Research probes cyber risks in next-generation traffic signals

Research probes cyber risks in next-generation traffic signals

A set of traffic signals showing solid red
A set of traffic signals showing solid red at night
Photo credit: Adobe Stock

As traffic management has grown more sophisticated, many intersections in the United States have switched to actuated traffic signal controls, which use cameras or pavement sensors to detect vehicles and extend the green light time when needed. These systems can respond to real-time traffic conditions, unlike traditional traffic signals that rely on fixed-time plans. When traffic changes unexpectedly—after sporting events, during a detour, or in response to some other sudden change in demand—fixed-time signals can create unnecessary delays and inefficient traffic flow.

But as transportation systems become increasingly connected with traffic sensors, intelligent controls, and automated vehicles, the vulnerability of traffic signals to cyberattacks is a growing concern.

New research led by CTS scholar Raphael Stern, associate professor with the UMN’s Department of Civil, Environmental, and Geo- Engineering, explores how next-generation traffic signal controllers that use reinforcement learning (RL) may be exposed to such risks. RL is an artificial intelligence (AI) method that tests different timing choices and is rewarded when fewer cars are waiting at a signal.

RL-based controllers are outperforming the best traffic controllers in use today, and Stern says it’s just a matter of time before they’re deployed on real signals. But that could increase exposure to cyberattacks.

“As soon as there is an opportunity to attack, somebody is going to do it,” he says. “You can hold a city hostage over ‘We’ve broken your traffic signal control.’ This is something that people should be thinking about.”

For this study, researchers conducted a simulation of four intersections in Hennepin County, Minnesota, using actual peak- and off-peak traffic patterns. They compared a traditional fixed-time control with an RL-based controller.

Under normal traffic conditions, the RL-based controller performed better. It reduced the number of stopped vehicles and responded effectively to changing demand. This can result in several other benefits, Stern says.


Headshot of Raphael Stern

However, when researchers introduced false data that mimicked a cyberattack, the RL controller’s performance deteriorated quickly. The simulation introduced fake vehicle count data to trick the RL-based traffic controller into adopting compromised traffic signal timing.

The fixed-time controller remained unaffected since it did not rely on real-time data. “These are bulletproof when it comes to cybersecurity,” Stern says.

Study results stress the importance of enhanced cybersecurity measures to protect traffic networks and avoid potential adverse economic and social impacts, he says.

This work also lays the foundation for future studies in this under-explored area, which includes investigating the ripple effects of data-integrity attacks on more complex and larger-scale traffic networks as well as designing cyberattack-resilient signals that can adapt to mitigate the impact of an attack.

Although not part of the simulation, Stern says that a promising strategy to make RL-based controllers more resilient is to use “federation,” in which intersections share vehicle data with other intersections. “If one vehicle count at an intersection doesn’t line up with another count, you can suss out whether or not there’s an inconsistency and average across multiple intersections.”

This project was funded by the US Department of Transportation through the Center for Connected and Automated Transportation (CCAT) at the University of Michigan. CTS is a research partner within the CCAT consortium of participating universities.

This story was written by Peter Raeker, University of Minnesota Center for Transportation Studies contributing writer.