Ensuring Cybersecurity & Resilience

The challenge 

As vehicles and infrastructure increasingly communicate with one another, cybersecurity has become a decisive factor in ensuring safe and reliable mobility. Connected mobility relies on the continuous exchange of real-time data — such as vehicle position, speed, and expected arrival times — to enable functions like prioritizing emergency vehicles and public transport. However, this constant data exchange also creates potential vulnerabilities.

One of the greatest risks lies in the manipulation of priority signals. If a system were hacked and false priority messages were sent — for example, instructing an ambulance that it has right of way when it does not — dangerous and potentially fatal situations could arise. More broadly, cyberattacks on Intelligent Transport Systems (ITS) could disrupt entire cities. Imagine if traffic signals in major metropolitan areas all switched to red simultaneously due to a hack, or if autonomous vehicles were manipulated, received incorrect in-vehicle information, violated traffic regulations, or were hijacked. Such incidents would threaten both public safety and economic stability.

The ITS industry has already experienced an increase in cyberattacks. Examples include hacked Variable Message Signs displaying misleading information, traffic signals being accessed with simple tools, and ransomware attacks targeting public transport operators. While some incidents were presented as jokes or demonstrations, they exposed how accessible and vulnerable systems can be. Long hardware lifecycles, outdated passwords, lack of updates, and insufficiently modernized Traffic Management Systems further increase exposure to threats. As cities become data hubs within the broader Smart City vision, many systems remain inadequately protected, sometimes relying on a single password that can be compromised through brute force attacks.

At the same time, public concerns about privacy and misuse of personal data must be addressed. In a connected mobility environment, trust is essential. Without robust safeguards ensuring confidentiality, integrity, availability, and authenticity of data, neither road users nor authorities can confidently rely on these systems. Innovation in connected and autonomous mobility must therefore go hand in hand with uncompromising cybersecurity.

The solution 

SWARCO integrates cybersecurity into connected mobility systems from the very beginning — security by design. In Cooperative Connected and Automated Mobility (CCAM) systems, communication points such as vehicles, traffic lights, and roadside infrastructure are secured using a Public Key Infrastructure (PKI). This enables every “station” within the system to certify its communication, ensuring that only authenticated and trusted messages are accepted. By validating communication partners and preventing manipulation of priority signals, SWARCO significantly reduces the risk of dangerous interference.

Strict data minimization principles are applied throughout the system. Data used within C-ITS environments is not personalized and cannot be traced back to individuals. Vehicle identities are changed frequently to prevent tracking, ensuring privacy while still enabling essential safety functions such as right-of-way prioritization and safer traffic routing.

Cybersecurity measures extend across all layers of communication and data processing. SWARCO implements protections covering application security, network security, information security, and operational security, alongside structured disaster recovery and business continuity processes. The four key principles of cybersecurity — confidentiality, integrity, availability, and authenticity — are embedded into system architecture. Data in transit and at rest is encrypted using Transport Layer Security, digital certificates validate data integrity, systems are monitored 24/7, and multifactor authentication adds an additional layer of protection against unauthorized access.

Continuous improvement is central to SWARCO’s approach. Dedicated cybersecurity teams conduct recurring penetration tests and security assessments to proactively identify and close vulnerabilities. The mobility management platform MyCity, developed by an ISO/IEC 27001-certified entity, follows internationally recognized security standards. SWARCO also actively participates in certification and standardization committees at EU level, collaborating even with competitors to raise overall security requirements for highway and connected mobility projects.

By combining technological innovation with robust cybersecurity standards, SWARCO ensures that connected mobility systems are not only intelligent and efficient but also secure and trustworthy. This balanced approach enables cities to embrace digital transformation, autonomous mobility, and Smart City connectivity with confidence — protecting infrastructure, safeguarding citizens, and maintaining public trust.

CYBERSECURITY PRINCIPLES IN ITS

Confidentiality 
Data in transit and at rest is protected from unauthorized access and eavesdropping.

Integrity 
Traffic data and control commands cannot be altered or misused by unauthorized parties.

Availability 
Systems and services remain accessible when needed to maintain safe and continuous traffic operations.

Authenticity 
All communication partners — vehicles, infrastructure and systems — are verified and trusted.

SECURITY MEASURES AT SWARCO

• Digital certificates and PKI-based authentication
• Transport Layer Security (TLS) for encrypted communication
• 24/7 system monitoring
• Multi-factor authentication for users and operators
• Regular penetration tests and security assessments
• Security-by-design aligned with standards and certification initiatives