equipment Maintenance' provides overall management and support for maintenance of field equipment on a roadway system, right-of-way, parking area, transit stop, or other areas where field equipment exists. Services include repair and maintenance of ITS field equipment in these areas (e.g., detectors and other sensors, cameras, dynamic message signs, electronic toll collection equipment, electronic clearance equipment, weigh-in-motion sensors, etc.). | Maint and Constr Management Center |
SM Device Management | 'SM Device Management' provides the functions necessary to manage devices, including network management, operational status monitoring, and application performance monitoring. | Service Monitor System |
Includes Information Flows:
Information Flow | Description |
---|---|
center operator data | Data presented to a center operator. This flow represents general status output and other data that broadly applies to transportation centers. |
center operator input | Input from a center operator. This flow represents operator input that broadly applies to transportation centers. |
equipment maintenance request | Identification of field equipment requiring repair and known information about the associated faults. |
equipment maintenance status | Current status of field equipment maintenance actions. |
field equipment commands | System-level control commands issued to field equipment such as reset and remote diagnostics. |
field equipment configuration settings | Control settings and parameters that are used to configure field equipment. |
field equipment fault data | Field equipment fault information that can be used to identify field equipment that requires initialization, reconfiguration, repair or replacement. This flow identifies the device, the nature of the fault, and associated error codes and diagnostic data. |
field equipment software install/upgrade | This flow supports installation and update of software residing in ITS roadway equipment. It supports download of the software installation files, including executable code and associated support files. |
field equipment status | Reports from field equipment (sensors, signals, signs, controllers, etc.) which indicate current operational status. |
field equipment status presentation | Presentation of operational status of field equipment (sensors, signals, signs, controllers, etc.) to field personnel. |
field personnel equipment input | User input from field personnel that supports querying, controlling, and configuring field equipment. |
maint and constr center personnel input | User input from maintenance and construction center personnel including routing information, scheduling data, dispatch instructions, device configuration and control, resource allocations, alerts, incident and emergency response plan coordination. |
maint and constr operations information presentation | Presentation of maintenance and construction operations information to center personnel. This information includes maintenance resource status (vehicles, equipment, and personnel), work schedule information, work status, road and weather conditions, traffic information, incident information and associated resource requests, security alerts, emergency response plans and a range of other information that supports efficient maintenance and construction operations and planning. |
Goals and Objectives
Associated Planning Factors and Goals
Planning Factor | Goal |
---|---|
H. Emphasize the preservation of the existing transportation system; | Maintain infrastructure asset system |
Associated Objective Categories
Objective Category |
---|
Preservation: Preserve Existing Infrastructure |
Associated Objectives and Performance Measures
Needs and Requirements
Need | Functional Object | Requirement | ||
---|---|---|---|---|
01 | Operating agencies need to be able to maintain ITS devices that are installed in the field so that the devices continue to operate as designed. | Center Field Equipment Management | 02 | The center shall create a cohesive view of field equipment repair needs based upon the status and fault information collected. |
MCM Field Equipment Maintenance | 06 | The center shall respond to requests from other centers for field equipment repair. | ||
02 | Operating agencies need to be able to perform the maintenance on ITS devices remotely or in the field. | Center Field Equipment Management | 04 | The center shall request maintenance actions of the center responsible for field equipment maintenance. |
05 | The center shall allow center personnel to manage the maintenance of field equipment. | |||
FME On-Site Maintenance | 09 | The field device shall obtain diagnostic information from other field equipment in order to diagnose problems identified in the field equipment. | ||
10 | The field device shall provide an interface for field personnel to view outputs or provide inputs. | |||
11 | The field device shall locally control and configure other field equipment to support on-site installation, repair, and maintenance. | |||
12 | The field device shall collect diagnostic information from other field equipment. | |||
MCM Field Equipment Maintenance | 05 | The center shall report the status of field equipment maintenance activities to the centers that operate the equipment. | ||
03 | Operating agencies need to be able to monitor the status of field equipment in order to diagnose problems that may occur during operations. | Center Field Equipment Management | 01 | The center shall collect the status and fault data from field equipment, such as traffic, infrastructure, and environmental sensors, highway advisory radio and dynamic message signs, automated roadway treatment systems, barrier and safeguard systems, cameras, traffic signals and override equipment, ramp meters, short range communications equipment, security sensors and surveillance equipment, etc.. |
02 | The center shall create a cohesive view of field equipment repair needs based upon the status and fault information collected. | |||
Field System Monitoring and Diagnostics | 01 | The field device shall monitor the operating conditions of itself and other field devices under its control in order to determine if any operational problems are occurring. | ||
02 | The field device shall perform diagnostic tests in order to determine operational issues with itself or other field devices under its control. | |||
03 | The field device shall provide the status data and diagnostic information to field personnel. | |||
04 | The field device shall provide the status data and diagnostic information to remote centers. | |||
MCM Field Equipment Maintenance | 01 | The center shall collect the status and fault data from the centers that operate the equipment, including data for traffic, infrastructure, and environmental sensors, highway advisory radio and dynamic message signs, automated roadway treatment systems, barrier and safeguard systems, cameras, traffic signals and override equipment, ramp meters, short range communications equipment, security sensors and surveillance equipment, etc.. | ||
02 | The center shall collect the status and fault data from field equipment, such as traffic, infrastructure, and environmental sensors, highway advisory radio and dynamic message signs, automated roadway treatment systems, barrier and safeguard systems, cameras, traffic signals and override equipment, ramp meters, short range communications equipment, security sensors and surveillance equipment, etc. | |||
03 | The maintenance center shall create a cohesive view of field equipment repair needs based upon the status and fault information collected. | |||
SM Device Management | 10 | The service monitor system shall monitor the status of field equipment. | ||
11 | The service monitor system shall notify transportation centers of any faults detected in the operational status of field equipment. | |||
04 | Operating agencies need to be able to adjust configuration of field equipment as well as perform installation or upgrade of software used by the field equipment. | Center Field Equipment Management | 03 | The center shall provide control commands, configuration updates, software installation, or software upgrades for field devices under management of the center. |
Field System Executive | 01 | The field device software shall include an operating system kernel and executive functions that manage the overall device software configuration and operation and support configuration management, computer resource management, and govern software installation and upgrade. | ||
02 | The field device shall allow its device software to be installed or upgraded by a remote center. | |||
03 | The field device shall allow its device software to be installed or updated by personnel in the field. | |||
04 | The field device shall allow its software configuration to be revised by a remote center. | |||
05 | The field device shall allow its software configuration to be revised by personnel in the field. | |||
MCM Field Equipment Maintenance | 04 | The center shall provide control commands, configuration updates, or software installation or upgrade for field devices under management of the center. | ||
05 | Transportation agencies need to be able to support both hardware and software maintenance of ITS public devices that are installed in traveler environments like transit stations and other public areas frequented by travelers | Center Field Equipment Management | 04 | The center shall request maintenance actions of the center responsible for field equipment maintenance. |
05 | The center shall allow center personnel to manage the maintenance of field equipment. | |||
06 | Transportation agencies need to be able to perform the maintenance on ITS public devices remotely or in the field. | Center Field Equipment Management | 04 | The center shall request maintenance actions of the center responsible for field equipment maintenance. |
05 | The center shall allow center personnel to manage the maintenance of field equipment. | |||
MCM Field Equipment Maintenance | 05 | The center shall report the status of field equipment maintenance activities to the centers that operate the equipment. | ||
07 | Transportation agencies need to be able to perform maintenance on ITS public devices such as configuration adjustments or software installation or upgrade. | Center Field Equipment Management | 04 | The center shall request maintenance actions of the center responsible for field equipment maintenance. |
05 | The center shall allow center personnel to manage the maintenance of field equipment. |
Security
In order to participate in this service package, each physical object should meet or exceed the following security levels.
Physical Object Security | ||||
---|---|---|---|---|
Physical Object | Confidentiality | Integrity | Availability | Security Class |
Center | Moderate | High | Moderate | Class 3 |
Field | Moderate | Moderate | High | Class 5 |
Field Maintenance Equipment | Moderate | High | High | Class 5 |
Maint and Constr Management Center | Moderate | High | Moderate | Class 3 |
Service Monitor System | Moderate | Moderate | Moderate | Class 2 |
In order to participate in this service package, each information flow triple should meet or exceed the following security levels.
Information Flow Security | |||||
---|---|---|---|---|---|
Source | Destination | Information Flow | Confidentiality | Integrity | Availability |
Basis | Basis | Basis | |||
Center | Center Personnel | center operator data | High | High | High |
Direct interactions between personnel and systems in a backoffice environment are effectively protected by physical means, so long as the interaction is in a dedicated facility. If this interaction is virtual (i.e. ,the center is not directly in front of the Center Personnel, like in a cloud-based system) then the user's input requires some degree of obfuscation depending on sensitivity of information. Given that this could include information about compromised or ineffectual systems, including security systems, the potential for damage is high. Thus, HIGH. | Backoffice operations flows should generally be correct and available as these are the primary interface between operators and system. | Backoffice operations flows should generally be correct and available as these are the primary interface between operators and system. | |||
Center | Field | field equipment commands | Low | Moderate | Moderate |
Commands could be sensitive, however this flow is local, meaning the Field Support Equipment is proximate to the ITS Roadway Equipment. Thus the risk of interception should be low. There may also be constraints on this flow that require this information to be transmitted in the clear. | Commands to Field Equipment must be authenticated as having come from a source entitled to issue that command, or roadway equipment may be comprimised. Similarly, commands and configuration must be guaranteed to be correct; not manipulated midstream or corrupted, or the roadway equipment may be mis-configured or compromised. | The ability to remotely diagnose and configure devices is inherent to their successful operation. If this link is down it either suggests or will prompt field maintenance activity, which has a non-trivial cost and resource impact. | |||
Center | Field | field equipment configuration settings | Moderate | Moderate | Moderate |
Commands could be sensitive; monitoring of center-based control could enable an attacker's situational awareness, thus should be MODERATE. | Commands to Field Equipment must be authenticated as having come from a source entitled to issue that command, or roadway equipment may be comprimised. Similarly, commands and configuration must be guaranteed to be correct; not manipulated midstream or corrupted, or the roadway equipment may be mis-configured or compromised. | The ability to remotely diagnose and configure devices is inherent to their successful operation. If this link is down it either suggests or will prompt field maintenance activity, which has a non-trivial cost and resource impact. | |||
Center | Field | field equipment software install/upgrade | Moderate | High | Moderate |
Field equipment software could be sensitive, both from a vulnerability assessment standpoint and because the software itself may be competition-sensitive. | Software updates to Roadway Equipment must be authenticated as having come from a source entitled to provide that software, or roadway equipment may be comprimised. Similarly, such software must be guaranteed to being the intent of the originator; not manipulated midstream or corrupted, or the roadway equipment may be mis-configured or compromised. | The ability to remotely update and configure devices is inherent to their successful operation. If this link is down it either suggests or will prompt field maintenance activity, which has a non-trivial cost and resource impact. | |||
Center | Maint and Constr Management Center | equipment maintenance request | Moderate | Moderate | Moderate |
Device operational status information should be known only by those entities that need to know for operations and maintenance. Allowing others to read this information may enable abuse of those systems, 3rd party monitoring of system status when that may not be desireable, and reverse engineering of this and similar information flows. | If this data is incorrect or unavailable then maintenance assets may not be appropriately assigned, resulting in inefficient use of maintenance assets and higher overall downtime. | If this data is incorrect or unavailable then maintenance assets may not be appropriately assigned, resulting in inefficient use of maintenance assets and higher overall downtime. | |||
Center Personnel | Center | center operator input | High | High | High |
Direct interactions between personnel and systems in a backoffice environment are effectively protected by physical means, so long as the interaction is in a dedicated facility. If this interaction is virtual (i.e. ,the center is not directly in front of the Center Personnel, like in a cloud-based system) then the user's input requires some degree of obfuscation depending on sensitivity of information. Given that this could include information about compromised or ineffectual systems, including security systems, the potential for damage is high. Thus, HIGH. | Backoffice operations flows should generally be correct and available as these are the primary interface between operators and system. | Backoffice operations flows should generally be correct and available as these are the primary interface between operators and system. | |||
Field | Center | field equipment status | Moderate | Moderate | Moderate |
The operational state of field devices, if known to an attacker or individual with criminal intent, could be used to facilitate the commission of a crime. Individual devices may be more or less important in this context; for example knowing whether a security camera is operating is probably more relevant to the criminal than knowing if the DMS is operating, though the latter could still be useful info. Instances of this flow that are local minimize this risk however, so for these local flows Confidentiality is considered LOW. | If incorrect or changed, could lead to inappropriate maintenance activity, which has a significant cost in itself and contributes negatively to system operational status. | This must be timely to support operational uptime requirements. Lack of monitoring will lead to less uptime, which will impact security, mobility and in some cases, safety. | |||
Field | Field Maintenance Equipment | field equipment status | Low | Moderate | High |
The operational state of field devices, if known to an attacker or individual with criminal intent, could be used to facilitate the commission of a crime. Individual devices may be more or less important in this context; for example knowing whether a security camera is operating is probably more relevant to the criminal than knowing if the DMS is operating, though the latter could still be useful info. Instances of this flow that are local minimize this risk however, so for these local flows Confidentiality is considered LOW. | If incorrect or changed, could lead to inappropriate maintenance activity, which has a significant cost in itself and contributes negatively to system operational status. | This must be timely to support operational uptime requirements. Lack of monitoring will lead to less uptime, which will impact security, mobility and in some cases, safety. | |||
Field | Field System Operator | field equipment status presentation | Moderate | High | High |
System maintenance flows should have some protection from casual viewing, as otherwise imposters could gain illicit control over field equipment | System maintenance flows are the primary interface between field personnel and field equipment, and must present accurate data or inappropriate maintenance actions may be taken. | System maintenance flows are the primary interface between field personnel and field equipment, and must present accurate data or inappropriate maintenance actions may be taken. | |||
Field | Maint and Constr Field Personnel | field equipment status presentation | Moderate | High | High |
System maintenance flows should have some protection from casual viewing, as otherwise imposters could gain illicit control over field equipment | System maintenance flows are the primary interface between field personnel and field equipment, and must present accurate data or inappropriate maintenance actions may be taken. | System maintenance flows are the primary interface between field personnel and field equipment, and must present accurate data or inappropriate maintenance actions may be taken. | |||
Field | Maint and Constr Management Center | field equipment status | Moderate | Moderate | Moderate |
The operational state of field devices, if known to an attacker or individual with criminal intent, could be used to facilitate the commission of a crime. Individual devices may be more or less important in this context; for example knowing whether a security camera is operating is probably more relevant to the criminal than knowing if the DMS is operating, though the latter could still be useful info. Instances of this flow that are local minimize this risk however, so for these local flows Confidentiality is considered LOW. | If incorrect or changed, could lead to inappropriate maintenance activity, which has a significant cost in itself and contributes negatively to system operational status. | This must be timely to support operational uptime requirements. Lack of monitoring will lead to less uptime, which will impact security, mobility and in some cases, safety. | |||
Field | Service Monitor System | field equipment status | Moderate | Moderate | Moderate |
The operational state of field devices, if known to an attacker or individual with criminal intent, could be used to facilitate the commission of a crime. Individual devices may be more or less important in this context; for example knowing whether a security camera is operating is probably more relevant to the criminal than knowing if the DMS is operating, though the latter could still be useful info. Instances of this flow that are local minimize this risk however, so for these local flows Confidentiality is considered LOW. | If incorrect or changed, could lead to inappropriate maintenance activity, which has a significant cost in itself and contributes negatively to system operational status. | This must be timely to support operational uptime requirements. Lack of monitoring will lead to less uptime, which will impact security, mobility and in some cases, safety. | |||
Field Maintenance Equipment | Field | field equipment commands | Low | Moderate | High |
Commands could be sensitive, however this flow is local, meaning the Field Support Equipment is proximate to the ITS Roadway Equipment. Thus the risk of interception should be low. There may also be constraints on this flow that require this information to be transmitted in the clear. | Commands to ITS Roadway Equipment must be authenticated as having come from a source entitled to issue that command, or roadway equipment may be comprimised. Similarly, commands and configuration must be guaranteed to be correct; not manipulated midstream or corrupted, or the roadway equipment may be mis-configured or compromised. | Without the ability to locally diagnose, operate, update and configure ITS Roadway Equipment, the equipment is effectively out of control and would have to be taken out of service. | |||
Field Maintenance Equipment | Field | field equipment configuration settings | Moderate | Moderate | Moderate |
Configuration settings could be sensitive; if an attacker knows precisely how a device is configured, it may facilitate an attack. | Commands to ITS Roadway Equipment must be authenticated as having come from a source entitled to issue that command, or roadway equipment may be comprimised. Similarly, commands and configuration must be guaranteed to be correct; not manipulated midstream or corrupted, or the roadway equipment may be mis-configured or compromised. | The ability to remotely diagnose and configure devices is inherent to their successful operation. If this link is down it either suggests or will prompt field maintenance activity, which has a non-trivial cost and resource impact. | |||
Field Maintenance Equipment | Field | field equipment software install/upgrade | Moderate | High | High |
Field equipment software could be sensitive, both from a vulnerability assessment standpoint and because the software itself may be competition-sensitive. | Software updates to Roadway Equipment must be authenticated as having come from a source entitled to provide that software, or roadway equipment may be comprimised. Similarly, such software must be guaranteed to being the intent of the originator; not manipulated midstream or corrupted, or the roadway equipment may be mis-configured or compromised. | Without the ability to locally diagnose, operate, update and configure ITS Roadway Equipment, the equipment is effectively out of control and would have to be taken out of service. | |||
Field Maintenance Equipment | Maint and Constr Field Personnel | field equipment status presentation | Moderate | High | High |
System maintenance flows should have some protection from casual viewing, as otherwise imposters could gain illicit control over field equipment | System maintenance flows are the primary interface between field personnel and field equipment, and must present accurate data or inappropriate maintenance actions may be taken. | System maintenance flows are the primary interface between field personnel and field equipment, and must present accurate data or inappropriate maintenance actions may be taken. | |||
Field System Operator | Field | field personnel equipment input | Moderate | Moderate | High |
Field subsystem controls should not be casually viewable as they their observation could serve as ad-hoc training for would-be attackers, not to mention that this interface is likely to include an authentication/authorization mechanism such as a password that if compromised, could compromise the device. | Since any direct interaction with field infrastructure will impact control, configuration and certainly operations of the device, there must be some assurance that such commands are correct. | Without direct local control the device is effectively uncontrolled. | |||
Maint and Constr Center Personnel | Maint and Constr Management Center | maint and constr center personnel input | High | High | High |
Direct interactions between personnel and systems in a backoffice environment are effectively protected by physical means, so long as the interaction is in a dedicated facility. If this interaction is virtual (i.e. ,the MCMC is not directly in front of the MCMC Personnel, like in a cloud-based system) then the user's input requires some degree of obfuscation depending on sensitivity of information. Given that this could include information about compromised or ineffectual systems, including security systems, the potential for damage is high. Thus, HIGH. | Backoffice operations flows should generally be correct and available as these are the primary interface between operators and system. | Backoffice operations flows should generally be correct and available as these are the primary interface between operators and system. | |||
Maint and Constr Field Personnel | Field | field personnel equipment input | Moderate | High | High |
Field subsystem controls should not be casually viewable as they their observation could serve as ad-hoc training for would-be attackers, not to mention that this interface is likely to include an authentication/authorization mechanism such as a password that if compromised, could compromise the device. | System maintenance flows are the primary interface between field personnel and field equipment, and must present accurate data or inappropriate maintenance actions may be taken. | System maintenance flows are the primary interface between field personnel and field equipment, and must present accurate data or inappropriate maintenance actions may be taken. | |||
Maint and Constr Field Personnel | Field Maintenance Equipment | field personnel equipment input | Moderate | High | High |
Field subsystem controls should not be casually viewable as they their observation could serve as ad-hoc training for would-be attackers, not to mention that this interface is likely to include an authentication/authorization mechanism such as a password that if compromised, could compromise the device. | System maintenance flows are the primary interface between field personnel and field equipment, and must present accurate data or inappropriate maintenance actions may be taken. | System maintenance flows are the primary interface between field personnel and field equipment, and must present accurate data or inappropriate maintenance actions may be taken. | |||
Maint and Constr Management Center | Center | equipment maintenance status | Moderate | Moderate | Moderate |
Data is not overly sensitive, but is a bulk statement about the status of all field equipment managed by the maintenance center. A hostile actor could use this information in the commission of a crime, for instance by understanding which cameras were not working and thus what areas are not under surveillance. | Center-based data exchanges are expected to be correct, and deserving of at leas some error checking. If this data is corrupted, the receiving center will be misinformed as to the state of field equipment maintenance. | Depends on the update frequency required. Possibly LOW, depending on the amount of equipment and what this flow is used for at the terminus. | |||
Maint and Constr Management Center | Field | field equipment commands | Low | Moderate | Moderate |
Commands could be sensitive, however this flow is local, meaning the Field Support Equipment is proximate to the ITS Roadway Equipment. Thus the risk of interception should be low. There may also be constraints on this flow that require this information to be transmitted in the clear. | Commands to Field Equipment must be authenticated as having come from a source entitled to issue that command, or roadway equipment may be comprimised. Similarly, commands and configuration must be guaranteed to be correct; not manipulated midstream or corrupted, or the roadway equipment may be mis-configured or compromised. | The ability to remotely diagnose and configure devices is inherent to their successful operation. If this link is down it either suggests or will prompt field maintenance activity, which has a non-trivial cost and resource impact. | |||
Maint and Constr Management Center | Field | field equipment configuration settings | Moderate | Moderate | Moderate |
Configuration settings could be sensitive; if an attacker knows precisely how a device is configured, it may facilitate an attack. | Commands to Field Equipment must be authenticated as having come from a source entitled to issue that command, or roadway equipment may be comprimised. Similarly, commands and configuration must be guaranteed to be correct; not manipulated midstream or corrupted, or the roadway equipment may be mis-configured or compromised. | The ability to remotely diagnose and configure devices is inherent to their successful operation. If this link is down it either suggests or will prompt field maintenance activity, which has a non-trivial cost and resource impact. | |||
Maint and Constr Management Center | Field | field equipment software install/upgrade | Moderate | High | Moderate |
Field equipment software could be sensitive, both from a vulnerability assessment standpoint and because the software itself may be competition-sensitive. | Software updates to Roadway Equipment must be authenticated as having come from a source entitled to provide that software, or roadway equipment may be comprimised. Similarly, such software must be guaranteed to being the intent of the originator; not manipulated midstream or corrupted, or the roadway equipment may be mis-configured or compromised. | The ability to remotely update and configure devices is inherent to their successful operation. If this link is down it either suggests or will prompt field maintenance activity, which has a non-trivial cost and resource impact. | |||
Maint and Constr Management Center | Maint and Constr Center Personnel | maint and constr operations information presentation | Not Applicable | Moderate | Moderate |
System maintenance flows should have some protection from casual viewing, as otherwise imposters could gain illicit control over field equipment | Information presented to backoffice system operators must be consistent or the operator may perform actions that are not appropriate to the real situation. | The backoffice system operator should have access to system operation. If this interface is down then control is effectively lost, as without feedback from the system the operator has no way of knowing what is the correct action to take. | |||
Service Monitor System | Center | field equipment fault data | Moderate | Moderate | Moderate |
Device status information should not be viewable by third parties, as those with criminal intent may use this information toward their own ends. | If incorrect or changed, could lead to inappropriate maintenance activity, which has a significant cost in itself and contributes negatively to system operational status. Scope is small, but impact significant if this occurs with many instances. | A delay in reporting this may cause a delay in necessary maintenance. Considered higher availability requirement than the source flow (RSE status) because this information aggregates many instances of the source. |
Standards
Currently, there are no standards associated with the physical objects in this service package. For standards related to interfaces, see the specific information flow triple pages.
System Requirements
System Requirement | Need | ||
---|---|---|---|
001 | The system shall collect the status and fault data from field equipment, such as traffic, infrastructure, and environmental sensors, highway advisory radio and dynamic message signs, automated roadway treatment systems, barrier and safeguard systems, came | 03 | Operating agencies need to be able to monitor the status of field equipment in order to diagnose problems that may occur during operations. |
002 | The system shall create a cohesive view of field equipment repair needs based upon the status and fault information collected. | 01 | Operating agencies need to be able to maintain ITS devices that are installed in the field so that the devices continue to operate as designed. |
03 | Operating agencies need to be able to monitor the status of field equipment in order to diagnose problems that may occur during operations. | ||
003 | The system shall provide control commands, configuration updates, software installation, or software upgrades for field devices under management of the center. | 04 | Operating agencies need to be able to adjust configuration of field equipment as well as perform installation or upgrade of software used by the field equipment. |
004 | The system shall request maintenance actions of the center responsible for field equipment maintenance. | 02 | Operating agencies need to be able to perform the maintenance on ITS devices remotely or in the field. |
05 | Transportation agencies need to be able to support both hardware and software maintenance of ITS public devices that are installed in traveler environments like transit stations and other public areas frequented by travelers | ||
06 | Transportation agencies need to be able to perform the maintenance on ITS public devices remotely or in the field. | ||
07 | Transportation agencies need to be able to perform maintenance on ITS public devices such as configuration adjustments or software installation or upgrade. | ||
005 | The system shall allow center personnel to manage the maintenance of field equipment. | 02 | Operating agencies need to be able to perform the maintenance on ITS devices remotely or in the field. |
05 | Transportation agencies need to be able to support both hardware and software maintenance of ITS public devices that are installed in traveler environments like transit stations and other public areas frequented by travelers | ||
06 | Transportation agencies need to be able to perform the maintenance on ITS public devices remotely or in the field. | ||
07 | Transportation agencies need to be able to perform maintenance on ITS public devices such as configuration adjustments or software installation or upgrade. | ||
006 | The system shall collect the status and fault data from the centers that operate the equipment, including data for traffic, infrastructure, and environmental sensors, highway advisory radio and dynamic message signs, automated roadway treatment systems, b | 03 | Operating agencies need to be able to monitor the status of field equipment in order to diagnose problems that may occur during operations. |
007 | The system shall collect the status and fault data from field equipment, such as traffic, infrastructure, and environmental sensors, highway advisory radio and dynamic message signs, automated roadway treatment systems, barrier and safeguard systems, came | 03 | Operating agencies need to be able to monitor the status of field equipment in order to diagnose problems that may occur during operations. |
008 | The system shall create a cohesive view of field equipment repair needs based upon the status and fault information collected. | 03 | Operating agencies need to be able to monitor the status of field equipment in order to diagnose problems that may occur during operations. |
009 | The system shall provide control commands, configuration updates, or software installation or upgrade for field devices under management of the center. | 04 | Operating agencies need to be able to adjust configuration of field equipment as well as perform installation or upgrade of software used by the field equipment. |
010 | The system shall report the status of field equipment maintenance activities to the centers that operate the equipment. | 02 | Operating agencies need to be able to perform the maintenance on ITS devices remotely or in the field. |
06 | Transportation agencies need to be able to perform the maintenance on ITS public devices remotely or in the field. | ||
011 | The system shall respond to requests from other centers for field equipment repair. | 01 | Operating agencies need to be able to maintain ITS devices that are installed in the field so that the devices continue to operate as designed. |
012 | The system shall include an operating system kernel and executive functions that manage the overall device software configuration and operation and support configuration management, computer resource management, and govern software installation and upgrad | 04 | Operating agencies need to be able to adjust configuration of field equipment as well as perform installation or upgrade of software used by the field equipment. |
013 | The system shall allow its device software to be installed or upgraded by a remote center. | 04 | Operating agencies need to be able to adjust configuration of field equipment as well as perform installation or upgrade of software used by the field equipment. |
014 | The system shall allow its device software to be installed or updated by personnel in the field. | 04 | Operating agencies need to be able to adjust configuration of field equipment as well as perform installation or upgrade of software used by the field equipment. |
015 | The system shall allow its software configuration to be revised by a remote center. | 04 | Operating agencies need to be able to adjust configuration of field equipment as well as perform installation or upgrade of software used by the field equipment. |
016 | The system shall allow its software configuration to be revised by personnel in the field. | 04 | Operating agencies need to be able to adjust configuration of field equipment as well as perform installation or upgrade of software used by the field equipment. |
017 | The system shall monitor the operating conditions of itself and other field devices under its control in order to determine if any operational problems are occurring. | 03 | Operating agencies need to be able to monitor the status of field equipment in order to diagnose problems that may occur during operations. |
018 | The system shall perform diagnostic tests in order to determine operational issues with itself or other field devices under its control. | 03 | Operating agencies need to be able to monitor the status of field equipment in order to diagnose problems that may occur during operations. |
019 | The system shall provide the status data and diagnostic information to field personnel. | 03 | Operating agencies need to be able to monitor the status of field equipment in order to diagnose problems that may occur during operations. |
020 | The system shall provide the status data and diagnostic information to remote centers. | 03 | Operating agencies need to be able to monitor the status of field equipment in order to diagnose problems that may occur during operations. |
021 | The system shall obtain diagnostic information from other field equipment in order to diagnose problems identified in the field equipment. | 02 | Operating agencies need to be able to perform the maintenance on ITS devices remotely or in the field. |
022 | The system shall provide an interface for field personnel to view outputs or provide inputs. | 02 | Operating agencies need to be able to perform the maintenance on ITS devices remotely or in the field. |
023 | The system shall locally control and configure other field equipment to support on-site installation, repair, and maintenance. | 02 | Operating agencies need to be able to perform the maintenance on ITS devices remotely or in the field. |
024 | The system shall collect diagnostic information from other field equipment. | 02 | Operating agencies need to be able to perform the maintenance on ITS devices remotely or in the field. |
025 | The system shall monitor the status of field equipment. | 03 | Operating agencies need to be able to monitor the status of field equipment in order to diagnose problems that may occur during operations. |
026 | The system shall notify transportation centers of any faults detected in the operational status of field equipment. | 03 | Operating agencies need to be able to monitor the status of field equipment in order to diagnose problems that may occur during operations. |