Implications of traffic signal cybersecurity on potential deliberate traffic disruptions

Traffic control systems, including signal controllers, sensors, and centralized coordination software, all have the capacity to be vulnerable to malicious attacks. Although several studies on outages, attacks, and cybersecurity have been conducted in the literature, the effects of district wide attacks on signals have not been specifically studied in-depth. There is a need for risk assessments to be conducted to establish resilient policies within traffic operations agencies. A key factor in assessing risk is in gaining an idea of the hypothetical impact of an outage. In this preliminary study, a dynamic traffic assignment network is used to model a central business district, where traffic signal-controlled intersections are cyberattacked and selectively disabled (effectively replaced with four-way stops). In one scenario, total delay is multiplied 4.3 times when 26 signals are chosen and disabled according to maximum, decreasing intersection traffic volume. In scenarios where the attacker prioritizes the selection of signals by maximizing the number of travelers affected, 7 signals are needed to exert the same impact.