**6. Recommendations**

While we have shown there to be numerous issues as it relates to cybersecurity and ITS, we provide several recommendations, each of which can go a long way toward improving the current state municipalities find themselves in.

• Cybersecurity audits and assessments

Perhaps the most important and the most immediate recommendation that can readily be implemented is to run comprehensive security audits and assessments. No organization wants or enjoys being audited. However, without conducting a structured, methodical audit, it will be difficult, if not impossible, to know just how serious the vulnerabilities are that a municipality is under. Audits may not need to be often. Just a baseline assessment and stock taking of what and where the issues are can go a long way toward making the ITS safer.

In the case of California and the hacking of the digital road signs, even a basic audit would have revealed the physical security and password issue that could easily been remedied. In the case of Atlanta, while they had an audit, they did not act on the findings of the audit. The reason for this, at least in part was due to funding.

This recommendation also supports each of the three findings from our study. Conducting an audit would help municipalities identify all of the connected devices and their associated risk which would be essentail for making a case for supporting cybersecurity. The findings from an audit would be the basis for planning for what future technologies to implement.

• Funding

Throwing money at a problem usually will not solve it. However, not having enough money will almost certainly cause problems. If the TMS is understaffed and underfunded, then it is only a matter of time before more and likely graver events such as the one in Atlanta will take place. Likewise, continuing to operate on outdated equipment that lacks security and proper support presents significant risk. The bottom line is by not providing at least adequate funding for TMS is welcoming a catastrophe in the near future.

• Increase awareness

Knowing there is a problem is a major part of the battle. Many municipalities have many other pressing issues that require immediate attention. Limited resources and time make it unlikely that these local governments will discover on their own just how serious the problem can be. An informational website with

*Intersection Management, Cybersecurity, and Local Government: ITS Applications, Critical… DOI: http://dx.doi.org/10.5772/intechopen.101815*

videos, research, and presentations materials should be made available. Local governments should have short presentations made to help them become aware and provide guidance on the steps to take to remediate current vulnerabilities and what to look for when implementing new systems in the future.

• Conferences with ITS security focus

As this paper has shown, there are so many aspects to cybersecurity and ITS that needs attention, that a conference would be a logical event address those issues. It could be a location that national experts can develop greater awareness of the vulnerabilities and threats local governments face, review ways to assess the risks they are under and give access to vendor demonstrations that can reduce exposure to threats. Provide mini-conference on transportation cybersecurity in the local regions to showcase local resources and to highlight local issues.

• More research is needed

The limitations of this study were its small scope and the focus on mid to small size jurisdictions. Additional review of large local governments would be highly useful. Also, the study region was dominated by a single provider; other areas with other providers may have different issues. Additional research opportunities exist to look at the coordination of technology risk assessments related to ITS; at an applied level, additional efforts to disseminate the information of risk assessments seems overdue.
