Assess security risks, threats, vulnerabilities, and identify countermeasures to ensure operations of transportation management centers.
Experience from iFlorida Model Deployment
Made Public Date


United States

iFlorida Model Deployment Final Evaluation Report


The iFlorida Model Deployment, which was started in May 2003, called for the Florida Department of Transportation (FDOT) District 5 (D5) to complete the design, build, and integration of the infrastructure required to support operations in 2 years. The required infrastructure was extensive, spanned numerous stakeholders, and included many technologies that were new to FDOT D5, such as sophisticated traffic management center (TMC) operations software, a wireless network deployed along I-4, an interface to Florida Highway Patrol Computer Aided Dispatch (FHP CAD) data, statewide traffic monitoring, and many others. The iFlorida plans also called for deployment of these technologies in ways that required coordination among more than 20 stakeholders. It was an ambitious plan that would result in dramatically different traffic management operations for FDOT D5 and other transportation stakeholders in the Orlando area.

In implementing the iFlorida plan, FDOT faced many challenges ranging from higher failure rates than expected for some field hardware to difficulties with the Condition Reporting System (CRS) and Central Florida Data Warehouse (CFDW) software. "Despite these challenges, it can be readily claimed that the overall iFlorida Model Deployment was successful," noted in the final evaluation report for the iFlorida Model Deployment, published in January 2009.

The difficulties associated with the iFlorida Model Deployment provided many opportunities to identify lessons learned from the experiences they had. The most important of these are presented below in a series of lessons learned articles.

Lessons Learned

As part of the iFlorida Model Deployment, the FDOT conducted a vulnerability assessment for the District 5 (D5) Regional Traffic Management Center (RTMC). The purpose of the assessment was to identify potential weaknesses at the FDOT D5 RTMC and to suggest measures that would eliminate or lessen the impact of vulnerabilities. An effort was also made to identify the vulnerabilities that might be common to TMCs so that the results could potentially be applicable to other TMCs as well. Key lessons learned from the FDOT experience are presented below.

  • Assess security risks at TMC by conducting an assessment of threat, consequence, and vulnerability. The vulnerability assessment approach was centered on estimating the three risk factors shown in the following risk estimation equation: [Risk] = [Threat] * [Consequence] * [Vulnerability].

    The following four-step process was used to conduct the vulnerability assessment.

    Step 1 – Threat Characterization. The threat characterization determined the Threat value of the above equation. This step also provided an inventory of generalized threats/scenarios most likely to affect a TMC, such as use of explosives or a cyber-attack. The Threat value was obtained by determining the target attractiveness and the threat condition of the nation. The Threat value is a static value, meaning that a countermeasure will not reduce the value. Seven types of threat scenarios were considered: car bomb; large vehicle bomb; chemical, biological, or radiological attack; package bomb; armed attack; collateral damage; and cyber attack.

    Step 2 – Consequence Assessment. Based on the threat scenarios that were developed in step 1, potential consequences were estimated based on current conditions. These potential consequences were used to estimate the Consequence factor in the above formula. Five types of potential consequences were considered: fatalities and casualties, mission downtime or degradation, economic impact, downstream effects, and emergency management.

    Step 3 – Vulnerability Analysis. For each threat scenario, a set of predetermined vulnerability factors were used to generate the Vulnerability value of the equation.

    Step 4 – Countermeasure Analysis. This step involved the development of countermeasure packages and an assessment of the impact on the risk if a package were deployed. Each countermeasure package was considered and the Consequence and Vulnerability factors re-estimated, assuming that the countermeasure package was implemented.

The vulnerability assessment process led to the identification of a list of vulnerabilities; a list of countermeasures that could be used to reduce those vulnerabilities; estimated costs of these countermeasures; and estimates of the impact on risk if each countermeasure were implemented. The results allowed FDOT to identify for implementation those countermeasures that could decrease risk most cost effectively. Key countermeasures, which are likely to apply to many other TMCs, are:

  • Include standoff distances that help maintain a clear space around the TMC building. The main vulnerabilities observed during the vulnerability assessment were related to the inability to maintain a clear space around the building. Parking was adjacent to the building, including having spaces adjacent to the external walls of the RTMC. Private property was close to the building on one side and separated from the facility by only a chain link fence. These factors are difficult to correct at an existing facility, and it was not feasible to correct them at the D5 RTMC.
  • Develop and enforce security check procedures for persons entering the TMC. Vulnerabilities related to the failure for some staff to follow security procedures must not be overlooked. For example, people sometimes entered the TMC by tailgating authorized personnel and people without an appropriate badge displayed were seldom challenged. The vulnerability assessment suggested that staff be trained in the security procedures for the facility and that FDOT take steps to emphasize the importance of following these procedures.
  • Verify and ensure that security patches are applied to TMC servers and password protection is used. Three common problems were discovered during the cyber-security review of the D5 TMC. First, a number of servers were identified that did not have the most recent security patches installed. Second, several servers were identified as running unnecessary services. Since each service running on a server provides a potential entry point for cyber-attack, the fewer services running the better. Third, some software systems were installed using the default password, and the password had not been updated. Since default passwords are well known, they should be changed to prevent unauthorized users from accessing a system. A second cyber-security review indicated that FDOT had corrected most of the vulnerabilities discovered during the initial cyber-security review.

The Florida Highway Patrol (FHP) dispatch center is located at the D5 RTMC. The act of performing the vulnerability assessment at the RTMC also increased awareness of safety and security issues among the FDOT and the FHP staff.

iFlorida Model Deployment Final Evaluation Report

iFlorida Model Deployment Final Evaluation Report
Source Publication Date
Robert Haas (SAC); Mark Carter (SAIC); Eric Perry (SAIC); Jeff Trombly(SAIC); Elisabeth Bedsole (SAIC): Rich Margiotta (Cambridge Systematics)
United States Department of TransportationFederal Highway Administration1200 New Jersey Avenue, SEWashington, DC 20590
Goal Areas
System Engineering Elements