Presentation is loading. Please wait.

Presentation is loading. Please wait.

Homeland Security Agenda Control Systems Security Program Transportation Sector ICSJWG 2011 Spring Conference David Sawin John A. Volpe National Transportation.

Published byMae McKinney Modified over 9 years ago

Similar presentations

Presentation on theme: "Homeland Security Agenda Control Systems Security Program Transportation Sector ICSJWG 2011 Spring Conference David Sawin John A. Volpe National Transportation."— Presentation transcript:

1 Homeland Security Agenda Control Systems Security Program Transportation Sector ICSJWG 2011 Spring Conference David Sawin John A. Volpe National Transportation Systems Center

2 Homeland Security Agenda Industrial Control Systems (ICS) in Transportation Risk Areas, Progress, Accomplishments Major players Feedback 2

3 Homeland Security Transportation is Increasingly Dependent on Net- centric Operations and Wireless Communications 3

4 Homeland Security E-enabled vehicles are now the norm… 4

5 Homeland Security …for all of us! Source: aa1car.com 5

6 Homeland Security We’re Demanding & Exploiting Connectivity www.latestcar.us www.engadget.com 4G Technology at 2011 Consumer Electronics Show “We’re redefining what it means to be a really fast computer” Audi Chairman Rupert Stadler Access vehicle diagnostics Unlock doors Slow cars down with geofencing Limit driving speed of teens thetorquereport.com 6

7 Homeland Security Control Systems Security Challenges SECURITY TOPICINFORMATION TECHNOLOGYCONTROL SYSTEMS Anti-virus & Mobile Code Common & widely usedUncommon and can be difficult to deploy Support Technology Lifetime 3-5 yearsUp to 20 years OutsourcingCommon/widely usedRarely used (vendor only) Application of PatchesRegular/scheduledSlow (vendor specific) Change ManagementRegular/scheduledLegacy based – unsuitable for modern security Time Critical ContentDelays are usually acceptedCritical due to safety AvailabilityDelays are usually accepted24 x 7 x 365 x forever Security AwarenessGood in private and public sectorGenerally poor regarding cyber security Security Testing/AuditScheduled and mandatedOccasional testing for outages / audit Physical SecuritySecureRemote and unmanned 7

8 Homeland Security Critical Infrastructure Sectors Volpe Leads Transportation Homeland Security Presidential Directive 7 (HSPD-7) along with the National Infrastructure Protection Plan (NIPP) identified & categorized U.S. Critical Infrastructure into the following 18 Critical Infrastructure & Key Resources Sectors 1.Agriculture & Food 2.Banking & Finance 3.Chemical 4.Commercial Facilities 5.Dams 6.Defense Industrial Base 13. Postal & Shipping 14. Public Health & Healthcare 15. Telecommunications 16. Transportation 17. Water 18. Critical Manufacturing 7. Emergency Services 8. Energy 9. Government Facilities 10. Information Technology 11. National Monuments & Icons 12. Nuclear Reactors, Materials, & Waste 8

9 Homeland Security Partnership Between DHS and DOT Inventory Risk assessments Standards and best practices Laboratory Notification & response plans Outreach, training and professional capacity building Transportation Control System Security Roadmap 9

10 Homeland Security Highway Existing Technologies Transportation Management Systems 10

11 Homeland Security Transportation Management System Safe assignment of right of ways Maintain movement along major transportation facilities Provide reliable and relevant information Advanced Traveler Information System Field Devices Center to Field Network Back Office 11

12 Homeland Security Highway Field Devices Types of Devices Ramp/Gate/Signal Controllers Fixed Dynamic Message Signs Portable Dynamic Message Signs Enforcement System Embedded Devices Attack Vectors Direct device access Vehicle born device cloning Viruses (emergent threat) www.i-hacked.com 12

13 Homeland Security Emerging Technologies: Cooperative Vehicle Applications Probe Data E-payment Transactions Signal Phase and Timing Information  Real Time Network Data Opportunity for Innovation V2I Safety Messages “The Network” V2V Crash avoidance 13

14 Homeland Security We’re Increasing the Potential Attack Surface Satellite Cellular WiFi Radio DSRC Blue Tooth & RF Wireless Sensors CD & MP3 Mechanics’ Tools 14

15 Homeland Security Highway Progress to Date Documenting the “universe” of control systems in highway/roadway; Intelligent Transportation Systems (ITS) Reviewing the National ITS Architecture, ITS Application Standards, and US DOT ITS Joint Program Office website (ITS body of knowledge, ITS deployments, etc.) Scheduling surveys and case studies to west coast & southern cities as well as large and medium metropolitan areas. Some sites lead the nation in transportation Innovation Examine Cooperative Vehicle Applications (Vehicle-Vehicle, Vehicle- Infrastructure) 15

16 Homeland Security Surface Transportation Public Transportation Emerging Technologies Positive Train Control Systems 16

17 Homeland Security Lodz, Poland, January 2008 14 Year Old Boy Derails Polish Trams with Modified TV Remote –4 light rail train (trams) derailed, 12 people hurt –Tool used: Converted television IR remote –Vulnerability: Locks disabling track changes when vehicle are present was not installed. 17

18 Homeland Security Surface Transportation – Public Transit Progress to Date Inventory Scans –Public Transit Rail –Heavy Rail Case Studies –Small east coast Transit Authority –Large west Coast metropolitan city APTA CCSWG Regional Meetings UK TRANSEC Cyber Threat Workshop Schedule DHS-CSSP CSET Training (across USA) Coordinated DHS-CSSP Panel for APTA Meeting in New Orleans (Oct ) 18

19 Homeland Security Aviation Existing Air Traffic Control System 19

20 Homeland Security Emerging Technologies NextGen Air Traffic Control System 20

21 Homeland Security Understanding Requires Collaboration Designers & manufacturers Equipment suppliers System integrators Expert consultants University & government researchers Testing organizations Users (airlines) Infrastructure operators Standards organizations Certifiers and regulators Example: Airborne Network Security 21

22 Homeland Security Aviation Progress to Date Inventory Scans Completed the preliminary inventory of eEnabled aviation assets & finalized preliminary findings = 613 Control Systems (211 ranked) Continue collection, research and analysis on UAS info for the eEnabled Aircraft Inventory National Airspace System (NAS) Inventory (TBD) CSET - Planned Health and Usage Monitoring System (HUMS) - engines CSETs – Under Consideration Airlines EFB Applications In-Flight Entertainment (IFE) Incident Response eEnabled Aircraft Incident Response White Paper 22

23 Homeland Security Maritime Automated Systems 23

24 Homeland Security Today’s maritime environment includes automation throughout our nation’s ports –Automated entry systems –Wireless cargo tracking –Driverless cranes and other vehicles Existing Automated Maritime Systems Volpe Center Images 24

25 Homeland Security Driverless Vehicle Hamburg Germany. Driverless vehicle moving 40’ container to automated storage crane. Volpe Center Image 25

26 Homeland Security Crane Accident Oakland, CA. Dropped cargo container too early. Is this a result of a Control System failure? Countryman & McDaniel 26

27 Homeland Security Inland Waterway System Volpe Center Images 27

28 Homeland Security SmartLock 28

29 Homeland Security Fire Onboard Could bad planning software have made it worse? Hazmat too close together? 29

30 Homeland Security Navigation Malfunction Human error or equipment malfunction? 30

31 Homeland Security Dry-dock Malfunction Dubai. Opened sea gate while workers were under vessel resulting in 27 deaths and the loss of 2 vessels. Countryman & McDaniel

32 Homeland Security Maritime Progress to Date Surveyed A major international ship container carrier’s two vessels docked on the east coast. An international truck/car carrier on the east coast. Two major container terminals on the east coast, and one in the Gulf of Mexico. One of the worlds largest port and container terminals in the US Contacted vessel owners and shipping lines at CMA Shipping 2011 Conference in Stamford, CT. Presented CSSP info to ports, terminals, & equipment manuf. at Port & Terminal Technology Conf in Houston, TX. 32

33 Homeland Security Pipeline 33

34 Homeland Security Pipeline systems in US infrastructure Pipeline Systems: Are critical in distribution systems for both oil and natural gas Have carried over 15 billion barrels of domestic oil Control Systems play major roles Smart Pigs US DOT Pipeline and Hazardous Materials Safety Administration o Top priority is safety 34

35 Homeland Security Pipeline Progress to Date Conducted industry reviews Coordinated outreach and awareness to TSA/Pipeline and DOT/PHMSA Initial meetings with northeastern US gas distribution company Initial review of a large US strategic operator Attended API Pipeline Conference in Texas in April to develop industry contacts and to identify industry risk Develop a Control System inventory for pipeline 35

36 Homeland Security Cross Cutting Multi Model Progress to Date Professional Capacity Building –Government and private sector = 675 Outreach and Awareness –Separate activities = 25 CSET - Completed, Planned or ongoing = 25 Case Studies - Completed, Planned or ongoing = 8 Transportation Sector Roadmap 36

37 Homeland Security Major Players in CSSP-Transportation DHS CSSP. Joint Working Groups, Conferences & Workshops Roadmap Committee & Participants Transportation Security Administration (TSA) Cyber Security Awareness/Outreach American Public Transportation Association (APTA) Association of American Railroads (AAR) Risk Group American Association of State Highway and Transportation Officials (AASHTO) Intelligent Transportation Society of America (ITS America) Society of Automotive Engineers (SAE) Transportation Research Board (TRB) Information Sharing and Analysis Centers (ISACs) Radio Technical Commission for Aeronautics (RCTA) Volpe Center and other DOT Modes International Transportation Counterparts U. S. Coast Guard 37

38 Homeland Security Next Steps for CSSP-Transportation Expanding assistance to industry in all modes –Aviation, ST PT, Highway, Maritime, Pipeline –Inventory, CSETS, Standards, NCIRP, –Transportation ISACS –International Outreach to DOT Model Administrators, operators, vendors Transportation Roadmap Professional Capacity Building Host a Transportation Cyber Collaborative Workshop 38

39 Homeland Security Questions / Feedback David E. Sawin Program Manager Information Assurance - Control Systems Intermodal Infrastructure Security and Operations US Department of Transportation Research and Innovative Technology Administration Volpe National Transportation Systems Center Voice: 617.494.2206, Wireless: 781.760.4176, STE: 617.494.3746, Fax: 617.494.2902 david.sawin@dot.gov 39

Download ppt "Homeland Security Agenda Control Systems Security Program Transportation Sector ICSJWG 2011 Spring Conference David Sawin John A. Volpe National Transportation."

Similar presentations

Protective Security Advisors Securing the Nations critical infrastructure one community at a time.

Protective Security Advisors Securing the Nations critical infrastructure one community at a time.
U.S. Department of Transportation Pipeline and Hazardous Materials Safety Administration U.S. Department of Transportation Pipeline and Hazardous Materials.

U.S. Department of Transportation Pipeline and Hazardous Materials Safety Administration U.S. Department of Transportation Pipeline and Hazardous Materials.
1 Pipeline Security Presented to: Pipeline Safety Trust New Orleans, Louisiana November 5, 2010.

1 Pipeline Security Presented to: Pipeline Safety Trust New Orleans, Louisiana November 5, 2010.
Facilitating a Dialog between the NSDI and Utility Companies J. Peter Gomez Manager, Information Requirements, Xcel Energy.

Facilitating a Dialog between the NSDI and Utility Companies J. Peter Gomez Manager, Information Requirements, Xcel Energy.
Returning to Our National Waterways Dabney Hegg U.S. Senate Committee on Commerce, Science and Transportation.

Returning to Our National Waterways Dabney Hegg U.S. Senate Committee on Commerce, Science and Transportation.
FLORIDA DEPARTMENT OF TRANSPORTATION AASHTO Spring Meeting Transportation Economics and Logistics MAY 30, 2014 | LOUISVILLE KY.

FLORIDA DEPARTMENT OF TRANSPORTATION AASHTO Spring Meeting Transportation Economics and Logistics MAY 30, 2014 | LOUISVILLE KY.
David A. Brown Chief Information Security Officer State of Ohio

David A. Brown Chief Information Security Officer State of Ohio
Terminal Safety. Objectives Identify main causes Outline terminal safety organization State the safe working practices.

Terminal Safety. Objectives Identify main causes Outline terminal safety organization State the safe working practices.
Introduction to Cyber Security Issues for Transportation T3 Webinar – December 7, 2011 Michael G. Dinning.

Introduction to Cyber Security Issues for Transportation T3 Webinar – December 7, 2011 Michael G. Dinning.
Partnership for Critical Infrastructure Security PCIS Mission: The mission of the Partnership for Critical Infrastructure Security (PCIS) is to coordinate.

Partnership for Critical Infrastructure Security PCIS Mission: The mission of the Partnership for Critical Infrastructure Security (PCIS) is to coordinate.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
National Space-Based Positioning, Navigation, and Timing (PNT) Federal Advisory Board DHS Challenges & Opportunities Captain Curtis Dubay, P.E. Department.

National Space-Based Positioning, Navigation, and Timing (PNT) Federal Advisory Board DHS Challenges & Opportunities Captain Curtis Dubay, P.E. Department.
Asia Pacific Economic Cooperation Transportation Working Group ITS Experts Group Chicago, Illinois September 2002 Walter Kulyk, P.E. Director, Office of.

Asia Pacific Economic Cooperation Transportation Working Group ITS Experts Group Chicago, Illinois September 2002 Walter Kulyk, P.E. Director, Office of.
June 9, 2003 Updated July 2004 Slide 1 Critical Infrastructure Assurance: The US Experience.

June 9, 2003 Updated July 2004 Slide 1 Critical Infrastructure Assurance: The US Experience.
Dubai Government Policies for Enhancing the Competitiveness of Multimodal Transportation and Logistics Cluster June 2014.

Dubai Government Policies for Enhancing the Competitiveness of Multimodal Transportation and Logistics Cluster June 2014.
Empowering Business in Real Time. © Copyright 2009, OSIsoft, LLC. All rights Reserved. Regional Seminar Series Houston October 28, 2009 Flowserve’s Technology.

Empowering Business in Real Time. © Copyright 2009, OSIsoft, LLC. All rights Reserved. Regional Seminar Series Houston October 28, 2009 Flowserve’s Technology.
Version Control : released 2011 December 7 U.S. Department of Transportation Federal Highway Administration Cyber Concerns for Transportation Organizations.

Version Control : released 2011 December 7 U.S. Department of Transportation Federal Highway Administration Cyber Concerns for Transportation Organizations.
CUSTOMER RELATIONS IN THE TRAVEL INDUSTRY 6.06 Recognize the importance of safety and security in the travel industry.

CUSTOMER RELATIONS IN THE TRAVEL INDUSTRY 6.06 Recognize the importance of safety and security in the travel industry.
Robert Arnold Federal Highway Administration Director, Office of Transportation Management.

Robert Arnold Federal Highway Administration Director, Office of Transportation Management.
1 st Ireland TETRA Conference, Dublin 13 th April 2005 Opportunities for TETRA in the Utilities Industry Chris Venemore – Technology Manager 1 st Ireland.

1 st Ireland TETRA Conference, Dublin 13 th April 2005 Opportunities for TETRA in the Utilities Industry Chris Venemore – Technology Manager 1 st Ireland.

Similar presentations

Ads by Google