In order to participate in this service package, each physical object should meet or exceed the following security levels.
In order to participate in this service package, each information flow triple should meet or exceed the following security levels.
Information Flow Security |
Source |
Destination |
Information Flow |
Confidentiality |
Integrity |
Availability |
Basis |
Basis |
Basis |
Micromobility Vehicle OBE |
MMV User |
personal updates |
Not Applicable |
Moderate |
Moderate |
This data is informing the pedestrian about the safety of the intersections. It should not contain anything sensitive, and does not matter if another person can observe it. |
This is the information that is presented to the individual. If they receive incorrect information, they may act in an unsafe manner. However, there are other indicators that would alert them to any hazards, such as an oncoming vehicle or crossing safety lights. |
If this information is not made available to the pedestrian, then the system has not operated correctly. |
Micromobility Vehicle OBE |
Other Micromobility Vehicle OBEs |
MMV profile |
Not Applicable |
Moderate |
Moderate |
Information is partially observable, and is unlikely to compromise the vehicle user in any sense. |
Some level of assurance that the information is correct is necessary as the information may be used to grant access to limited-access pathways. |
Limited access pathways dedicated to particular types of MMVs should be generally available so as to ensure use of the asset. |
Micromobility Vehicle OBE |
Other Micromobility Vehicle OBEs |
personal location |
Not Applicable |
High |
Moderate |
This data is intentionally transmitted to everyone via a broadcast. It can also be determined via other visual indicators. |
An incorrect location message could lead to a false warning or lack of warning. A lack of warning can have obvious catastrophic consequences, while a false warning could lead to users ignoring warnings due to perceived inaccuracy. Given that this triple may apply to highly dynamic environments (such as work zones), its accuracy is paramount, and thus if sent, must have HIGH integrity. |
There are other visual indicators about the geofenced areas. PID users in dynamic environments (incident and work zones) should know when they are leaving a geofenced area. As long as they remain in the geofenced area, this information is not as necessary. Not all pedestrians will carry a personal information device, and the system should be able to operate without this information. |
Micromobility Vehicle OBE |
Other Micromobility Vehicle OBEs |
VRU cluster information |
Low |
High |
Moderate |
Information intentionally shared with surrounding users that might cooperate. Initial use cases suggest broadcast-mode communications, and no presumption of obfuscation. |
MMV clustering applications need timeliness and protection of data to ensure that platooning-like operations happen without incident. Data integrity protections rated higher than availability because incorrect/modified data could lead to catastrophic consequences given the lack of protection that most MMVs offer, and the fact that they operate in close proximity to pedestrians. |
MMV clustering applications need timeliness and protection of data to ensure that platooning-like operations happen without incident. Data integrity protections rated higher than availability because incorrect/modified data could lead to catastrophic consequences given the lack of protection that most MMVs offer, and the fact that they operate in close proximity to pedestrians. |
Micromobility Vehicle OBE |
Other Micromobility Vehicle OBEs |
VRU hazard event |
Low |
High |
Moderate |
Information intentionally shared with surrounding users that might cooperate. Initial use cases suggest broadcast-mode communications, and no presumption of obfuscation. |
MMV clustering applications need timeliness and protection of data to ensure that platooning-like operations happen without incident. Data integrity protections rated higher than availability because incorrect/modified data could lead to catastrophic consequences given the lack of protection that most MMVs offer, and the fact that they operate in close proximity to pedestrians. |
MMV clustering applications need timeliness and protection of data to ensure that platooning-like operations happen without incident. Data integrity protections rated higher than availability because incorrect/modified data could lead to catastrophic consequences given the lack of protection that most MMVs offer, and the fact that they operate in close proximity to pedestrians. |
Micromobility Vehicle OBE |
Other Micromobility Vehicle OBEs |
VRU path prediction |
Low |
High |
Moderate |
Information intentionally shared with surrounding users that might cooperate. Initial use cases suggest broadcast-mode communications, and no presumption of obfuscation. |
MMV clustering applications need timeliness and protection of data to ensure that platooning-like operations happen without incident. Data integrity protections rated higher than availability because incorrect/modified data could lead to catastrophic consequences given the lack of protection that most MMVs offer, and the fact that they operate in close proximity to pedestrians. |
MMV clustering applications need timeliness and protection of data to ensure that platooning-like operations happen without incident. Data integrity protections rated higher than availability because incorrect/modified data could lead to catastrophic consequences given the lack of protection that most MMVs offer, and the fact that they operate in close proximity to pedestrians. |
Micromobility Vehicle OBE |
Personal Information Device |
device configuration coordination |
Low |
High |
Moderate |
Unlikely that any personal or not observable information is included here. |
Misconfiguration could cause a malfunction or lead to undesireable vehicle behavior. Will only affect the one vehicle, but could be dangerous to the MMV operator. |
Service cannot operate without this flow, and there is no alternative integrated solution. Listed as 'MODERATE' and not 'HIGH' only because loss of these services would be inconvenient and disadvantageous, particulary to vulnerable road users, but not catastrophic. |
Micromobility Vehicle OBE |
Personal Information Device |
MMV profile |
Not Applicable |
Moderate |
Moderate |
Information is partially observable, and is unlikely to compromise the vehicle user in any sense. |
Some level of assurance that the information is correct is necessary as the information may be used to grant access to limited-access pathways. |
Limited access pathways dedicated to particular types of MMVs should be generally available so as to ensure use of the asset. |
Micromobility Vehicle OBE |
Transportation Information Center |
traveler sourced updates |
Moderate |
Moderate |
Low |
This is likely to include the traveler location and may include traveler identity as well. This PII could be used by an attacker to the detriment of the traveler. |
Quality of social media inputs may be highly variable, but no publicly distributable data should be exchanged without some protection over its transmission. |
While a widespread and widely used dissemination channel, social media tends to be cluttered with lots of other information, so it is not a primary dissemination channel for this information. |
MMV User |
Micromobility Vehicle OBE |
personal input |
Not Applicable |
Moderate |
Low |
Personal input similar to pressing the button on a pedestrian call at a stop light, nothing that could not be otherwise observed. |
This data does have to be correct, so the signal receives the pedestrian call. Given that the pedestrian should still not enter the intersection without feedback, this could be considered LOW. |
There are generally other ways to accomplish this flow. Depending on the pedestrian this might be MODERATE, for example for pedestrians unable to easily access the call button. |
Other Micromobility Vehicle OBEs |
Micromobility Vehicle OBE |
MMV profile |
Not Applicable |
Moderate |
Moderate |
Information is partially observable, and is unlikely to compromise the vehicle user in any sense. |
Some level of assurance that the information is correct is necessary as the information may be used to grant access to limited-access pathways. |
Limited access pathways dedicated to particular types of MMVs should be generally available so as to ensure use of the asset. |
Other Micromobility Vehicle OBEs |
Micromobility Vehicle OBE |
personal location |
Not Applicable |
High |
Moderate |
This data is intentionally transmitted to everyone via a broadcast. It can also be determined via other visual indicators. |
An incorrect location message could lead to a false warning or lack of warning. A lack of warning can have obvious catastrophic consequences, while a false warning could lead to users ignoring warnings due to perceived inaccuracy. Given that this triple may apply to highly dynamic environments (such as work zones), its accuracy is paramount, and thus if sent, must have HIGH integrity. |
There are other visual indicators about the geofenced areas. PID users in dynamic environments (incident and work zones) should know when they are leaving a geofenced area. As long as they remain in the geofenced area, this information is not as necessary. Not all pedestrians will carry a personal information device, and the system should be able to operate without this information. |
Other Micromobility Vehicle OBEs |
Micromobility Vehicle OBE |
VRU cluster information |
Low |
High |
Moderate |
Information intentionally shared with surrounding users that might cooperate. Initial use cases suggest broadcast-mode communications, and no presumption of obfuscation. |
MMV clustering applications need timeliness and protection of data to ensure that platooning-like operations happen without incident. Data integrity protections rated higher than availability because incorrect/modified data could lead to catastrophic consequences given the lack of protection that most MMVs offer, and the fact that they operate in close proximity to pedestrians. |
MMV clustering applications need timeliness and protection of data to ensure that platooning-like operations happen without incident. Data integrity protections rated higher than availability because incorrect/modified data could lead to catastrophic consequences given the lack of protection that most MMVs offer, and the fact that they operate in close proximity to pedestrians. |
Other Micromobility Vehicle OBEs |
Micromobility Vehicle OBE |
VRU hazard event |
Low |
High |
Moderate |
Information intentionally shared with surrounding users that might cooperate. Initial use cases suggest broadcast-mode communications, and no presumption of obfuscation. |
MMV clustering applications need timeliness and protection of data to ensure that platooning-like operations happen without incident. Data integrity protections rated higher than availability because incorrect/modified data could lead to catastrophic consequences given the lack of protection that most MMVs offer, and the fact that they operate in close proximity to pedestrians. |
MMV clustering applications need timeliness and protection of data to ensure that platooning-like operations happen without incident. Data integrity protections rated higher than availability because incorrect/modified data could lead to catastrophic consequences given the lack of protection that most MMVs offer, and the fact that they operate in close proximity to pedestrians. |
Other Micromobility Vehicle OBEs |
Micromobility Vehicle OBE |
VRU path prediction |
Low |
High |
Moderate |
Information intentionally shared with surrounding users that might cooperate. Initial use cases suggest broadcast-mode communications, and no presumption of obfuscation. |
MMV clustering applications need timeliness and protection of data to ensure that platooning-like operations happen without incident. Data integrity protections rated higher than availability because incorrect/modified data could lead to catastrophic consequences given the lack of protection that most MMVs offer, and the fact that they operate in close proximity to pedestrians. |
MMV clustering applications need timeliness and protection of data to ensure that platooning-like operations happen without incident. Data integrity protections rated higher than availability because incorrect/modified data could lead to catastrophic consequences given the lack of protection that most MMVs offer, and the fact that they operate in close proximity to pedestrians. |
Other PIDs |
Personal Information Device |
personal location |
Not Applicable |
High |
Moderate |
This data is intentionally transmitted to everyone via a broadcast. It can also be determined via other visual indicators. |
An incorrect location message could lead to a false warning or lack of warning. A lack of warning can have obvious catastrophic consequences, while a false warning could lead to users ignoring warnings due to perceived inaccuracy. Given that this triple may apply to highly dynamic environments (such as work zones), its accuracy is paramount, and thus if sent, must have HIGH integrity. |
There are other visual indicators about the geofenced areas. PID users in dynamic environments (incident and work zones) should know when they are leaving a geofenced area. As long as they remain in the geofenced area, this information is not as necessary. Not all pedestrians will carry a personal information device, and the system should be able to operate without this information. |
Other PIDs |
Personal Information Device |
VRU cluster information |
Low |
High |
Moderate |
Information intentionally shared with surrounding users that might cooperate. Initial use cases suggest broadcast-mode communications, and no presumption of obfuscation. |
MMV clustering applications need timeliness and protection of data to ensure that platooning-like operations happen without incident. Data integrity protections rated higher than availability because incorrect/modified data could lead to catastrophic consequences given the lack of protection that most MMVs offer, and the fact that they operate in close proximity to pedestrians. |
MMV clustering applications need timeliness and protection of data to ensure that platooning-like operations happen without incident. Data integrity protections rated higher than availability because incorrect/modified data could lead to catastrophic consequences given the lack of protection that most MMVs offer, and the fact that they operate in close proximity to pedestrians. |
Other PIDs |
Personal Information Device |
VRU hazard event |
Low |
High |
Moderate |
Information intentionally shared with surrounding users that might cooperate. Initial use cases suggest broadcast-mode communications, and no presumption of obfuscation. |
MMV clustering applications need timeliness and protection of data to ensure that platooning-like operations happen without incident. Data integrity protections rated higher than availability because incorrect/modified data could lead to catastrophic consequences given the lack of protection that most MMVs offer, and the fact that they operate in close proximity to pedestrians. |
MMV clustering applications need timeliness and protection of data to ensure that platooning-like operations happen without incident. Data integrity protections rated higher than availability because incorrect/modified data could lead to catastrophic consequences given the lack of protection that most MMVs offer, and the fact that they operate in close proximity to pedestrians. |
Other PIDs |
Personal Information Device |
VRU path prediction |
Low |
High |
Moderate |
Information intentionally shared with surrounding users that might cooperate. Initial use cases suggest broadcast-mode communications, and no presumption of obfuscation. |
MMV clustering applications need timeliness and protection of data to ensure that platooning-like operations happen without incident. Data integrity protections rated higher than availability because incorrect/modified data could lead to catastrophic consequences given the lack of protection that most MMVs offer, and the fact that they operate in close proximity to pedestrians. |
MMV clustering applications need timeliness and protection of data to ensure that platooning-like operations happen without incident. Data integrity protections rated higher than availability because incorrect/modified data could lead to catastrophic consequences given the lack of protection that most MMVs offer, and the fact that they operate in close proximity to pedestrians. |
Pedestrian |
Personal Information Device |
personal input |
Not Applicable |
Moderate |
Low |
Personal input similar to pressing the button on a pedestrian call at a stop light, nothing that could not be otherwise observed. |
This data does have to be correct, so the signal receives the pedestrian call. Given that the pedestrian should still not enter the intersection without feedback, this could be considered LOW. |
There are generally other ways to accomplish this flow. Depending on the pedestrian this might be MODERATE, for example for pedestrians unable to easily access the call button. |
Personal Information Device |
Micromobility Vehicle OBE |
device configuration coordination |
Low |
High |
Moderate |
Unlikely that any personal or not observable information is included here. |
Misconfiguration could cause a malfunction or lead to undesireable vehicle behavior. Will only affect the one vehicle, but could be dangerous to the MMV operator. |
Service cannot operate without this flow, and there is no alternative integrated solution. Listed as 'MODERATE' and not 'HIGH' only because loss of these services would be inconvenient and disadvantageous, particulary to vulnerable road users, but not catastrophic. |
Personal Information Device |
Other PIDs |
personal location |
Not Applicable |
High |
Moderate |
This data is intentionally transmitted to everyone via a broadcast. It can also be determined via other visual indicators. |
An incorrect location message could lead to a false warning or lack of warning. A lack of warning can have obvious catastrophic consequences, while a false warning could lead to users ignoring warnings due to perceived inaccuracy. Given that this triple may apply to highly dynamic environments (such as work zones), its accuracy is paramount, and thus if sent, must have HIGH integrity. |
There are other visual indicators about the geofenced areas. PID users in dynamic environments (incident and work zones) should know when they are leaving a geofenced area. As long as they remain in the geofenced area, this information is not as necessary. Not all pedestrians will carry a personal information device, and the system should be able to operate without this information. |
Personal Information Device |
Other PIDs |
VRU cluster information |
Low |
High |
Moderate |
Information intentionally shared with surrounding users that might cooperate. Initial use cases suggest broadcast-mode communications, and no presumption of obfuscation. |
MMV clustering applications need timeliness and protection of data to ensure that platooning-like operations happen without incident. Data integrity protections rated higher than availability because incorrect/modified data could lead to catastrophic consequences given the lack of protection that most MMVs offer, and the fact that they operate in close proximity to pedestrians. |
MMV clustering applications need timeliness and protection of data to ensure that platooning-like operations happen without incident. Data integrity protections rated higher than availability because incorrect/modified data could lead to catastrophic consequences given the lack of protection that most MMVs offer, and the fact that they operate in close proximity to pedestrians. |
Personal Information Device |
Other PIDs |
VRU hazard event |
Low |
High |
Moderate |
Information intentionally shared with surrounding users that might cooperate. Initial use cases suggest broadcast-mode communications, and no presumption of obfuscation. |
MMV clustering applications need timeliness and protection of data to ensure that platooning-like operations happen without incident. Data integrity protections rated higher than availability because incorrect/modified data could lead to catastrophic consequences given the lack of protection that most MMVs offer, and the fact that they operate in close proximity to pedestrians. |
MMV clustering applications need timeliness and protection of data to ensure that platooning-like operations happen without incident. Data integrity protections rated higher than availability because incorrect/modified data could lead to catastrophic consequences given the lack of protection that most MMVs offer, and the fact that they operate in close proximity to pedestrians. |
Personal Information Device |
Other PIDs |
VRU path prediction |
Low |
High |
Moderate |
Information intentionally shared with surrounding users that might cooperate. Initial use cases suggest broadcast-mode communications, and no presumption of obfuscation. |
MMV clustering applications need timeliness and protection of data to ensure that platooning-like operations happen without incident. Data integrity protections rated higher than availability because incorrect/modified data could lead to catastrophic consequences given the lack of protection that most MMVs offer, and the fact that they operate in close proximity to pedestrians. |
MMV clustering applications need timeliness and protection of data to ensure that platooning-like operations happen without incident. Data integrity protections rated higher than availability because incorrect/modified data could lead to catastrophic consequences given the lack of protection that most MMVs offer, and the fact that they operate in close proximity to pedestrians. |
Personal Information Device |
Pedestrian |
personal updates |
Not Applicable |
Moderate |
Moderate |
This data is informing the pedestrian about the safety of the intersections. It should not contain anything sensitive, and does not matter if another person can observe it. |
This is the information that is presented to the individual. If they receive incorrect information, they may act in an unsafe manner. However, there are other indicators that would alert them to any hazards, such as an oncoming vehicle or crossing safety lights. |
If this information is not made available to the pedestrian, then the system has not operated correctly. |
Personal Information Device |
Transportation Information Center |
traveler sourced updates |
Moderate |
Moderate |
Low |
This is likely to include the traveler location and may include traveler identity as well. This PII could be used by an attacker to the detriment of the traveler. |
If this information is not correct the end user of the TIC will likely find othe avenues for obtaining this information. |
If this interface is not available the traveler will likely find other means to acquire the necessary information. |