Cisco Solutions for Secure Cellular-Connected Roadways with Catalyst SD-WAN Solution Overview
Available Languages
Bias-Free Language
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
What if you could easily and securely connect highly distributed Intelligent Transportation System (ITS) assets over cellular networks? We give you the solutions to quickly and easily configure connectivity to align with business goals.
Roadway operators need to securely connect widely distributed systems and equipment at the roadside and intersections to enable them to meet their goals of enhancing road user safety, reducing congestion, and achieving sustainability goals. Many ITS devices are in remote locations where cellular connectivity is the best option for communication.
This Cisco® Validated Designs for roadways helps you securely connect all your ITS equipment back to the traffic management/operations center, and to the public cloud, over cellular networks. You gain all the benefits of enterprise-grade VPN connectivity and security without the complexity, running on Cisco’s compact, ruggedized hardware.
Components of the Cisco solution for secure connected roadways
● Peace of mind with 256-bit quantum-resistant Advanced Encryption Standard (AES) encryption over the public internet, with automatically provisioned VPNs.
● Protection for your ITS equipment with zero-trust access for Ethernet-connected ITS devices, using 802.1X and MAC Authentication Bypass (MAB).
● Cybersecurity right from the edge with a next-generation firewall in the traffic cabinet.
● Full ITS protocol-level visibility into network traffic.
● Easy deployment with Cisco Validated Profiles (CVPs) published by Cisco. With a single click you can import profiles into Catalyst SD-WAN Manager via the Configuration Catalog, and benefit from best-practice templates.
● Catalyst SD-WAN measures packet loss, jitter and latency, allowing SLA based intelligent routing to be dynamically adjusted; differentiated service for the most critical ITS workloads.
The importance of ITS cybersecurity
More and more roadway devices are being connected as part of ITS adoption and modernization. ITS is viewed by many nation states, including the US and the EU, as critical infrastructure. As operators connect increasing numbers of signalized intersections and roadside systems, a solution is needed that will scale up to support thousands of sites. And as the number of connected systems increases, the attack surface grows rapidly. It is therefore imperative that the underlying network infrastructure that connects systems is highly resilient to cyberattacks.
Given the remote location of many ITS devices, cellular connectivity is often the preferred solution. Therefore, the use of a VPN over the cellular network and the public internet is essential to protect the data traffic, which is itself mostly unencrypted, to and from the ITS. However, VPNs are complicated to deploy and manage.
Similarly, most roadway operators have no network segmentation or network access authentication today, meaning any device – legitimate or otherwise – can have free and unimpeded access to the whole ITS data network, putting the network and ITS systems at risk.
Visibility into which devices are connected to the data network, the protocols those devices are using, and the devices and systems between which communication is taking place is vital; however, these are frequently blind spots for roadway operators.
Ruggedized networking
Whether you need a small DIN rail-mounted industrial router to go in a NEMA cabinet or a fully weather-proof IP67-rated one, Cisco Catalyst™ industrial routers have you covered. The Cisco Catalyst IR1101 and IR1800 Rugged Series Routers are compact and powerful secure gateways, the Catalyst IR8100 Heavy Duty Series Router has its own enclosure, and the 19-inch Catalyst IR8300 Rugged Series Router delivers against the most demanding requirements. All of these work as part of the Cisco Catalyst SD-WAN solution, and all have options for modular 4G/LTE and 5G (public and private), including active-active cellular and cellular in combination with other WAN technologies.
Secure provisioning
A certificate-backed zero-touch onboarding workflow can be used to securely add new network elements to your Cisco Catalyst SD-WAN fabric, with VPN tunnels back to hub locations automatically being created. And this can be done by field technicians, without the need for deep networking expertise.
Tried and tested customer-validated architecture
The network and security architecture has been developed in conjunction with our lead roadway customers, helping ensure that the deployment options allow flexibility and that the template defaults satisfy the majority of roadway operator requirements right out of the box. Full end-to-end network segmentation and next-generation firewall policies are included as standard when you install the CVPs from the Catalyst SD-WAN Configuration Catalog.
Cybersecurity insights
Most roadway operator CIOs, CISOs, and operations leaders share the challenge of a lack of visibility into what is connected to their ITS data network and communications paths that exist. Cisco Cyber Vision gives them this visibility, including Deep-Packet Inspection (DPI) of more than 20 ITS protocols. Moreover, deploying Cyber Vision to thousands of Cisco network elements is now fully automated by Catalyst SD-WAN Manager.
Ecosystem
Optimized based on interoperability testing with key roadway/ITS ecosystem vendors, Cisco’s validated designs for roadways is designed to work easily with your operation. Whether you need to connect ITS devices from the roadside back to an operations center, a data center, or directly to cloud services for the latest AI-powered use cases, Cisco engineers have tested and documented each scenario.
Table 1. Use cases for connected ITS
| Use case |
| Securely connect traffic cabinets and ITS assets back to the operator network. |
| Connected intersections/junctions – monitor, configure, and troubleshoot traffic signals/lights. |
| RWIS – Remote weather information system. |
| Digital variable message signs (DMS/VMS) – monitor, configure, and troubleshoot. |
| Advanced safety, including LiDAR/RADAR, V2X, and edge compute. |
Cisco has a field-proven, secure industrial networking portfolio, deployed by roadway operators worldwide, combined with the latest enterprise-grade software-defined networking capabilities, for end-to-end segmentation and zero-trust networking.
Only Cisco can securely connect ITS assets using cellular, wireless, and fiber solutions, based on a common, scalable architecture.
Financing to help you achieve your objectives
Cisco Capital® can help you acquire the technology you need to achieve your objectives and stay competitive. We can help you reduce CapEx. Accelerate your growth. Optimize your investment dollars and ROI. Cisco Capital financing gives you flexibility in acquiring hardware, software, services, and complementary third-party equipment. And there’s just one predictable payment. Cisco Capital is available in more than 100 countries. Learn more.