NCHRP 20-59 (48) 2014 TRB ANNUAL MEETING Effective Practices for the Protection of Transportation Infrastructure from Cyber Incidents Dave Fletcher, Co-PI.

Slides:



Advertisements
Similar presentations
1 Pipeline Security Presented to: Pipeline Safety Trust New Orleans, Louisiana November 5, 2010.
Advertisements

Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, This work is the intellectual property rights of the author.
David A. Brown Chief Information Security Officer State of Ohio
Speaker: Tamar Shapatava
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Greg Shaw How do we turn private sector preparedness into an investment rather than a cost of doing.
(ISC) Global Information Security Workforce Study (GISWS) Results U.S. Federal Government.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
TEL382 Greene Chapter /27/09 2 Outline What is a Disaster? Disaster Strikes Without Warning Understanding Roles and Responsibilities Preparing For.
National CIRT - Montenegro “Regional Development Forum” Bucharest, April 2015 Ministry for Information Society and Telecommunications.
National Cybersecurity Management System
© 2003 by Carnegie Mellon University page 1 Information Security Risk Evaluation for Colleges and Universities Carol Woody Senior Technical Staff Software.
UNITED NATIONS OFFICE FOR THE COORDINATION OF HUMANITARIAN AFFAIRS (OCHA) - Preparedness - Increase effectiveness of Disaster Response NATF/ACAPS Training.
1 BUSINESS CONTINUITY AND DISASTER RECOVERY PLANNING Reducing your Risk Profile MIDWEST DATA RECOVERY INC.
Information Security Research Program Henry Lee Manager, Security Policy and Research Office of the Chief Information Officer December 2007.
Performance Audit Fraud management in local government Report 19: David Toma Manager 24 July 2015.
M ISSION : The mission of the information security office is to assist in building a security aware university culture through education and technical.
Robert Arnold Federal Highway Administration Director, Office of Transportation Management.
NCHRP 20-59(48): Effective Practices for The Protection of Transportation Infrastructure From Cyber Incidents Ron Frazier, David Fletcher Co-Principal.
Enterprise Risk Management (ERM) Minnesota Department of Transportation Enterprise Risk Management (ERM) Minnesota Department of Transportation TRB International.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Insurance Institute for Business & Home Safety Even if the worst happens, be prepared to stay.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.
VI. EUROSAI Training Event: Better Auditing of Public Aids and Subsidies November 2006, Prague1 SUPREME AUDIT OFFICE CZECH REPUBLIC Audit of funds.
Effectively Managing Transit Emergencies. Nature of Emergencies and Disasters Overview What Is an Emergency? What Is a Disaster? Differences What Is Emergency.
Integrating Business Skills into Ecotourism Operations Focusing on Health and Safety Teresa Njeri Kenya Utalii College.
The new cyber threats in 2013 – the hungarian approach Mr. Mihály Zala, Major-general President of National Security Authority of Hungary.
Information Security: It’s Everyone’s Business September 16, 2003 Greg Garcia, Vice President, Information Security ITAA.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
WHY DRR Minimizing impacts of disasters in health sector Maximizing readiness to respond 1$ vs 7 $
Chap 8: Administering Security.  Security is a combination Technical – covered in chap 1 Administrative Physical controls SE571 Security in Computing.
Tom Lenart & John Field CT DEMHS Region 2.  Department of Emergency Services and Public Protection (DESPP)  Commission on Fire Prevention and Control.
Cyber Security in the Mobile Era KEEPING ENTERPRISE DATA SAFE IN THE BYOD ERA.
Homeland Security UNCLASSIFIED Coast Guard Cyber Strategy Awareness Training.
Business Continuity Disaster Planning
Leadership Guide for Strategic Information Management Leadership Guide for Strategic Information Management for State DOTs NCHRP Project Information.
PROTECTION OF TRANSPORTATION INFRASTRUCTURE FROM CYBER ATTACKS: PROJECT SUMMARY Summary of Findings and Primer Overview Final Presentation Countermeasures.
Protection of Transportation Infrastructure from Cyber Attacks EXECUTIVE BRIEFING.
1 AFCOM Data Center World March 15, 2016 Moderator: Donna Jacobs, MBA Panel: Greg Hartley Bill Kiss Adam Ringle, MBA ITM 9.2 The New Security Challenge:
NEW ZEALAND’S CYBER SECURITY STRATEGY Presentation by: MED, DIA & GCSB.
Program Overview and 2015 Outlook Finance & Administration Committee Meeting February 10, 2015 Sheri Le, Manager of Cybersecurity RTD.
Business Continuity Planning 101
Chapter 13: Police Strategies and Tactics Seminar 8.
UNCLASSIFIED Homeland Security 2016 TRB Annual Meeting Cyber Risk Management CAPT Verne Gifford (CG-5PC) 1.
Donald JG Chiarella, PhD, CISM, CDMP, PEM, CHS-CIA, MBA.
Cybersecurity as a Business Differentiator
Information Security Program
Liz de Chastel National Policy Co-ordinator
Iowa Communications Alliance
Cybersecurity - What’s Next? June 2017
Sendai Framework for Disaster Risk Reduction
and Security Management: ISO 28000
Understanding Transportation Resilience: A Roadmap
HIRA This is the lesson objective.
Leverage What’s Out There
About the NIS directive
BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT
San Francisco IIA Fall Seminar
8 Building Blocks of National Cyber Strategies
#IASACFO.
XAHIVE International LLC Ottawa • New York
Cybersecurity ATD technical
Nero Blanco Service Offering – Disaster Recovery as a Service
Developing and testing the Plan
HIRA This is the lesson objective.
Cyber Security in a Risk Management Framework
Metrics for Organizational Cybersecurity Practices
DSC Contract Management Committee Meeting
Presentation transcript:

NCHRP (48) 2014 TRB ANNUAL MEETING Effective Practices for the Protection of Transportation Infrastructure from Cyber Incidents Dave Fletcher, Co-PI January 15, 2014

2 Cyber Threats to Transportation CASE, LLC and WMC, LLC

3 NCHRP (48) Scope Transit Control Systems Transit Data Systems Highway Control Systems Highway Data Systems

4 Research Plan CASE, LLC and WMC, LLC

5 Cyber Security Primer Topics  Section 1 - Risk Management Principles and Enterprise Risk Management Approaches  Section 2 – Risk Assessment, Surveys and Audits  Section 3 – Plans and Strategies, Establishing Priorities, Organizing Roles and Responsibilities  Section 4 – Cyber Security Principles  Section 5 – Transportation Infrastructure, Protection of Operational and Information Systems  Section 6 – Training, Building a Culture of Cyber Security  Section 7 – Security Programs, Available Resources, Support Frameworks CASE, LLC and WMC, LLC

6 Cyber Security in Transportation Survey  Scanning survey to  Raise awareness of cyber issues  Baseline sector cyber security maturity  Identify “best practice” organizations  Paper or digital version  850 invitations to DOTs, Transit, SCOTSEM, AASHTO, other stakeholders  90+ responses (11% return) CASE, LLC and WMC, LLC

7 Survey Objectives C.A.S.E. LLC and Western Consulting LLC  How serious a problem do respondents perceive cyber security to be?  How serious of a problem has cyber security been in the transportation industry to-date?  What are the quantity and depth of resources (i.e., skills, dollars, training time. etc.) being applied to these problems?  Is this investment sufficient, given all the other things that need attention?

8 Preliminary Findings C.A.S.E. LLC and Western Consulting LLC  Most respondents are aware of cyber-threats and vulnerabilities but rank them as moderate to low.  Most respondents assess risk to control systems as less than risk to data systems  Line-of-business managers see security as an IT issue  Top 3 threat vectors believed to be natural disasters, criminal behaviors of outsiders and/or the loss of critical related services  Almost no respondent reported cyber security events

9 Preliminary Findings C.A.S.E. LLC and Western Consulting LLC  Security responses driven by desire to reduce or avoid service interruption, loss of life and property damage  Although most reported cyber readiness as good or better, only 20% had a current and tested Continuity of Operations or Disaster Recovery Plan  2 of 3 indicated implementing some “best practices” but 3 of 4 unfamiliar w/ national standards

10 Thank You Please contact  Ernest “Ron” Frazier, Co-Principal Investigator Countermeasures Assessment and Security Experts, LLC (CASE™) Phone:  Dave Fletcher, Co-Principal Investigator Western Management and Consulting, LLC Phone Number:  Jeffrey Western, Administrative Officer Western Management and Consulting, LLC Phone Number: CASE, LLC and WMC, LLC