Presentation is loading. Please wait.

Presentation is loading. Please wait.

NCHRP 20-59 (48) 2014 TRB ANNUAL MEETING Effective Practices for the Protection of Transportation Infrastructure from Cyber Incidents Dave Fletcher, Co-PI.

Published byPatrick Kennedy Modified over 9 years ago

Similar presentations

Presentation on theme: "NCHRP 20-59 (48) 2014 TRB ANNUAL MEETING Effective Practices for the Protection of Transportation Infrastructure from Cyber Incidents Dave Fletcher, Co-PI."— Presentation transcript:

1 NCHRP 20-59 (48) 2014 TRB ANNUAL MEETING Effective Practices for the Protection of Transportation Infrastructure from Cyber Incidents Dave Fletcher, Co-PI January 15, 2014

2 2 Cyber Threats to Transportation CASE, LLC and WMC, LLC

3 3 NCHRP 20-59 (48) Scope Transit Control Systems Transit Data Systems Highway Control Systems Highway Data Systems

4 4 Research Plan CASE, LLC and WMC, LLC

5 5 Cyber Security Primer Topics  Section 1 - Risk Management Principles and Enterprise Risk Management Approaches  Section 2 – Risk Assessment, Surveys and Audits  Section 3 – Plans and Strategies, Establishing Priorities, Organizing Roles and Responsibilities  Section 4 – Cyber Security Principles  Section 5 – Transportation Infrastructure, Protection of Operational and Information Systems  Section 6 – Training, Building a Culture of Cyber Security  Section 7 – Security Programs, Available Resources, Support Frameworks CASE, LLC and WMC, LLC

6 6 Cyber Security in Transportation Survey  Scanning survey to  Raise awareness of cyber issues  Baseline sector cyber security maturity  Identify “best practice” organizations  Paper or digital version  850 invitations to DOTs, Transit, SCOTSEM, AASHTO, other stakeholders  90+ responses (11% return) CASE, LLC and WMC, LLC

7 7 Survey Objectives C.A.S.E. LLC and Western Consulting LLC  How serious a problem do respondents perceive cyber security to be?  How serious of a problem has cyber security been in the transportation industry to-date?  What are the quantity and depth of resources (i.e., skills, dollars, training time. etc.) being applied to these problems?  Is this investment sufficient, given all the other things that need attention?

8 8 Preliminary Findings C.A.S.E. LLC and Western Consulting LLC  Most respondents are aware of cyber-threats and vulnerabilities but rank them as moderate to low.  Most respondents assess risk to control systems as less than risk to data systems  Line-of-business managers see security as an IT issue  Top 3 threat vectors believed to be natural disasters, criminal behaviors of outsiders and/or the loss of critical related services  Almost no respondent reported cyber security events

9 9 Preliminary Findings C.A.S.E. LLC and Western Consulting LLC  Security responses driven by desire to reduce or avoid service interruption, loss of life and property damage  Although most reported cyber readiness as good or better, only 20% had a current and tested Continuity of Operations or Disaster Recovery Plan  2 of 3 indicated implementing some “best practices” but 3 of 4 unfamiliar w/ national standards

10 10 Thank You Please contact  Ernest “Ron” Frazier, Co-Principal Investigator Countermeasures Assessment and Security Experts, LLC (CASE™) Phone: 302-322-9600 ronfrazier@caseexperts.com  Dave Fletcher, Co-Principal Investigator Western Management and Consulting, LLC Phone Number: 505-379-6499 fletcher.d@att.net  Jeffrey Western, Administrative Officer Western Management and Consulting, LLC Phone Number: 608-692-8414 Jeffrey.western@consultingwestern.com CASE, LLC and WMC, LLC

Download ppt "NCHRP 20-59 (48) 2014 TRB ANNUAL MEETING Effective Practices for the Protection of Transportation Infrastructure from Cyber Incidents Dave Fletcher, Co-PI."

Similar presentations

1 Pipeline Security Presented to: Pipeline Safety Trust New Orleans, Louisiana November 5, 2010.

1 Pipeline Security Presented to: Pipeline Safety Trust New Orleans, Louisiana November 5, 2010.
Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, 2007. This work is the intellectual property rights of the author.

Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, This work is the intellectual property rights of the author.
David A. Brown Chief Information Security Officer State of Ohio

David A. Brown Chief Information Security Officer State of Ohio
Speaker: Tamar Shapatava

Speaker: Tamar Shapatava
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Greg Shaw 202-994-6736 How do we turn private sector preparedness into an investment rather than a cost of doing.

Greg Shaw How do we turn private sector preparedness into an investment rather than a cost of doing.
(ISC) 2 2015 Global Information Security Workforce Study (GISWS) Results U.S. Federal Government.

(ISC) Global Information Security Workforce Study (GISWS) Results U.S. Federal Government.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
TEL382 Greene Chapter 11. 10/27/09 2 Outline What is a Disaster? Disaster Strikes Without Warning Understanding Roles and Responsibilities Preparing For.

TEL382 Greene Chapter /27/09 2 Outline What is a Disaster? Disaster Strikes Without Warning Understanding Roles and Responsibilities Preparing For.
National CIRT - Montenegro “Regional Development Forum” Bucharest, April 2015 Ministry for Information Society and Telecommunications.

National CIRT - Montenegro “Regional Development Forum” Bucharest, April 2015 Ministry for Information Society and Telecommunications.
National Cybersecurity Management System

National Cybersecurity Management System
© 2003 by Carnegie Mellon University page 1 Information Security Risk Evaluation for Colleges and Universities Carol Woody Senior Technical Staff Software.

© 2003 by Carnegie Mellon University page 1 Information Security Risk Evaluation for Colleges and Universities Carol Woody Senior Technical Staff Software.
UNITED NATIONS OFFICE FOR THE COORDINATION OF HUMANITARIAN AFFAIRS (OCHA) - Preparedness - Increase effectiveness of Disaster Response NATF/ACAPS Training.

UNITED NATIONS OFFICE FOR THE COORDINATION OF HUMANITARIAN AFFAIRS (OCHA) - Preparedness - Increase effectiveness of Disaster Response NATF/ACAPS Training.
1 BUSINESS CONTINUITY AND DISASTER RECOVERY PLANNING Reducing your Risk Profile MIDWEST DATA RECOVERY INC.

1 BUSINESS CONTINUITY AND DISASTER RECOVERY PLANNING Reducing your Risk Profile MIDWEST DATA RECOVERY INC.
Information Security Research Program Henry Lee Manager, Security Policy and Research Office of the Chief Information Officer December 2007.

Information Security Research Program Henry Lee Manager, Security Policy and Research Office of the Chief Information Officer December 2007.
Performance Audit Fraud management in local government Report 19: 2014-15 David Toma Manager 24 July 2015.

Performance Audit Fraud management in local government Report 19: David Toma Manager 24 July 2015.
M ISSION : The mission of the information security office is to assist in building a security aware university culture through education and technical.

M ISSION : The mission of the information security office is to assist in building a security aware university culture through education and technical.
Robert Arnold Federal Highway Administration Director, Office of Transportation Management.

Robert Arnold Federal Highway Administration Director, Office of Transportation Management.
NCHRP 20-59(48): Effective Practices for The Protection of Transportation Infrastructure From Cyber Incidents Ron Frazier, David Fletcher Co-Principal.

NCHRP 20-59(48): Effective Practices for The Protection of Transportation Infrastructure From Cyber Incidents Ron Frazier, David Fletcher Co-Principal.
Enterprise Risk Management (ERM) Minnesota Department of Transportation Enterprise Risk Management (ERM) Minnesota Department of Transportation TRB International.

Enterprise Risk Management (ERM) Minnesota Department of Transportation Enterprise Risk Management (ERM) Minnesota Department of Transportation TRB International.

Similar presentations

Ads by Google