What is an intelligent transportation system (ITS)? The best definition comes from the European Telecommunication Standards Institute: “Intelligent transport systems (ITS) include telematics and all types of communications in vehicles, between vehicles (e.g., car-to-car), and between vehicles and fixed locations (e.g., car-to-infrastructure). However, ITS are not restricted to road transport – they also include the use of information and communication technologies (ICT) for rail, water, and air transport, including navigation systems.” How do we realize this complex vision of an ITS? A few issues must be addressed, including achieving the communication specified above and having an effective means of accommodating multimodal transportation. The system needs to be capable of consuming a nearly incomprehensible amount of data and producing information useful to the traveler. This information needs to guide travelers to their destinations in the most efficient way possible, and interact with infrastructure to facilitate relief of traffic congestion. And it needs to do all these things in real time.
Data, data, every where, / And thus the world did shrink
We hear frequently that the world is shrinking. What we mean by this is that because of accessibility to modes of high speed transportation and a significantly increased capability for sharing information, the people of the world are more closely connected than ever. It is fair to say then that building an Intelligent Transportation System (ITS) is a key to shrinking our world.
The information we share is a fusion of data. This data derives from multiple sources. Each of us consumes a significant amount of data every day, yet it is a tiny fraction of the data that is produced every day. In fact, some estimates place the amount of data created each day around 5 exabytes. To put that number into perspective, there is an estimated 5 to 20 petabytes of data in the Library of Congress in various formats. Every day we produce from 250 to 1,000 times that amount of data and this will continue to grow.
According to a 2011 study by the McKinsey Global Institute, the automotive industry will be the second largest producer of data by 2015; if we combine automotive with travel and logistics the amount of data grows by an additional 30 percent. Much of this data comes from sensors inside the vehicle. As vehicles incorporate more safety and convenience features this number will grow significantly. Granted not all this data has a role in an ITS, and certainly not the raw sensor data.
Automotive sensor fusion
An individual sensor gives a piece of data, which by itself may serve some limited purpose, but when we consider it in the context of other sensor data, we are able to gain some insights into performance or behavior and with the proper controls in place can improve the system performance. This is called sensor fusion.
In today’s vehicles, an example of sensor fusion in action would be the traction control system. This system detects when a wheel on the vehicle is slipping and adjusts engine power and, when necessary, applies the brakes. But how does the traction control system know when the wheel is slipping? If it depended on the wheel speed sensor of a single wheel for detection, this may be difficult. Instead of one sensor, however, there are multiple sensors, and in the case of most passenger vehicles there is one on each wheel. By looking at differences in the measurements reported by these sensors, the traction control system is able to make the determination of when and by how much the engine power to the wheel needs to be reduced and whether or not braking is necessary.
Sensor fusion provides us with some important analytics capabilities within the vehicle. If we stop there, however, we are missing some other potential, particularly when we start working with off-board systems.
Adding intelligence to sensor systems
This is where information fusion comes in to play. Information fusion can be viewed as a combinatorial approach to reducing uncertainty. Information from a variety of sources is gathered and analyzed within a shared context to gain further insight and reduce uncertainty about a situation.
This is a non-trivial undertaking, but given the significance of what this can enable it is worth the effort. In their paper “Issues and Challenges in situation Assessment” the authors indicate that information fusion provides for situation assessment and that situation assessment involves deriving relations among entities, e.g., the aggregation of object states (i.e., classification and location).
Now consider an example of situation assessment. Given the behavior of the traction control system, if this information were combined in some way with information about the ambient air temperature or rain sensing systems, it would then be possible to make some assessment of the situation in which the wheel slip occurred.
If the ambient air temperature sensor reports that the temperature is below freezing and the ABS wheel speed sensor reports slippage, the situational assessment might be that there is ice in the area. If the one doing the situational assessment is not the driver, but instead it is a cloud-based analytics system receiving real-time telemetry from the vehicle, then there is an improved capability for assessment.
Instead of just one car reporting wheel slip, now there could be multiple vehicles in a geo-fenced area reporting wheel slip. Given a statistically significant number of occurrences reported, the analytics engine could with high confidence conclude that there is ice in the area. This cloud-based system could now push this information out to subscribers in the form of an alert, warning drivers entering the area of the presence of ice.
Broadening the scope, the cloud-based system could now report this information to the operations center as well. The operations center could broadcast this information to digital signs on the roadways in the surrounding areas, warning drivers outside of the geo-fenced area that ice had been detected, giving them the opportunity to re-route if possible.
This is just one example of how connected vehicles could integrate with and support an ITS.
Connecting the vehicle
The next critical piece that needs to happen to support and extend the capabilities of the ITS is connectivity. Connectivity is present in a number of vehicles today, but this is typically done for navigation and concierge services. The vehicle data needs to be made available off-board, to the infrastructure. Once this is done a number of things can be achieved.
In the event a crash is detected (airbag deployment signal received by intelligent transportation system along with other contextual telemetry), the ITS would be able dispatch first responders and begin rerouting traffic automatically. In the event of unanticipated traffic congestion, the ITS could automatically adjust traffic light intervals to adjust the flow of vehicles through the congested area as well as send alternate routing information directly to connected vehicles.
These are just a couple of examples of what could be realized if vehicles were more connected and vehicle data were made available.
Designing in security
There are challenges with this sort of connectivity, however. The most serious of these is security. There has been much publicity around vehicles being hacked. Initially, all intrusions required physical access to the vehicle. There are now many wireless access points into the vehicle increasing the attack vectors for hackers. But to what end?
There is little value to a hacker in controlling a vehicle remotely. Where the true value lies is using an insecure connection point, like a connected vehicle, as a point of entry into the infrastructure and backend systems. Accessing a single vehicle provides little benefit to a hacker, but being able to effect hundreds or thousands of vehicles, or gaining control of the ITS, could result in significant gains or significant pains. These far-reaching implications mean that security must be considered from inception, not patched or considered as an afterthought. Managing security impacts many facets of the system, including architecture and interfaces. Adopting best practices in security analysis and applying them throughout the entire engineering life cycle is critical to maintaining the integrity of both vehicle and off-board systems.
One such best practice is threat modeling. Threat modeling provides a structured approach to the classification of cybersecurity threats. A threat model will:
- Identify the potential threats and preconditions
- Categorize and group threats
- Identify impact of safeguards on the threat
- Identify areas to apply mitigation
There are different types of threat models, but in its report on automotive security threat NHTSA recommends a composite approach for automotive cyber-physical systems.
Another consideration is privacy. It is impossible to guarantee the complete security of the vehicle, since new threats will surface over the life of the vehicle. It is, therefore, necessary to take measures to ensure that even if access to the vehicle network is achieved, the information on the network is secure. This could be managed in one or a combination of ways. For example encryption of data or authentication of nodes within the vehicle and out to the infrastructure.
Given the need for security and the challenge of integrating two highly complex systems, the connected vehicle and the ITS, “system of systems” engineering is required. System of systems engineering addresses the development and operations of evolving programs. While traditional systems engineering seeks to optimize an individual system, system of systems engineering seeks to optimize the network of various interacting legacy and new systems brought together to satisfy multiple objectives. By taking a system of systems approach, it is possible to create an integrated architecture, providing for standardized interfaces and the necessary protocols to address concerns, such as security.
Engaging in systems thinking, engineers working in disparate domains can more readily identify and understand the interdependencies and interactions present in this system of systems. Applying modeling not just to security, but also to the capture and elaboration of these elements of the system in terms of their architectures, behaviors, and communication facilitates the correlation to requirements, both functional and regulatory. Further, the resultant model provides a comprehensive view at a higher level of abstraction, which enables a deeper understanding of the system. Through simulation of the model, it is possible to visualize the system behaviors to perform preliminary verification of the system specification and to avert potential conflicts and pitfalls prior to implementation.
Rigorous management of requirements is also critical to success. Tracking the continuous requirements changes, maintaining the history of the artifacts, and identifying suspect links will ensure requirement and design integrity. It is nearly impossible to achieve this capability with spreadsheets. Achievement of this is best served through the implementation of a proper requirements management solution.
Critical to success is that the work is performed collaboratively across the life cycle. From needs analysis, through translation into requirements, regulatory adherence, and an iterative analysis and design workflow, the engineers must have the ability to share information seamlessly. The growing complexity of the automobile itself has meant much closer collaboration between OEMs and suppliers. Now extend this need for collaboration beyond the boundaries of the automotive ecosystem. The entities providing infrastructure and back-end systems must participate.
If the same approaches for collaboration are taken – document hand-off and tool export and import (often resulting in loss of fidelity of information) – not only will the parties be met with the same challenges, the situation will be exacerbated by the growth in scale and complexity. The solutions employed in the development of these systems must enable close collaboration, extensive traceability, and must scale to meet the demands of developing complex, integrated systems. Further, those working on the systems must have immediate, real-time access to the information necessary to engineer them successfully.
 Apologies to Samuel Taylor Coleridge’s The Rime of the Ancient Mariner.
 Blasch, E., Kadar, I., Salerno, J., Kokar, M. M., Das, S., Powell, G. M., . . . Ruspini, E. H. (2006). Issues and Challenges. Journal of Advances in Information Fusion.
 McCarthy, C. H. (2014). Characterization of Potential Security Threats in Modern Automobiles. Washington, DC: National Highway Traffic Safety Administration. doi:Report No. DOT HS 812 074