Working together without borders, security with: the new standard in traffic management
Published on mobiliteit.nl by Ronald van Katwijk
Traffic flows don’t stop at the boundaries of a municipality. A traffic jam on the motorway near Rotterdam has an immediate impact on the urban network of Delft. A major event on Maliebaan in The Hague requires coordination across the region. The need to work together across the boundaries of management zones is greater than ever. Road managers want to be able to see each other’s traffic lights, coordinate the deployment of traffic control measures, adjust traffic management scenarios, and operate each other’s instruments in case of calamities. But in an era of increasing digital threats and strict legislation such as NIS2, BIO, GDPR and the Archives Law, this type of collaboration is no longer viable.
From trusting blindly to demonstrable control.
“We share everything, unless it’s private.” For years, this was the way road managers worked. They placed the interests of road users first and sought collaboration across management zones to further this aim. It was a model based on trust. But in the current cybersecurity landscape, trust is not a viable security strategy. An open system comes with unacceptable risks. A configuration error in one domain can bring down a whole region, and fuzzy separation can make it impossible to demonstrate who had access to what whenever a data leak occurs or during an audit.
The requirements stipulated by the NIS2 guideline and privacy legislation are forcing us to rethink the way we work together. Collaboration can no longer be based on open doors; it has to be based on strict controls. The new motto is: “We share nothing, unless it has been explicitly approved.” This may seem strict, but it is the only way to guarantee security, privacy, and operational stability.
A powerful system: and simple for the operator.
To make these strict requirements workable, what is needed is an advanced system of roles, rights, and domains. The newest generation of network management systems (NMSs) will have to provide this. MobiMaestro Next is such a next-gen NMS. In MobiMaestro Next, every road manager has their own, fully separated environment: their own domain. This provides optimal robustness: this domain will be unaffected by errors or problems in a neighboring domain. Incidents, inadvertent changes, or technical glitches will thus be confined to the domain in question and cannot spread. This means that operational stability for the other road managers is guaranteed.
At the same time, the system gives the road manager certain specific facilities that they can use to give third parties access to their environment in a controlled manner. From your domain, you share the specific information that is required for collaboration. You want a neighboring municipality to be able to see your TLCs but not operate them? Use user and permission groups to configure this at granular level. For example by giving a group of users from the other domain access to look over your shoulder, without giving them control of your assets.
Invisible boundaries for the user.
The strength of this system lies in a paradox: although the separation behind the scenes is stricter than ever, the user will not notice this. Just as management zone boundaries are effectively invisible to road users, the management zone boundaries in this system can be configured to remain invisible to the user.
Thanks to smart connections, users log in once (single sign-in) and then immediately see an integrated picture. The TLCs of neighboring road managers appear seamlessly on the map alongside the manager’s own instruments, as long as the correct rights have been assigned. Need to intervene in the neighboring management zone? The user can switch easily, without having to log in again, while the system checks in the background whether the right authorizations are in place.
Future-proof collaboration.
This approach leads to much stronger information security. Logging in takes place per domain, which makes it easier to demonstrate compliance with GDPR and NIS2. At the same time, the system retains flexibility to work together immediately whenever a calamity occurs.
Working together across management zone boundaries is no longer a choice but a stark necessity. By switching from a trust-based model to a control-based model, MobiMaestro Next creates an environment that is not only more secure and more robust, but also future-proof. You are in control of your own domain, while your users continue to work across boundaries.
