Introduction

This FAQ answers the questions highway authorities, local authorities and ITS integrators typically ask about resilient, secure connectivity for roadside infrastructure.

A companion to the CSL white paper: Resilient Connectivity Traffic Management – ITS

Traffic Systems

FAQs:

Related reading:

For more detail on the connectivity options referenced in this FAQ, see CSL rSIM Solutions and CSL IoT Routers.

What is roadside ITS, and why is its connectivity now a security topic?

Intelligent Transport Systems (ITS) cover the networked devices along the road: ANPR (automatic number plate recognition) cameras, CCTV, radar and LiDAR, variable message signs (VMS), and traffic signal controllers. Each used to be a relatively isolated roadside asset. Today they are IP-connected, remotely managed, and feeding analytics and control platforms in real time. That connectivity is now part of the operational system, which means its resilience and security matter as much as the devices themselves.

Road Traffic - single lane

Isn’t network segmentation enough to protect roadside devices?

Segmentation is necessary but not sufficient. VLANs, firewalls and access controls limit how far an attacker can move inside a network, which reduces the impact of a compromise. What segmentation does not do is remove a shared upstream dependency. If many devices share one broadband circuit or one mobile core, segmentation inside the control centre is irrelevant when that single path goes down; no data arrives either way.

Roadway works

What is the “shared-dependency risk” in plain terms?

It’s the single point of failure that sits upstream of all your devices. When ANPR, CCTV, VMS and signal control all ride the same broadband or commodity cellular path, one event (a cut fibre, a mobile-core outage, a denial-of-service attack) can take every one of them offline at the same moment. Enforcement stops recording, operators lose situational awareness, signs freeze on stale messages, and recovery depends on a provider you don’t control.

Traffic Management System

What is a security overlay communications layer?

It’s a dedicated connectivity path for your operational devices that runs separately from, and independently of, the corporate or site network. Think of it as an “outer” layer: corporate IT (email, finance, HR) stays on the inner network, while roadside ITS runs on a separate, independently resilient path designed and managed for always-on operation. The design goal is to avoid a shared upstream dependency, so a failure in one path should not automatically take down the other.

hand holds levitating CSL rSIM SIM image

What is DualCore® failover, and how does rSIM® fit in?

DualCore means two independent mobile operator cores, each with its own subscriber-management, packet-gateway and policy-control functions. Both DualCore profiles are multi-network/multi-RAN at the radio layer, working across multiple operators’ networks, so the multi-network benefit applies on both cores, not just one.

CSL’s rSIM® sits in the device and selects the active core. If the Primary core fails, rSIM switches to the Fallback automatically, on the SIM itself rather than in the device firmware or operating system, with no manual intervention. rSIM technology is aligned with the GSMA SGP.32 IoT eSIM standard, which supports over-the-air switching and management of network profiles without swapping the physical SIM.

Warehouse perimeter

What is a Private APN, and why does it matter for ITS?

An APN (Access Point Name) identifies the gateway between the cellular network and the wider internet or a private network. A public or shared APN puts your traffic on the open internet alongside general-purpose devices. A Private APN keeps roadside traffic within a dedicated, private network path. In the CSL architecture this is paired with end-to-end VPN encryption and is designed to avoid public internet breakout altogether, reducing exposure between the roadside device and the control centre or cloud.

Do we have to replace our devices to add this resilience?

No. On a compatible device, rSIM is a drop-in SIM replacement that fits a standard SIM slot. It adds DualCore resilience typically without firmware changes or hardware modification to the ANPR camera, radar unit, VMS or signal controller, and without tying you to a specific device manufacturer. Deployment configuration is centrally managed and subject to coverage options and service design preferences.

What if a site needs a router instead of a SIM?

CSL also supplies securely managed routers used across critical national infrastructure, utilities, and security applications such as intruder-alarm and CCTV signalling. They deliver the same security overlay: data kept on a Private APN with end-to-end VPN, designed to avoid public internet breakout; devices are shipped hardened with no default credentials; and central management and monitoring are enabled through CSL’s platforms. For a roadside cabinet that needs a router rather than a drop-in SIM, this gives the same private, resilient, centrally managed path, and dual-SIM and multi-bearer router variants add multi-network and multi-link resilience.

Road works and field worker

How could the Cyber Security and Resilience Bill affect traffic management and ITS?

Transport is already a regulated sector under the UK NIS Regulations 2018. The Cyber Security and Resilience Bill, introduced to Parliament in November 2025 and now progressing through the legislative process, proposes to expand and strengthen the UK’s cyber resilience regime, including faster incident reporting (a 24-hour initial notification and 72-hour fuller report have been proposed) and stronger supply-chain duties. The practical effect for highway authorities and their suppliers is that connectivity resilience becomes a governance and assurance question, not only an engineering one.

Note: Bill provisions and dates are subject to parliamentary passage and should be checked against the official record before being relied on.

Road Visual Management System

How does the NIS / Cyber Assessment Framework view connectivity?

Both the NIS regime and the NCSC Cyber Assessment Framework (CAF) are outcome- and risk-based. They focus on whether the systems supporting an essential function are resilient, governable and recoverable, not on prescribing one specific network design. So a single-path, publicly exposed roadside connection isn’t automatically “non-compliant”, but it is exactly the kind of arrangement an operator should be able to justify against its own risk assessment and reporting duties.

Road Traffic System

How do we assess our own roadside connectivity risk?

Five questions are a useful starting point:

  • Is there a single shared upstream dependency, such as broadband, mobile core or fibre, serving multiple ITS device types?
  • If that path fails, is failover automatic and independent at core level, or does it need manual intervention?
  • Is the APN private and dedicated, or does ITS traffic share a public APN with general-purpose devices?
  • Does traffic between roadside devices and the control centre avoid public internet breakout entirely?
  • Can resilience be added to already-deployed devices without device hardware modification or firmware change?

If the answers reveal a shared dependency, manual-only failover, a shared public APN, public internet breakout or devices that cannot be easily upgraded in place, or if any answer is unclear, there may be an unmanaged single point of failure in your estate.

Data Highway

Why CSL?

CSL provides resilient connectivity for critical IoT and manages over 3.5 million connections, with Private APN and VPN infrastructure and private connectivity to hundreds of alarm-receiving centres across Europe. The same principles that protect life-safety signalling, including private connectivity, dual-path resilience and always-on monitoring, are directly relevant to ANPR, CCTV and signal-control backhaul. It’s an established discipline being applied to a rapidly converging market.

Talk to a CSL connectivity specialist about your roadside estate, or arrange an architecture briefing.

ITS White Paper
Published on: 16th July, 2026
Sectors: Transport & Logistics
Applications: Emergency Services, EV Charging & Parking solutions, Security & Surveillance, Vehicle & Fleet Management