“It cannot happen to us” is one of many common myths regarding cybersecurity in the transportation industry. The traditional view that the threats to transportation are low probability and low impact keep agencies from mitigating security threats to transportation critical infrastructure. Current transportation systems depend on closed proprietary systems, which are enhanced by connected cyber-physical systems. Variable Message Signs (VMS) deliver advisory information to road users to ensure safe and efficient trips. Since the first VMS physical hacking more than a decade ago, the importance of VMS security has been a pressing one. VMS hacks can include physical and remote breaches due to the weak protection of the signs and cyber-physical systems. In 2014, multiple cyber-attacks on signs by “Sun Hacker” pushed the Department of Homeland Security (DHS), which includes the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), and the Federal Highway Administration (FHWA) to investigate breaches more seriously. It is known that hackers breach cyber systems daily, but white hat hackers have given transportation officials information to help them rethink Intelligent Transportation Systems (ITS) infrastructure security gaps to prevent harm to road users and financial losses. This study employs a risk-based approach to conducting a threat assessment. This threat assessment performs a qualitative vulnerability-oriented threat analysis. The objective is to investigate safety, security, reliability, and operation issues that are triggered by compromised VMS. Additionally, countermeasures are proposed to prevent the failure of critical infrastructure. The outcome is anticipated to be of special interest and usefulness to policymakers and engineers concerned with the potential vulnerabilities of the ITS’s infrastructure.