The transformation of global transportation is accelerating. From connected vehicles to cloud-based traffic management, the evolution of Intelligent Transportation Systems (ITS) is redefining how cities move, how infrastructure communicates, and how people experience mobility. At the heart of this transformation lies Vehicle-to-Everything (V2X) communication—enabling real-time interaction between vehicles, roadside units, and cloud platforms. Yet, as this ecosystem grows more interconnected, it also becomes increasingly vulnerable.
In a world where a single cyberattack could disrupt traffic flows, disable communication networks, or compromise public safety, cybersecurity is no longer an afterthought—it is mission-critical. And now, new regulatory pressure is raising the bar for how ITS operators and technology providers must respond.
A Hyperconnected Threat Landscape
The integration of 5G, wireless modules, and satellite-based connectivity has enabled the real-time exchange of traffic, vehicle, and infrastructure data on an unprecedented scale. According to the Ericsson Mobility Report,[1] data traffic is growing at over 25% annually, driven by mobility applications such as V2X and intelligent road infrastructure.
This surge in connectivity, while enabling smarter and more efficient transport systems, also increases the attack surface. As noted by Darktrace,[2] transportation systems have become prime targets for threat actors, with ransomware, data breaches, and system takeovers now becoming plausible risks. The convergence of operational technology (OT) and IT in transport makes securing endpoints, communication links, and control centers more urgent than ever.
NIS2: Europe's Cybersecurity Mandate for Critical Sectors
Recognizing these rising risks, the European Union adopted the NIS2 Directive to strengthen cybersecurity across essential services—including the transport sector. Replacing the original NIS Directive, NIS2 expands its scope to include more organizations, imposes stricter obligations, and introduces serious penalties for non-compliance.
According to Advisera,[3] organizations must:
- Implement technical and organizational cybersecurity measures across their systems.
- Monitor and report significant security incidents within 24 hours.
- Conduct supply chain risk assessments and ensure vendor compliance.
- Assign clear cybersecurity responsibilities to executive-level management.
Unlike its predecessor, NIS2 does not focus solely on large-scale infrastructure. It now covers medium-sized and some smaller organizations if they play a role in essential services. For the ITS ecosystem, this means that both public authorities and private technology providers—including those delivering V2X communications, traffic control systems, and wireless modules—must ensure their cybersecurity readiness.
V2X and Wireless Connectivity: Critical and Vulnerable
The Global Growth Insights report[4] shows that the wireless module market in transportation is projected to grow at double-digit rates, driven by applications such as real-time vehicle data exchange, connected intersections, and predictive traffic analytics. But as reliance on wireless communications intensifies, so does the complexity of securing them.
As V2X adoption scales, the ITS sector must protect against threats like spoofed signals, man-in-the-middle attacks, and data interception. Security must be embedded not just in devices, but across protocols, firmware, and cloud infrastructures. This aligns directly with NIS2's broader expectations of supply chain responsibility and system-wide risk management.
A Collective Responsibility: Operators, Integrators, and Technology Providers
The future of ITS cybersecurity does not rest on one party alone. It requires a collaborative approach across the value chain—where regulators set expectations, operators demand secure infrastructure, and vendors deliver solutions that align with both performance and protection.
Forward-looking technology providers are already adapting. For example, some are embedding security-by-design into their product development processes, aligning with international standards like IEC 62443. Others are forming dedicated cybersecurity task forces, developing incident response plans, and enhancing supply chain transparency to help partners meet NIS2 and similar regulatory requirements.
Moxa, a long-standing partner in the ITS sector, is one such provider aligning its strategies with cybersecurity mandates. With deep experience in secure networking and industrial communications, Moxa actively supports ITS stakeholders through secure-by-design products—helping customers not only achieve compliance but also build resilience for the road ahead.
The Road Forward: Cybersecurity as an Enabler of Trusted Mobility
As ITS evolves to support more autonomous, connected, and data-intensive operations, cybersecurity must evolve from a compliance checkbox to a design principle. NIS2 may be a European regulation, but its influence is global—setting new benchmarks for governance, accountability, and technical readiness.
Cybersecurity is not just about defending against threats—it's about enabling the digital transformation of transportation with confidence. In the era of intelligent mobility, resilience is what keeps progress moving.
For more information, visit Moxa's ATMS Microsite.