Introduction to Cyber Security Issues for Transportation T3 Webinar – December 7, 2011 Michael G. Dinning.

Slides:

Advertisements

Similar presentations

Overview What is the National ITS Architecture? User Services

Advertisements

Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.

1 Pipeline Security Presented to: Pipeline Safety Trust New Orleans, Louisiana November 5, 2010.

Brian Connett, LCDR, USN US NAVAL ACADEMY

State University System of Florida (11 Public Universities) Florida Atlantic University Dr. Panagiotis Scarlatos, Executive Director (UCITSS) College of.

DHS, National Cyber Security Division Overview

Distribution Statement A: Approved for Public Release; Distribution is unlimited. 1 Electronic Warfare Information Operations 29 MAR 2011 Val O’Brien.

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Advanced Traveler Information System ATIS. What are Intelligent Transportation Systems (ITS) ? The application of advanced sensor, computer, electronics,

Asia Pacific Economic Cooperation Transportation Working Group ITS Experts Group Chicago, Illinois September 2002 Walter Kulyk, P.E. Director, Office of.

Advanced Public Transit Systems (APTS) Transit ITS CEE582.

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

Homeland Security Agenda Control Systems Security Program Transportation Sector ICSJWG 2011 Spring Conference David Sawin John A. Volpe National Transportation.

APTA, Kevin Hassett, September 24, APTA Passenger Information Systems.

Center for Urban Transportation Research | University of South Florida Technology Session: 21 st Annual Transportation Disadvantaged Best Practices and.

Version Control : released 2011 December 7 U.S. Department of Transportation Federal Highway Administration Cyber Concerns for Transportation Organizations.

K E M A, I N C. Current Status of Cyber Security Issues 2004 Keynote Address Joe Weiss January 20, 2004.

Defence and Communications Systems EADS Secure Networks The role of TETRA in Homeland Security.PPT /HVi The Role of TETRA in a Holistic Homeland.

CUSTOMER RELATIONS IN THE TRAVEL INDUSTRY 6.06 Recognize the importance of safety and security in the travel industry.

AASHTO Subcommittee on Rail Transportation Sept. 18, 2012 Kevin Chesnik.

THNS 2010 Open supervision platforms for smart and sustainable cities, Yves PERREAL, Strategic studies Director, THALES.

NHTSA Cyber Security Best Practices Study Tim Weisenberger December 7, 2011.

Advancing Safety Through Innovation University Transportation Centers Safety Summit March 19-20, 2015 Jeffrey Onizuk Intelligent Transportation System.

NCHRP 20-59(48): Effective Practices for The Protection of Transportation Infrastructure From Cyber Incidents Ron Frazier, David Fletcher Co-Principal.

IntelliDrive Policy and Institutional Issues Research Valerie Briggs Team Lead, Knowledge Transfer and Policy, ITS Joint Program Office, RITA May 4, 2010.

The ISSUE conference 2014 GNSS, satellite navigation shows the way [The ISSUE Conference 2014] Mark Dumville General Manager Nottingham Scientific Limited.

Lead the Way APTA Transit Standards Development “BUS RAPID TRANSIT”

National VII Architecture – Data Perspective Michael Schagrin ITS Joint Program Office US Department of Transportation TRB 2008 Annual Meeting Session.

Definition - CommuterLink CommuterLink is an interagency transportation management system. What does that mean? Put another way, it is the use of computer.

Intelligent Transportation System (ITS) ISYM 540 Current Topics in Information System Management Anas Hardan.

National Rural Transit Assistance Program. Learning Objectives Safety Safety Security Security Emergency Preparedness Emergency Preparedness.

1 We’ve been p0wn’d? Review of 2015 Surface Transportation Cybersecurity Incidents 2015 TRB Session 850 Edward Fok USDOT/FHWA – Resource Center.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

USDOT, RITA RITA: Oversight of USDOT’s R&D programs  University Transportation Centers $100M  UTC Consortia $80M  UTC Multimodal R&D $40M  Intelligent.

Roadway Safety Panel How can ITS assist in bridging vehicle technology with roadway design and function?

V ehicle I nfrastructure I ntegration Jeffrey F. Paniati Associate Administrator for Operations and Acting Program Manager for ITS Joint Program Office.

Secure Connections for a Smarter World Dr. Shuyuan Mary Ho Assistant Professor School of Information Florida State University.

An Overview of the Smart Grid David K. Owens Chair, AABE Legislative Issues and Public Policy Committee AABE Smart Grid Working Group Webinar September.

TRANSPORTATION ENGINEERING Planes, Trains, Automobiles and More Ardrey Kell High School February 23, 2012.

1 TRB Workshop on Road Vehicle Automation Steven E. Shladover, Sc.D. California PATH Program University of California, Berkeley Jane Lappin Volpe National.

ITS Standards Program Strategic Plan Summary June 16, 2009 Blake Christie Principal Engineer, Noblis for Steve Sill Project Manager, ITS Standards Program.

INTELLIGENT TRANSPORTATION SYSTEM BY – ANTARA DEY SIKDAR M.T.R.P, Ist SEMESTER B.E.S.U.

Advanced Controls and Sensors David G. Hansen. Advanced Controls and Sensors Planning Process.

Transportation Security: The Threat, The Challenges and Our Next Steps Eva Lerner-Lam Chair, ASCE Transportation Security Committee American Society of.

Security and the National ITS Architecture ITS America 2003 Session 19: The State of the Practice: ITS and Homeland Security May 19, 2003 Minneapolis,

1 Using Intelligent Transportation Systems (ITS) Technologies and Strategies to Better Manage Congestion Jeffrey F. Paniati Associate Administrator of.

Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.

Enhanced Airworthiness Program for Airplane Systems (EAPAS) Presented by: Massoud Sadeghi FAA - Aging Systems Program Manager EAPAS Workshop November 2002.

PARTNERING for your INTERESTS Companies invest in security to protect their people, property and information. In doing so, they are also protecting the.

Confidential and Proprietary. Do not distribute without written permission from Clearwire. The M2M Puzzle …putting the pieces together. Michael Murphy.

A Technology Partnership for the New Millennium Anne Harlan, Director William J. Hughes Technical Center 68th NASAO Annual Convention September 20, 1999.

Intelligent and Non-Intelligent Transportation Systems 32 Foundations of Technology Standard 18 Students will develop an understanding of and be able to.

Protection of Transportation Infrastructure from Cyber Attacks EXECUTIVE BRIEFING.

ITS: The Next Generation Shelley Row Director Intelligent Transportation Systems Joint Program Office Research and Innovative Technology Administration,

Data Enabled Railway July 2015 Railway Suppliers Summer Conference 2015 Steve Warner, EMEAR Head of Data & Analytics.

Telematics derived from the Greek words “Tele” and “matos”, Tele means (far away) and matos means (derivative of Greek word machinari), Combinedly telematics.

Program Overview and 2015 Outlook Finance & Administration Committee Meeting February 10, 2015 Sheri Le, Manager of Cybersecurity RTD.

INTELLIGENT TRANSPORTATION SYSTEM DONE S.DHARANI DHARAN S.JEEVAANANTH KONGU POLYTECHNIC COLLEGE.

ADVANCED TRANSPORTATION AND CONGESTION MANAGEMENT TECHNOLOGIES DEPLOYMENT (ATCMTD) PROGRAM 1 Bob Arnold, Director Office of Transportation Management,

UNCLASSIFIED Homeland Security 2016 TRB Annual Meeting Cyber Risk Management CAPT Verne Gifford (CG-5PC) 1.

Advancing National Wireless Capability Date: March 22, 2016 Wireless Test Bed & Wireless National User Facility Paul Titus Department Manager, Communications.

SAE Cybersecurity Standards Activity

Suggestion for Summarizing Process of the Principles

and Security Management: ISO 28000

Information Technology Sector

ASSET - Automotive Software cyber SEcuriTy

Vehicle to Infrastructure Deployment Coalition (V2I DC) & SPaT Challenge Overview January 8, 2017.

Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.

Security for Safety: Enabling Digitalization of Railway Systems

Presentation transcript:

Introduction to Cyber Security Issues for Transportation T3 Webinar – December 7, 2011 Michael G. Dinning

Cyber Security is One of the Most Serious Potential Risks in Transportation Increasing dependence on information systems and networks Risks are significant and growing Need a comprehensive approach Need a culture/ecosystem of cyber security (like fire safety) Cyber security is necessary for transportation mobility and safety! 2

We’re Increasingly Dependent on the Digital Infrastructure 3 In NextGen Air Traffic Control Systems….

…Positive Train Control 4

…Intelligent Transportation Systems 5

…Intermodal Ports 6 Crane Monitoring and Control Terminal Operations & ManagementAutomated Gates Wireless Devices & Tracking Physical Security

E-enabled Vehicles Are Now the Norm 7

Transit Vehicles are E-enabled 8 Control Domain Vehicle Controls Vehicle Diagnostics Traffic Signal Priority Video Surveillance Duress Alarms Vehicle Immobilizers Infotainment Domain Customer use of Wi-Fi and WiMAX Real-time Travel Info & Trip Planning Operations Domain Automated Dispatching Vehicle Location Route/Schedule Status Passenger Counters Stop Annunciation Electronic Payments RF Cellular Wi-Fi WiMAX DSRC

Automobiles and Trucks Are E-enabled 9 Source: aa1car.com

We’re Demanding Connectivity and Increasing the Potential Attack Surface 10 Satellite Cellular WiFi Radio DSRC Blue Tooth & RF Wireless Sensors CD & MP3 Mechanics’ Diagnostic Tools

Cyber Security Threats are Increasing 11 Stuxnet & Duku

Frequent Hacks Into Highway Dynamic Message Signs 12

Insider Threat Impacted Traffic Management Center & Signaling 13

Researchers Revealed Potential Vulnerabilities in Automobiles 14

Recent Hybrid Attacks on Transit 15 “No Justice No BART” – Physical Attacks“Anonymous” – Cyber Attacks

Even “Isolated” Legacy Systems Are Vulnerable 14 Year Old Boy Derails Polish Trams, January 2008 –4 light rail trains derailed, 12 people hurt –Used modified television remote controller –Locks disabling switch when vehicle present not installed 16

Need a Complete Understanding of the Systems, Interdependencies & Importance Cyber-physical Control SystemsTraffic Control & Operations Management Systems Safety Management SystemsTraveler & Operator Services: 511, E-commerce, E-payment

Must Understand Dependencies on Critical Information Example: Fatal SpanAir Crash Cause: pilot error –Failed to deploy flaps –Warning disabled Related factor: Virus in management system –Virus had slowed maintenance management system –Data not entered –Would have grounded plane 18

Understanding and Risk Mitigation Requires Collaboration Designers & manufacturers Equipment suppliers System integrators Expert consultants University & government researchers Testing organizations Users (airlines) Infrastructure operators Standards organizations Certifiers and regulators 19 Example: Airborne Network Security

Best Practice: Collaboration on Airborne Network Security Airborne Network Security Simulator American Airlines, British Airways, Delta Airlines, Lufthansa, United Airlines Airbus, Boeing, Bombardier, Astronautics, ARINC, CMC Electronics, Curtiss-Wright, General Electric, Panasonic, Rockwell-Collins, Thales Academia Airline OperationsManufacturing Government Wichita State University, Louisiana Tech University FAA, U.S. Air Force, Defense Information Systems Agency, Dept of Homeland Security (DHS), DOT Volpe Center, UK Center for Protection of National Infrastructure, UK Computer and Electronic Security Group Funding / Strategic Direction Equipment / Engineering Subject Matter Experts Research / Facilities

We Must Build Security Into the Process to Ensure the Resilience of the Overall System 21 Aviationlawmonitor.com Risk assessments Standards Design practices Certification Maintenance & Ops Goals: systems safety, security, reliability and resilience

Create a Cyber Security Eco System: Incorporate Security Into the Design Process, SMS’s & the Safety Culture 22 Cyber risk management throughout the systems development life cycle Systems engineering process Certification process Aviationlawmonitor.com System security/safety process, management systems and culture

Strategy Must Address Life Cycle Identify systems, connections & interdependencies Assess vulnerabilities and risks Identify and use best practices and standards Include cyber security in design specs and acquisitions Collaborate with IT, physical security & other groups Develop polices and procedures for cyber security Motivate employees with training, exercises & “hot triggers” Make sure that systems and operations are resilient (i.e. layers, detection, incident response, COOP) Develop organization-wide strategic plan linked to funding 23 Create a cyber security eco-system (like Fire Safety)

Cyber Security Resources and Tools TSA Transportation Systems Sector Cyber Working Group –Newsletter, monthly meetings, summit, training, case studies DHS Control System Security Program - Transportation –Assessments (i.e. CSET), information sharing, standards, training Industry associations –APTA Control & Communications Security Working Group –AAR Rail Information Security Committee –SAE Automotive Systems Security Committee –RTCA SC216 Aeronautical System Security Committee –AAPA Security Committee TRB Transportation Cyber Security Sub Committee Information Sharing and Analysis Centers & Computer Emergency Response Teams DOT Volpe Center Transportation Cyber Security Team/Lab 24

Cyber Security is One of the Most Serious Potential Risks in Transportation Increasing dependence on information systems and networks Risks are significant and growing Need a comprehensive approach Need a culture/ecosystem of cyber security (like fire safety) Cyber security is necessary for transportation mobility and safety! 25