Robert Arnold Federal Highway Administration Director, Office of Transportation Management.

Slides:

Advertisements

Similar presentations

The U.S. Department of Transportation and the Next Generation Jenny Hansen, Contractor – NG9-1-1 Project Coordinator USDOT/NHTSA.

Advertisements

Homeland Security Information Network-Emergency Management (HSIN-EM) Fire Service Community Overview Technologies for Critical Incident Preparedness Conference.

Bernie Arseneau, Co-Chair. The Minnesota Guidestar Board provides strategic direction and advice for the statewide application of advanced technology.

Khammar Mrabit Director Office of Nuclear Security

Community Based Cyber Security Program Technical Assistance Package Nicholas Corea Program Director G&H International Services for Donald Lumpkins, Program.

National Incident Management System (NIMS)  Part of Homeland Security Presidential Directive-5, February 28,  Campuses must be NIMS compliant in.

1 Pipeline Security Presented to: Pipeline Safety Trust New Orleans, Louisiana November 5, 2010.

Transit Security: An Overview of Activities Since 9/11 Eva Lerner-Lam President Palisades Consulting Group, Inc. ITE 2003 Annual Meeting August 24-27,

ESW 7 - FCC Jeff Cohen Senior Legal Counsel Public Safety Bureau FCC Interests & Policy Around Geolocation.

Traffic Incident Management (TIM) Mark Meints NDOR Emergency Program Specialist.

DHS, National Cyber Security Division Overview

Partnership for Critical Infrastructure Security PCIS Mission: The mission of the Partnership for Critical Infrastructure Security (PCIS) is to coordinate.

National Space-Based Positioning, Navigation, and Timing (PNT) Federal Advisory Board DHS Challenges & Opportunities Captain Curtis Dubay, P.E. Department.

NCHRP (48) 2014 TRB ANNUAL MEETING Effective Practices for the Protection of Transportation Infrastructure from Cyber Incidents Dave Fletcher, Co-PI.

Asia Pacific Economic Cooperation Transportation Working Group ITS Experts Group Chicago, Illinois September 2002 Walter Kulyk, P.E. Director, Office of.

Alabama GIS Executive Council November 17, Alabama GIS Executive Council Governor Bob Riley signs Executive Order No. 38 on November 27 th, 2007.

Affiliated Information Security Collaborative An Affiliated Enterprise Approach to Information Security Deans and Vice Presidents Meeting April 17, 2014.

Session 3 – Information Security Policies

Security Issues on Campus: Government Initiatives Rodney J. Petersen University of Maryland Educause/Internet2 Security Task Force Copyright Rodney J.

AASHTO Subcommittee on Rail Transportation Sept. 18, 2012 Kevin Chesnik.

NHTSA Cyber Security Best Practices Study Tim Weisenberger December 7, 2011.

 Jonathan Trull, Deputy State Auditor, Colorado Office of the State Auditor  Travis Schack, Colorado’s Information Security Officer  Chris Ingram,

US-CERT National Cyber Security Division/ U.S. Computer Emergency Readiness Team (US-CERT) Overview Lawrence Hale Deputy Director, US-CERT.

Office of the Federal Coordinator for Meteorological Services and Supporting Research (OFCM) Presentation for the ITS America 2006 Annual Meeting May 9,

The Integrated Pilot Comprehensive Exercise (IPCE) Briefing to the U.S. Nuclear Regulatory Commission’s 21st Annual Regulatory Information Conference Marc.

Seán Paul McGurk National Cybersecurity and Communications

Network Security Resources from the Department of Homeland Security National Cyber Security Division.

Homeland Security. Learning Topics Purpose Introduction History Homeland Security Act Homeland Defense Terrorism Advisory System Keeping yourself safe.

ESF #2 Communications.

FHWA Reorganization Update Program Performance Management Standing Committee on Performance Management Meeting Detroit, MI October 14, 2011 Peter Stephanos.

The Office of Infrastructure Protection

Federal Transit Administration Transit Bus Safety and Security Program Primer for State Departments of Transportation.

Information Sharing Challenges, Trends and Opportunities

Research and Innovative Technology Administration U.S. Department of Transportation August 6, 2012 Safety.Data.Gov Initiative.

V ehicle I nfrastructure I ntegration Jeffrey F. Paniati Associate Administrator for Operations and Acting Program Manager for ITS Joint Program Office.

Freight Council Webinar February 21, 2006 Anthony T. Furst Director, FHWA Office of Freight Management and Operations The Framework for National Freight.

1 IntelliDrive SM Research Program Shelley Row Director, ITS Joint Program Office Research and Innovative Technology Administration U.S. Department of.

1 Smart Grid Cyber Security Annabelle Lee Senior Cyber Security Strategist Computer Security Division National Institute of Standards and Technology June.

EECS 710: Information Security and Assurance Assignment #3 Brent Frye 10/13/

Role for Electric Sector in Critical Infrastructure Protection R&D Presented to NERC CIPC Washington D.C. June 9, 2005 Bill Muston Public Release.

ITS Standards Program Strategic Plan Summary June 16, 2009 Blake Christie Principal Engineer, Noblis for Steve Sill Project Manager, ITS Standards Program.

Federally-designated MPO for the 9-county Philadelphia region Created in Municipalities 5.7 Million People 3.0 Million Jobs Long-Range Plan, Transportation.

Research and Education Networking Information Sharing and Analysis Center REN-ISAC John Hicks TransPAC2/Indiana University

1 State Homeland Security: Priorities and Funding R. Chris McIlroy Homeland Security and Technology Division National Governors Association.

InfraGard A Government and Private Sector Alliance Information sharing begins with human relationships – people talking with people whom they trust. Information.

National Transportation Operations Coalition (NTOC) Jeffrey F. Paniati Associate Administrator for Operations Federal Highway Administration NAWG Meeting.

Transit Bus Safety and Security Program Federal Transit Administration.

1 FOCUS STATE INITIATIVE Work Zone Communications and Outreach Workshop April 19-20, 2005 Regina McElroy and Roemer Alfelor Office of Transportation Operations.

The Challenging Landscape of Critical Information Infrastructure: Are We Ready? Leonard Bailey Senior Counsel Computer Crime & Intellectual Property Section.

A Global Approach to Protecting the Global Critical Infrastructure Dr. Stephen D. Bryen.

NERC and ESISAC Electricity Sector Information Sharing and Analysis Center Update March 2006 CIPC Confidentiality: Public Release.

Federal Transit Administration Office of Safety and Security TRANSIT BUS SAFETY AND SECURITY PROGRAM Mike Flanigon Federal Transit Administration U.S./

November 2, 2006 LESSONS FROM CIPAG 1 Lessons from Critical Infrastructure Group Bill Bojorquez November 2, 2006.

1 1 Cybersecurity : Optimal Approach for PSAPs FCC Task Force on Optimal PSAP Architecture Working Group 1 Final Report December 10 th, 2015.

1 Clarus Clarus Nationwide Surface Transportation Weather Observing & Forecasting System Paul Pisano Team Leader Road Weather Management Office of Transportation.

ERCOT IT Update Ken Shoquist VP, CIO Information Technology Board Meeting February 2004.

FHWA Operations Core Business Unit National Associations Working Group April 8, 1999 Christine Johnson Program Manager and Director, ITS Joint Program.

USDOT ITS and Operations Training Grant Zammit Operations Technical Service Team Manager Office of Technical Services – Resource Center

U.S. DOT Automated Vehicle Policy Activities ITS PCB T3 Webinar The National Transportation Systems Center U.S. Department of Transportation Office of.

Program Overview and 2015 Outlook Finance & Administration Committee Meeting February 10, 2015 Sheri Le, Manager of Cybersecurity RTD.

Dr Jenean Spencer Director Pandemic Preparedness Section Office of Health Protection Department of Health and Ageing Public-Private Partnerships for Pandemic.

ADVANCED TRANSPORTATION AND CONGESTION MANAGEMENT TECHNOLOGIES DEPLOYMENT (ATCMTD) PROGRAM 1 Bob Arnold, Director Office of Transportation Management,

Safety Management Systems Session Four Safety Promotion APTA Webinar June 9, 2016.

April 19 th, 2016 Governors Homeland Security and All-Hazards Cyber Security Sub-Committee.

Iowa Communications Alliance

Institute of Transportation Engineers (ITE)

California Cybersecurity Integration Center (Cal-CSIC)

Vehicle to Infrastructure Deployment Coalition (V2I DC) & SPaT Challenge Overview January 8, 2017.

What does the State GIS Coordinator do?

DSC Contract Management Committee Meeting

Presentation transcript:

Robert Arnold Federal Highway Administration Director, Office of Transportation Management

Transportation Systems Cyber-Security Framework A process to Monitor – Alert – Advise Owner/Operators of ITS deployments

From just annoying To becoming serious DMS on publicly accessible IP address with an unchanged default password Unlocked or easily accessed control panels with uncomplicated or unchanged default passwords.

Proposed Current

Purpose Provide transportation system owners/operators a resource for: –Identifying, alerting, and advising on cybersecurity incidents specific to transportation systems and infrastructure –Investigating potential system vulnerabilities –Education and awareness training/information

Dimensions of Threat Malicious attack Non-malicious operational error Lack of system reliability Untrustworthy practices by the operator

Governing Assumptions Make every effort to provide confidentiality of findings due to the sensitivity of: Inadvertently assisting cyber attackers through dissemination of unresolved vulnerabilities; Potential of shutting down information gathering within the ITS and owner/operator community due to receiving unfavorable and critical reports from media sources; and Work with existing organizations internal to the transportation industry and externally with the cybersecurity and ICS communities.

Organizational Platform Multi-organizational cyber security workgroup – Federal, State, and local / public & private sector Use the National Operations Center for Excellence for: – reporting and alert function – information and expert advice gateway, and – education/awareness portal.

Functions Monitoring - Provide stakeholders a secure method to notify the CS WG of events, incidents, or vulnerabilities without exposing observed or suspected activities to the public. There are two reasons to have this more limited communication verses a list serve or other more public discussion forums; 1) assure confidentiality of the owner/operator who’s system was attacked and 2) avoid exposing unresolved vulnerabilities. Regularly monitor other sources such as Homeland Security’s ICS-CERT and MS-ISAC for attacks and advisory alerts. Provide these same resources with findings as appropriate while not violating confidentiality & exposure principles. Alert - Develop an alert network of system owners, operating professionals, manufactures, and oversight/stewardship agencies (i.e. FHWA Divisions). This would be for quick reaction to on-going events and providing initial remedial advice. This might include directions on how to handle and distribute this information (e.g. confidential, general dissemination, etc.). Advisory - Form expert sub-teams to develop/disseminate advice and solutions to attacks/threats, identify and manage needed research, and develop education and awareness products for stakeholder groups. Coordinate with other appropriate non- transportation specific organizations (ICS-CERT, MS-ISAC, DHS, etc.).

Beyond Roadway ITS Tolling Transit Communication Freight Size & Weight inspection Border Crossing Inspection Connected Vehicles

Membership: Primary and secondary contacts/resources Federal Highway Administration (FHWA) FHWA Division Offices Other USDOT Modes (FTA, FRA, FMCSA, etc.) USDOT Cyber Security Action Team (Subgroup of the USDOT’s Safety Council) Industrial Control System – Computer Emergency Response Team (ICS-CERT) U.S. Department of Homeland Security / Federal Bureau of Investigation AASHTO State DOT’s Toll Authorities Multi-State Information Sharing and Analysis Center (MS-ISAC) NACTO City DOT’s Department of Public Works ITE Transportation Professionals Standards Development Organization ITSA Equipment manufacturers Academia / Researchers NEMA Equipment manufacturers Standards Development Organization Transportation Research Board (TRB) Committee on Critical Transportation Infrastructure Protection

Way Forward Actions Core organizations brief leadership and obtain by-in (AASHTO, ITE, ITSA, NEMA, FHWA) Coordination with USDOT Cyber Security Action Team and other USDOT modes (FHWA) Outreach to potential membership (AASHTO, ITE, ITSA, NEMA, FHWA) Coordinate with NOCoE (AASHTO, FHWA) Draft multi-organizational agreement/governance (AASHTO, ITE, ITSA, NEMA, FHWA) Timeline Core organizations confirm commitment to move forward – Jan 2015 Associated membership outreach effort – Jan/Feb 2015 Charter/agreement/governance/responsibilities developed & in place – Feb/March 2015 Advisory/Alert system activated – March 2015 Research roadmap established – April 2015 Awareness and Education activities defined – April 2015