October 1, 2024
Updated:
October 2, 2024
Rekor Systems’ Comprehensive Cybersecurity Approaches for Safeguarding US Critical Transportation Infrastructure
Executive Summary
Rekor is at the forefront of delivering Roadway Intelligence solutions designed to enhance public safety, improve urban mobility, and optimize transportation and traffic management. In recognition of the critical role cybersecurity plays in safeguarding sensitive data, and the integrity of critical infrastructure, Rekor emphasizes a rigorous cybersecurity framework that integrates compliance with industry best practices, national standards, and proactive risk management.
This paper describes our robust cybersecurity strategies and approaches, designed to increase the security of critical transportation infrastructure from evolving cyber threats using Rekor products and solutions. It outlines our compliance with Advanced Transportation Controller (ATC) cybersecurity standards, federal cybersecurity regulations, and SOC2 certification. In addition, we maintain regular penetration testing practices to safeguard our products, solutions, and Edge-based compute systems against cyber threats. This commitment extends to our integration with AWS Cloud services, providing a robust security and reliability framework and a secure foundation for our SaaS cloud-hosted applications and data.
Introduction
In an era dominated by alarming cyber threats and digital vulnerabilities, the resilience of transportation networks against cyber-attacks remains a pressing issue. Instances of hacking into traffic control systems, manipulating of electronic road signs, or disrupting of autonomous vehicle operations serve as stark reminders of the vulnerabilities inherent in our infrastructure and the impacts to traffic operations and citizens alike. As a recent example: Kansas says it will be ‘months’ before traffic cameras, signs restored.
As cyber threats evolve, so does the need for robust cybersecurity measures. Rekor’s proactive approach integrates cutting-edge technologies and strategies to secure critical infrastructure effectively. This document provides an overview of our cybersecurity policies, the strengths of our solutions, and how we safeguard against existing and emerging threats.
Cybersecurity Landscape
Today’s interconnected world presents continuous cyber threats to integrated systems and communication networks that are crucial for roadway infrastructure. Understanding these risks is the first step in fortifying our defenses against potential disruptions.
Amidst the complexity of modern interconnected systems vital to roadway infrastructure, traffic management systems stand as vulnerable targets for evolving cyber threats. Recognizing the criticality of safeguarding these systems, Rekor adopts a proactive stance. We deploy advanced cybersecurity technologies and implement rigorous protocols to fortify our transportation management, urban mobility, and public safety solutions. By continuously monitoring for vulnerabilities and staying abreast of emerging threats, we strive to preempt potential disruptions and ensure the resilience of our infrastructure in the face of cyber challenges.
Strategic Cybersecurity Investments
Our commitment to cybersecurity is demonstrated through substantial investments in key areas:
- Edge Computing Security: We address the unique security challenges posed by Edge computing, such as scalability concerns, increased attack surface, and complex monitoring challenges, through intrusion detection and prevention systems to monitor network traffic for suspicious activity, and other strategic security measures and effective management practices.
- Cyber Threat Mitigation: We proactively defend against a wide array of cyber threats, including phishing, man-in-the-middle attacks, data manipulation, DDoS attacks, malware, industrial control system attacks, password attacks, drive-by attacks, and ransomware, employing advanced threat detection and response capabilities. We conduct regular cyber risk assessments to identify vulnerabilities and threats, regularly update software and systems with the latest security patches and fixes monthly and quarterly and utilize strong encryption methods to protect sensitive data (AES256/SHA256).
- Cybersecurity Awareness and Training: We cultivate a culture of cybersecurity awareness across the organization, providing regular training to all employees on the latest threats and best practices for prevention and response.
- Technology and Innovation: We Implement secure coding practices during software development to mitigate the risk of vulnerabilities, as well as leverage AI and machine learning technologies to enhance our cybersecurity measures, automate routine tasks, and enable real-time threat detection and response.
- Collaboration and Information Sharing: We maintain a cyber risk management team to oversee security protocols and incident response. We also engage with industry partners and regulatory bodies – such as Surface Transportation ISAC (ST-ISAC) – to continuously improve our security practices and share information, best practices, and collaborate on enhancing the security of our solutions.
By implementing this comprehensive cybersecurity approach, Rekor stands at the forefront, advocating for proactive strategies that harness cutting-edge technologies to fortify critical infrastructure against dynamic cyber risks. This document serves as a review of our cybersecurity protocols, spotlighting the robustness of our solutions and our dedication to aligning with national standards in mitigating emergent threats.
Cybersecurity Responsibilities and Standards
Proper cybersecurity program management requires delineating responsibilities to maintaining a resilient defense posture. At Rekor, we maintain a structured approach to cybersecurity governance:
- Executive Leadership: Our executive leaders provide strategic guidance, ensuring the allocation of resources necessary to achieve cybersecurity objectives effectively.
- Cybersecurity Team: Our cybersecurity team oversees the implementation, monitoring, and continual improvement of cybersecurity measures across our solutions. They conduct regular risk assessments, lead incident response efforts, and drive the evolution of our security posture.
- All Employees and Partners: Every member of our organization, as well as our trusted partners, plays a critical role. We emphasize adherence to cybersecurity policies, promote vigilance against potential threats, and encourage the prompt reporting of any suspicious activities or breaches.
Embracing Cybersecurity Standards
Aligned with our commitment to cybersecurity excellence, Rekor adheres rigorously to industry standards across all operational domains:
- Traffic Management Systems: We employ stringent cybersecurity measures to protect the integrity of devices responsible for managing traffic flow and congestion, safeguarding critical infrastructure from potential cyber threats.
- Roadway Data Collection: Our approach to collecting and analyzing traffic and vehicle data prioritizes security, preventing unauthorized access to sensitive information and ensuring the confidentiality and integrity of data assets.
- Connected Vehicle Technologies: In the realm of Vehicle-to-Everything (V2X) and Vehicle to Infrastructure (V2I) systems that involve our solutions, we prioritize the protection of data exchanges, implementing robust safeguards to defend against cyber threats and uphold the trustworthiness of communications.
- Vehicle Identification: Our vehicle identification systems used for public safety and traffic monitoring are fortified with enhanced security measures to safeguard critical data from data breaches and privacy, preserving the security, integrity, and reliability of our solutions.
Through comprehensive cybersecurity initiatives and standards adherence, Rekor remains committed to safeguarding critical infrastructure and helping our customers maintain the performance and security of their traffic and public safety deployments and operations.
Compliance with Cybersecurity Standards
Rekor’s cybersecurity approach is built on a foundation of compliance with major cybersecurity standards and regulations including:
- Advanced Transportation Controller (ATC) Standards: Rekor’s compliance with latest ATC cybersecurity standards ensures that our systems are protected using industry best practices for traffic devices, including those used in traffic management and other Intelligent Transportation System (ITS) applications. These standards focus on securing hardware and software against various cyber threats, while ensuring that they perform effectively in managing transportation systems.
- NIST 800-53, ISO 27001: Rekor complies with the NIST 800-53 security and privacy controls for information systems and organizations, as well as the ISO 27001 standard for information security management and risk mitigation. The NIST 800-53 standard focuses on defining security controls for U.S. federal information systems to protect against a wide range of risks. ISO 27001 outlines requirements for establishing a comprehensive information security management system (ISMS) that emphasizes risk assessment and treatment to manage security globally.
- Presidential Directives and Regulatory Frameworks: Rekor designs and manages its systems to comply with national security and Presidential Policy Directives (NSM-22, PPD-21, and PPD-41), TSA Regulations enforcing security protocols across all modes of transportation and critical transportation infrastructure, and laws such as the Critical Infrastructure Protection Act and Homeland Security Act. NSM-22 supersedes PPD-21 in guiding critical infrastructure security and resilience. These regulations and directives are integral to our strategic planning and risk management, facilitating robust information sharing across sectors.
- Service Organization Control 2 (SOC2): We manage our data security to comply with the SOC2 framework, which focuses on five trust service principles— security, availability, processing integrity, confidentiality, and privacy of customer data. Adherence to these principles ensures that our systems and data are protected against unauthorized access, use, or modification to meet the entity’s commitments and system requirements. SOC2 compliance involves a schedule of rigorous audits and requires us to establish and follow strict information security policies and procedures, which include the use of encryption, firewalls, and intrusion detection systems to safeguard data.
- Criminal Justice Information Services (CJIS): Rekor prides itself in compliance with standards set by the Criminal Justice Information Services Division of the FBI, which mandates that agencies and private entities implement secure, robust data protection measures, including access control, authentication, encryption, and audit logging, to safeguard sensitive information against unauthorized access and breaches.
- Connected Vehicle Technologies: In the realm of connected vehicle technologies, Rekor takes a proactive approach in implementing robust security protocols to safeguard sensitive data from unauthorized access and cyber threats. Our solutions leverage access control mechanisms, and intrusion detection systems to ensure the integrity and confidentiality of data exchanged within the environments where our technology is used. Moreover, we adhere to federal standards, such as the US Department of Transportation’s V2X and V2I protocols, ensuring compliance with industry best practices and regulatory requirements. By continuously monitoring for anomalies and potential security breaches, we enable our clients to trust in the security of their connected vehicle ecosystems, fostering confidence in the reliability and safety of their operation.
Edge Computing Security Challenges
As we embrace the transformative potential of Edge compute solutions for traffic flow monitoring and response, enhancing real-time decision-making, and bolstering public safety measures, it’s imperative to understand and mitigate security risks. At Rekor, we prioritize Edge security with a focus on both risk mitigation and innovation:
- Scalability Concerns: The distributed nature of Edge computing systems may present scalability challenges that must be carefully managed to prevent security vulnerabilities. By implementing robust scalability strategies – such as real-time threat monitoring, Edge device security, and data management controls – along with dynamic resource allocation mechanisms, we ensure that our Edge deployments can adapt seamlessly while maintaining security integrity.
- Increased Attack Surface: The proliferation of Edge computing expands the surface area where a potential attack may occur, creating a broader range of potential vulnerabilities. To counteract this, we employ a multi-layered security approach including: Edge firewalls, access control mechanisms, and threat intelligence integration to fortify our Edge environments against cyber threats, and state of the art AI & ML driven detection and response mechanisms.
- Complex Monitoring Challenge: The decentralized nature of Edge deployments may introduce complexities in monitoring and managing security measures effectively. To address this challenge, we leverage advanced monitoring tools, anomaly detection algorithms, and automated incident response systems. By continuously monitoring Edge devices and network traffic, we can swiftly detect and respond to security incidents, ensuring the integrity and availability of our Edge computing infrastructure.
Through proactive risk mitigation strategies and innovative security solutions, Rekor remains committed to safeguarding Edge computing environments, enabling our clients to leverage the full potential of Edge technology while mitigating security risks effectively.
Edge Computing and Enhanced Attack Surface Management
Rekor’s Edge computing devices are deployed in dynamic and potentially open environments across roadways, communities, cities, and multiple commercial settings, requiring specialized security considerations. We implement Edge-specific protocols, such as secure element integration and encrypted communication channels, to safeguard these devices from physical and cyber threats. Rekor further tackles these unique security challenges through:
- Enhanced Threat Detection and AI Integration: Rekor leverages state-of-the-art artificial intelligence (AI) to enhance threat detection capabilities across our networks. Our AI-driven systems enable:
- Automated Responses: Our technology provides real-time detection of threats, dramatically reducing the response time, and mitigating potential impacts efficiently.
- Nation-State Threat Identification: Utilizing advanced AI algorithms, Rekor identifies and neutralizes sophisticated cyber threats from nation-state actors – such as those highlighted by the Cybersecurity and Infrastructure Security Agency (CISA), securing critical infrastructure against high-level intrusions.
- Edge Security Specialization: With the expansion of edge computing, securing these environments is paramount. Rekor addresses this by:
- Managing Increased Attack Surfaces: Implementing advanced security protocols to manage and secure the expanded attack surfaces created by Edge computing.
- Complex Monitoring Solutions: Employing specialized tools to monitor decentralized networks, ensuring comprehensive visibility and control.
- Robust Response to Emerging Threats: Rekor’s proactive cybersecurity strategy addresses new risks introduced by technological advancements:
- Advanced Communications Security: We secure communications between increasing numbers of smart devices – including implementing strong endpoint security measures for devices connected to the Edge network, ensuring zero-trust measures are in place, requiring strong, unique passwords for authentication for every device, regular patches and updates for every node and device connected to the network to protect against known vulnerabilities and threats, and more – as a means of safeguarding data transmissions across our networks.
- Mitigation of High-Impact Threats: Our systems are strengthened to mitigate potential risks such as ransomware and DDoS attacks, ensuring continuous operation and integrity.
- Proactive Cyber Threat Mitigation: Rekor employs advanced security oversight and control, threat detection and response mechanisms to proactively address cyber threats including phishing, DDoS attacks, malware, and more. Our strategic focus includes:
- Continuous Monitoring and Real-Time Detection: Using AI and machine learning technologies to monitor systems and detect threats as they emerge.
- Incident Response and Recovery Plans: Developing and maintaining actionable plans to address and recover from cybersecurity incidents promptly.
- Regular Edge Device 3rd Party Penetration Testing: Rekor regularly subjects its Edge Devices to 3rd Party Penetrations “Black Box” testing - where the devices are subjected to rigorous testing with all vulnerabilities documented and mitigated.
Cybersecurity Monitoring for Edge Computing
At Rekor, safeguarding our Edge computing deployments against a myriad of cyber threats is paramount. Through the integration of comprehensive cybersecurity measures, we ensure robust protection for critical infrastructure and sensitive data. Our commitment to security excellence is evident through:
- Network Detection and Response (NDR): Our systems are equipped with NDR capabilities, enabling the swift detection and mitigation of network threats, including DDoS attacks, port scanning, and botnet activities.
- Endpoint Detection and Response (EDR): We prioritize endpoint security by implementing EDR solutions to defend against malware, ransomware, and other host-based attacks.
- Intrusion Prevention System (IPS) and Intrusion Detection System (IDS): Our IPS and IDS systems work in tandem to prevent and detect unauthorized access attempts and attacks on the network, bolstering our defense against cyber intrusions.
- Anomaly Detection and Response: Leveraging advanced anomaly detection techniques, we identify and respond to zero-day attacks and abnormal activities that deviate from expected behavior, ensuring prompt mitigation of emerging threats.
- Asset Visibility: We maintain comprehensive visibility and management of all network-connected assets, allow-ing us to proactively monitor and secure our infrastructure against potential vulnerabilities.
- Zero Trust Network: Rekor implements a Zero Trust Network model, enforcing strict identity verification for every individual and device attempting to access network resources. This approach ensures that access privileges are strictly controlled, regardless of the location or origin of the request.
By proactively addressing a diverse range of cyber threats, including phishing attempts, man-in-the-middle attacks, data manipulation threats, and ransomware incidents, we fortify our systems against evolving security challenges. Our relentless commitment to cybersecurity enables us to maintain the integrity and resilience of our Edge computing infrastructure, safeguarding critical operations and data assets.
Cloud Security and Compliance
AWS Cloud infrastructure stands as the gold standard in secure cloud computing environments, meticulously designed to offer unparalleled protection. With built-in core security features, AWS supports a wide array of compliance certifications and standards, ensuring that we can confidently extend security and compliance requirements for Rekor solutions that require Cloud operations. Rekor has partnered with AWS to host and deploy its cloud-based solutions through both the AWS GovCloud and commercial environments.
AWS Compliance Certifications: AWS supports 143 security standards and compliance certifications, including SOC 1/ISAE 3402, SOC 2, SOC 3, FISMA, DIACAP, FedRAMP, PCI DSS Level 1, and various ISO standards including ISO 9001, ISO 27001, ISO 27017, and ISO 27018.
To understand more about the controls in place at AWS to maintain security and data protection in the cloud, visit https://aws.amazon.com/compliance.
Security of the AWS Cloud infrastructure is managed by AWS, so customers do not incur the responsibility or cost for managing physical servers or storage devices. Instead, customers use software-based security tools to monitor and protect the flow of information into and out of cloud resources. Customers can also use AWS services and features to implement additional security controls within their environment to meet specific objectives.
AWS Cloud is architected to be flexible and secure with:
- Core infrastructure built to satisfy security requirements for the military, global banks, and other high-sensitivity organizations.
- A deep set of cloud security tools, including over 300 security, compliance, and governance services and features—the product of long-term investments in purpose-built technologies and systems to increase customer security and confidentiality.
- Data encryption ability across all 117 AWS services that store customer data.
Enhancing with AWS Cloud Services
Leveraging AWS’s secure and compliant cloud infrastructure enables Rekor to fortify our applications and safeguard sensitive data effectively. Integrating AWS into our end-to-end cybersecurity strategy bolsters our capacity to deliver secure, reliable, and compliant solutions. Here’s how AWS augments our cybersecurity posture:
- Automated Security Controls: AWS equips us with native services to efficiently manage security controls and compliance reporting. This includes AWS Artifact for on-demand access to compliance reports and AWS Audit Manager for continuous auditing of Cloud. AWS enables Rekor to gain and extend control and confidence to our customer solutions with the most flexible and secure cloud computing environment available today. More information on these and other features and services is available at Security, Identity, and Compliance on AWS.
- End-to-End Security: AWS offers a comprehensive suite of security services encompassing identity management, threat detection, and data encryption. These services empower Rekor to construct and expand secure applications on AWS’s robust cloud infrastructure.
Key Security Benefits of AWS
Keep Data Safe
AWS infrastructure puts strong safeguards in place to help protect privacy. All data is stored in data centers that use electronic surveillance and multi-factor access control systems, and maintains strict, least-privileged-based access authorizations.
Scale Security Quickly
Security scales with AWS Cloud usage.
Scale Securely with Superior Visibility and Control
Fine-grained identity and access controls are combined with continuous monitoring, so that the right people always have access to near-real-time security information.
Automate and Reduce Risk with Deeply Integrated Services
AWS uses Automated security tasks on to help reduce human configuration errors and give security and IT teams time to focus on other business-critical work. AWS services can be combined to automate tasks, making it easier for security teams to work closely with developer and operations teams to create and deploy code faster and more securely.
Build with the Highest Standards for Privacy and Data Security
All data flowing across the AWS global network of interconnected AWS Regions and Availability Zones is automatically encrypted at the physical layer before it leaves its secured facilities. Additional encryption layers can also be applied, such as all virtual private cloud cross-Region peering traffic and customer or service-to-service TLS connections.
Inherit the Most Comprehensive Security and Compliance Controls
Inherit AWS policies, architecture, and operational processes are built to satisfy the requirements of the most security-sensitive customers.
Achieve Instant Visibility into Inventory
AWS Config and resource tagging tools are used to see exactly what cloud assets are being used at any moment and easily label each asset for tracking purposes.
Harness DDoS Protection
Rekor benefits from the automatic protections of AWS Shield Standard, which defends against the most common network and transport layer DDoS attacks that target web sites and applications.
Benefit from Continuous Hardware Replacement and Upgrades
AWS is always improving their infrastructure. End-of-life hardware is replaced with the latest processors that not only improve performance and speed but also include the latest secure platform technology, like the Intel Advanced Encryption Standard New Instructions (AES-NI) encryption instruction set, which significantly speeds up the execution of the AES algorithm.
Commitment to Compliance
Rekor’s use of AWS also supports our adherence to SOC2 certification, emphasizing the importance of security, availability, processing integrity, confidentiality, and privacy of customer data. Our investment and partnership with AWS enables us to deliver secure, reliable, and compliant solutions, demonstrating our ongoing commitment to cybersecurity excellence.
Comprehensive Penetration Testing for Enhanced Cybersecurity
At Rekor, we prioritize robust cybersecurity through rigorous penetration testing practices, which encompass hardware, software applications, and network infrastructure. This integral aspect of our cybersecurity strategy involves:
- Regularly Scheduled Tests: We conduct penetration tests at predefined intervals to ensure continuous evaluation of our security posture and adherence to compliance standards.
- Comprehensive Coverage: Our testing protocols encompass a thorough examination of all facets of our systems, spanning from physical devices to application interfaces and network protocols. This holistic approach ensures that potential vulnerabilities are identified and addressed across all layers of our infrastructure.
- Expert Analysis: Skilled cybersecurity professionals lead our penetration testing efforts, employing advanced techniques to identify and assess security weaknesses comprehensively. Their expertise enables us to uncover potential threats and vulnerabilities proactively, facilitating timely mitigation measures.
Furthermore, our commitment to regular and comprehensive penetration testing is bolstered by the scalable and secure environment provided by AWS. Leveraging AWS’s robust infrastructure, we enhance our testing capabilities and ensure the integrity and resilience of our systems against evolving cyber threats.
Review and Update
This whitepaper undergoes annual reviews or as necessary to adapt to evolving cyber threats, technological advancements, and shifts in regulatory requirements. Amendments are swiftly implemented to maintain the policy’s effectiveness and alignment with industry best practices.
Conclusion
At Rekor, our commitment to advancing state-of-the-art Roadway Intelligence solutions is underpinned by a robust end-to-end cybersecurity framework. This white paper has elucidated our comprehensive security approach, which integrates advanced technologies, stringent compliance, and real-time system monitoring across all platforms, products, and data, from Edge computing to cloud environments.
This white paper highlighted our multifaceted security approach, which integrates advanced technologies, stringent compliance, and real-time monitoring of our systems with standards such as SOC2, NIST 800-53, and ISO 27001, across all platforms, products, and data, from Edge computing to cloud environments.
Our proactive cybersecurity strategy not only addresses present threats but also anticipates future challenges. By harnessing scalable and secure infrastructure, we elevate the reliability and compliance of our critical applications. Rekor’s rigorous cybersecurity measures and partnerships underscore our dedication to setting industry standards in security and reliability, bolstering the trust our clients and stakeholders place in our solutions. This commitment ensures the continuous protection and integrity of critical infrastructure supporting efficient public safety, urban mobility, and transportation management systems.
For Further Information
For more insights into Rekor’s cybersecurity strategies and practices, please reach out to our cybersecurity division directly.