Cybersecurity for the Advanced Transportation Controller (ATC) Standards


The United States Department of Transportation has supported the development of Advanced Transportation Controller (ATC) family of standards including ATC 5201 v06a, ATC 5401 v02A Application Programming Interface for the Advanced Transportation Controller Standard, and ATC 5301 v02 ATC Cabinet Standard for more than 20 years. The infrastructure community has supported  the development of these ATC family of standards as they are critically important to the deployment of ITS systems that are interoperable and sustainable nationwide. The deployment of connected vehicle (CV) technologies has brought urgency to the need for heightened security on ITS infrastructure devices and is driving changes to the ATC family of standards to ensure connected infrastructure readiness. 


The Institute of Transportation Engineers (ITE), with support from the National Electrical Manufacturers Association (NEMA), American Association of State Highway and Transportation Officials (AASHTO), SAE International, and other organizations, will develop security standards consistent with the ATC standards family to help increase the security of ITS infrastructure deployments nationwide. The project will use a systems engineering process and cybersecurity framework principles combined with a standards development process to produce interim and final deliverables.

The procedure for standards development is generally outlined as follows:  Once a decision is made to develop an ITE Standard or Recommended Practice, a committee is assigned the preparation task. The draft material is subjected to a review process before the proposed standard is published. A list of persons interested in the standard is maintained, and these individuals are kept abreast of the development of the standard. Notices are also published by ITE notifying interested parties of the status of specific standards. All comments and input received on proposed standards are addressed prior to final adoption. An appeals process is provided to resolve any final disagreements on a specific standard or to address the standards development procedures. 


This project has the following four major objectives:


  1. Establish a stakeholder group with balanced representation from both current infrastructure as well as the Connected environment that is focused on cybersecurity of all deployments based on the ATC standards (published and currently in ballot).
  2. Ensure broad outreach to infrastructure, security, and connected vehicle communities represented by AASHTO, NEMA, SAE, ITE, and other organizations. With the help of stakeholders, create a set of security needs, requirements, and design through a systems engineering process.
  3. Build a design for security for the ATC family that is deployable and sustainable nationwide. This security design improvement could also be applicable to other infrastructure and Connected Vehicle (CV) systems.
  4. Publish security updates to the ATC standards family that ensures resiliency to include the CV environment, using the systems engineering and SDO processes. 

In order to accomplish this, a broad base of stakeholders representing both the private and the public sectors is needed to provide input, review draft project deliverables, provide comments, and be a resource of expertise for the project team. The development of the standard will follow a consensus-based systems engineering process that will produce a concept of operations with user needs identified, requirements, and design details for the standard. At each phase, there will be a walkthrough reviews with the stakeholders. It is anticipated that there could be up to fifteen web-enabled meetings over the course of the project through March 2024. You do not need to be an expert in the ATC standards to contribute.

ATC Cybersecurity Working Group Roster

Stakeholders in the cybersecurity of transportation field equipment are invited including:

  • Traffic operations (especially field equipment)
  • Traffic control equipment (familiarity with ATC standards is ideal)
  • Cybersecurity (systems, devices, communications, information technology)
  • Transportation field applications (in use today and expected in the near future)
  • Automotive industry (manufacturers, suppliers, vehicle-infrastructure applications)
  • Data and services (providers of roadway data, metadata, and services that are based on roadway information)


To participate in this project, please email as follows:


Subject:               ATC Cybersecurity Stakeholder


Version No.
Overall Status Under Development
v01.02 White Paper Summarizing Prior & Ongoing Cybersecurity Research & Practices Completed 9/6/22
Project Management Plan (PMP)
  Schedule   9/15/22
  Standards Development Process Chart    

ITE's Antitrust and Conflict of Interest Meeting Guidelines

  POP Period of Performance 9/22/21-3/21/24