Security threats are events or circumstances that adversely impact a surface transportation system or communication between systems. Threats cover a broad spectrum and include errors, fraud, disgruntled employees, fire, water damage, hackers, terrorist acts, viruses, and natural disasters. For the ITS Architecture, general threat categories are identified that encompass all of these specific threats, but allow threats to be categorized in a general way. The four general threat categories are as follows:
- Deception: a circumstance or event that may result in an authorized entity receiving false data and believing it to be true.
- Disruption: a circumstance or event that interrupts or prevents the correct operation of system services and functions.
- Usurpation: a circumstance or event that results in control of system services or functions by an unauthorized entity.
- (Unauthorized) Disclosure: a circumstance or event whereby an entity gains access to data for which the entity is not authorized. The system implementer and system manager must ultimately identify and analyze specific threats to determine the likelihood of their occurrence and their potential to harm a specific ITS system. Security Threats, along with Security Objectives, provide the basis for evaluating appropriate security services.