The Importance of Information Technology (IT) for Transportation Security

Similar documents
Analyzing Cascading Effects within Infrastructure Sectors for Consequence Reduction

Asset Management Challenges and Options, Including the Implications and Importance of Aging Infrastructure

Impact of Connected Automated Vehicles on Traffic Management Centers (TMCs)

Intelligent Transportation Systems Technical Report Summary

CHAPTER 8: INTELLIGENT TRANSPORTATION STSTEMS (ITS)

Tools and Operational Data Available st RESOLUTE Workshop, Florence

Cisco Fog Computing Solutions: Unleash the Power of the Internet of Things

OM-13: Transportation Management and Operations

INTELLIGENT TRANSPORTATION SYSTEMS IN WHATCOM COUNTY A REGIONAL GUIDE TO ITS TECHNOLOGY

Hitachi Visualization. Twin Cities Public Safety Presentation

Traffic Incident Management Enhancement (TIME) Blueprint Version 2.0 Executive Summary

Physical Security Reliability Standard Implementation

Security for Railways and Metros

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks

Surveillance and Security Technologies for Bridges and Tunnels

for Critical Infrastructure Protection Supervisory Control and Data Acquisition SCADA SECURITY ADVICE FOR CEOs

A Framework to Support Healthcare Continuity of Operations in an Information Technology Failure:

I-29 Corridor ITS Architecture and Systems Engineering Analysis

SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP

Section A: Introduction, Definitions and Principles of Infrastructure Resilience

APPENDIX A Dallas-Fort Worth Region Transportation System Management Strategies and Projects

TESTIMONY OF DANIEL DUFF VICE PRESIDENT - GOVERNMENT AFFAIRS AMERICAN PUBLIC TRANSPORTATION ASSOCIATION BEFORE THE

Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0

MSRC Best Practices. Communications Infrastructure Security, Access & Restoration Working Group

Solution Overview. Vitria Technology s Cyber Security Solution

Our future depends on intelligent infrastructures. siemens.com/intelligent-infrastructures. Answers for infrastructure and cities.

Hybrid System for Driver Assistance

Metropolitan Intelligent Transportation Systems (ITS) Infrastructure 2010 Transportation Management Center

W H I T E P A P E R. Security & Defense Solutions Intelligent Convergence with EdgeFrontier

ITS eprimer Module 7: Public Transportation

September 8th 8:30 AM 10:00 AM PL1: Reinventing Policy to Support the New ITS

Intelligent Transportation System - I

Professional Truck Driver Training Course Syllabus

Setting the Standard for Safe City Projects in the United States

University of Prince Edward Island. Emergency Management Plan

MAJOR PLANNING CONSIDERATIONS CHECKLIST

Content of mobile GIS lecture

ITS Investment Strategy 10-Year Program, FY07-16

i-pcgrid Workshop 2015 Cyber Security for Substation Automation The Jagged Line between Utility and Vendors

Olympic Region Traffic Management Center. Olympic Radio

Introduction. Industry Changes

A Study on Integrated Security Service Control Solution Development about CRETA Security

Security Strategy: A Layered Approach. Anthony Mercogliano Metropolitan Transportation Authority Assistant Director of Security New York, NY

Improving the Effectiveness of Retail Video Surveillance

Best Practices for Building a Security Operations Center

What is Cyber Liability

Rhode Island Department of Transportation ITS State Architecture Update

Security in Space: Intelsat Information Assurance

Homeland Security Solutions

FACILITY AND VENUE PROTECTION

Policy for the Design and Operation of Closed-Circuit Television (CCTV) in Advanced Traffic Management Systems September 4, 2001

New York State Energy Planning Board. Cyber Security and the Energy Infrastructure

Intelligent. Buildings: Understanding and managing the security risks

Think Remote Monitoring Think Concept Pro Think VXM4B

Endless possibilities

The Emergency Operations Plan provides guidance for managing emergency communications resources.

Trapeze Rail System Simulation and Planning

Fog Computing and the Internet of Things: Extend the Cloud to Where the Things Are

The Internet of Things (IoT) Opportunities and Risks

O N L I N E I N C I D E N T R E S P O N S E C O M M U N I T Y

Solutions and IT services for Oil-Gas & Energy markets

TEXAS HOMELAND SECURITY STRATEGIC PLAN : PRIORITY ACTIONS

International Working Group on Data Protection in Telecommunications

The University of Iowa. Enterprise Information Technology Disaster Plan. Version 3.1

Hospital Emergency Operations Plan

Early Fire Detection & Condition Monitoring

The relevance of cyber-security to functional safety of connected and automated vehicles

Resilient Urban Infrastructure

The Cisco and Pelco Industrial Wireless Video Surveillance Solution: Real-Time Monitoring of Process Environments for Safety and Security

Office of Safety and Compliance

ASTRO 25 SYSTEM FOR MISSION CRITICAL DATA LEVERAGE YOUR ASTRO 25 SYSTEM INVESTMENT FOR MISSION CRITICAL DATA

What You Should Know About Cloud- Based Data Backup

Verizon, 911 Service and the June 29, 2012, Derecho

Integrated Physical Security and Incident Management

Why build the Silvertown Tunnel?

Securing Remote and Outdoor Assets Using Video Verification

Summary of CIP Version 5 Standards

Request for Information National Power Transformer Reserve. Contact: Department of Energy Office of Electricity Delivery and Energy Reliability

National Capital Region: Urban Area Security Initiatives Subgrants as of 02/01/12

SEMINAR REPORT 2004 HANDFREE DRIVING FOR AUTOMOBILES

Smart Energy Consumption and the Smart Grid

Video Analytics Applications for the Retail Market

SuperNav for Heavy Equipment

North American Electric Reliability Corporation: Critical Infrastructure Protection, Version 5 (NERC-CIP V5)

Linking Planning and Operations Initiative A Data Driven Approach. Chris Francis Transportation Statistics

1 st RESOLUTE Workshop Florence

- Monitoring Array: a seismic or infrasound array, including from 1(4) to 20 Remote Elements (RE) and one Central Recording Facility (CRF).

With the large number of. How to Avoid Disaster: RIM s Crucial Role in Business Continuity Planning. Virginia A. Jones, CRM, FAI RIM FUNDAMENTALS

Transcription:

The Importance of Information Technology (IT) for Transportation Security John C. Falcocchio and Rae Zimmerman WISSP10, Abu Dhabi, October 4, 2010 This presentation is for use at WISSP10, and not for further distribution or electronic posting without the permission of authors.

Presentation Outline I. A Brief Overview of the Transportation System II. IT and Transportation III. IT and Transportation Security IV. Conclusions V. Policy Recommendations VI. Recommended Research Directions

I. Brief Overview of the Transportation System Four Core Components: Physical Infrastructure Vehicles Operators / Operations Customers

Interfaces of Transportation System Components Operators Physical Infrastructure and Vehicles Customers

II. IT and Transportation IT has made these interfaces more efficient by leading to the creation of an: Intelligent Infrastructure and Intelligent Vehicles

Intelligent Infrastructure Services for Highways Arterial Management Freeway Management Crash Prevention and Safety Road Weather Management Roadway Operations and Management (lighting, signaling; maintenance) Traffic Incident Management Emergency Management Electronic Payment and Pricing Traveler Information Information Management Commercial Vehicles Intermodal Freight Reference: http://www.itsoverview.its.dot.gov/default.asp

How IT Interfaces with Highways: These services are enabled by traffic surveillance and detection techniques, such as sensors, or cameras monitoring traffic flow The surveillance and detection techniques used to monitor traffic flow in support of ITS applications can also be used to monitor key transportation facilities for security purposes

Intelligent Infrastructure Services Include: for Transit Operations and Fleet Management Information Dissemination Transportation Demand Management Safety and Security

How IT Interfaces with Transit These services are enabled by automated vehicle location (AVL) systems, computeraided dispatch (CAD) systems, computerized control of heating, ventilating and air conditioning (HVAC) systems, and remote vehicle and facility surveillance cameras Transit management centers can monitor in-vehicle and in-terminal surveillance systems to improve service and improve the safety and security of passengers and operators

Intelligent Vehicles Services Accident Prevention/Avoidance Collision Avoidance Collision Notification Driver Assistance Security - Intrusion detection - Monitoring of incidents - Dissemination of warning messages - Deployment of security personnel

III. IT and Transportation Security In avoiding, mitigating or coping with security breaches Highways Transit

Highways New York City, September 11, 2001: Updated all VMS signs to Avoid Lower Manhattan message Shared video feeds with NYPD Monitored highways and streets for emergency access Implemented outbound traffic signal patterns

Example: Advanced Traveler Information

Transit New York City, September 11, 2001: Communication averted adverse consequences such as deaths in trains in the area at the time of the attack by allowing train operators time to roll back trains or not have them start on what would have been a perilous journey (U.S. DOT, Volpe Center): Within a minute of the first plane hitting the north tower a train operator alerted the control center of MTA of an explosion and emergency procedures begin Within six minutes PATH begins emergency procedures

Transit London Train Bombings, 2005: CCTV enabled the authorities to initially track the perpetrators and finally apprehend them, though it was not able to avoid the attack

III. IT and Transportation Security, cont d. Vulnerabilities of the interfaces

Interdependency of Interconnected Systems

1. IT and Transportation Failures of IT from accidents produce consequences that are similar to those that might be expected from deliberate attacks.

IT/Transit Failures On August 20, 2003, the entire CSX transportation system shut down in 23 states due to the shut down of a computer system that monitors train movement and CSX signals; system restoration began with manual overrides (Daniels, August 20, 2003) On May 25, 2006, 112 Amtrak trains and 45 NJ Transit trains were disrupted when a 4 year old computer part failed to relay an order to restore power at one of the six substations providing power to the Amtrak system after electricity had been reduced for maintenance. Amtrak acted to manage such situations, for example, by having substations manned in peak hours, not reducing power capacity for maintenance, and having spare locomotives to move stalled trains (Associated Press, February 23, 2007).

2. IT and other Interconnected Systems: Energy for Transportation Oil and Gas Pipelines and IT Electricity and IT

Electric Power, IT, and Transportation Transportation is heavily dependent on electric power which in turn is dependent on IT Electric power has also experienced outages from IT failures both from accidents and deliberate attacks

Electric Power and IT Failures August 2003 Blackout. First Energy control room operators were unaware visually and audibly that an alarm had gone off, since their computer system was impaired. This delayed the detection of something going wrong with the electrical system. Subsequently, computer control servers became disabled. (U.S.-Canada Power System Outage Task Force April 2004).

Electric Power and IT Failures In January 2003, the Slammer worm infected the safety monitoring system at the Davis-Besse nuclear power plant in Oak Harbor, Ohio, and replicated so fast that it disabled the system for nearly five hours. The worm knocked out the plant's central command system for six hours. A report from the North American Electric Reliability Council found that power wasn't disrupted, but the failure stopped commands to other power utilities. (Arnone May 8, 2006) A false oil flow alarm shut an electricity transmission line down, causing a widespread blackout in Southern California affecting 500,000 people (Veiga September 1, 2005).

3. Methods to Quantify Dependencies and Interdependencies: Ratio Approaches A ratio was constructed of the time it took for an infrastructure dependent on electric power to recover and the time it took electric power to recover: T(i) / T(e) This was applied to various outages where infrastructure was affected and the recovery times for both electric power and the dependent infrastructure were known Such an approach is valuable given that the duration of outages varies considerably and even a given outage varies in time from place to place. Source: R. Zimmerman and C. Restrepo, The Next Step: Quantifying Infrastructure Interdependencies to Improve Security, International Journal of Critical Infrastructures, Vol. 2, Nos. 2/3, 2006, pp. 215-230.

Results for the August 2003 Blackout: Electricity Outage Durations T(e) and Affected Infrastructure Outage Duration T(i) Outage Durations for the August 2003 Blackout (Total Duration = 42-72 hours) T(i)/T(e) Transit-electrified Rail (NYC) 1.3 Traffic Signals (NYC) 2.6 Source: R. Zimmerman and C. Restrepo, The Next Step: Quantifying Infrastructure Interdependencies to Improve Security, International Journal of Critical Infrastructures, Vol. 2, Nos. 2/3, 2006, pp. 215-230. Summarized from Table 3.

IV. Conclusions Transportation security is compromised when a hacked computer will cause a crash, or when an IT system component fails because of poor maintenance or human error Maintenance of IT components at the interfaces of IT, Transportation, and other infrastructure systems (e.g., electric power) is a critical aspect of transportation security

V. Policy Recommendations Policies regarding the use of IT in critical infrastructures must take into account the benefits of IT when everything functions as expected, as well as the risks of incorporating IT when one or more of its components fail

V. Policy Recommendations, cont d. Such policies should be pervasive in marketing guidelines and regulations, since the risks can be very great

VI. Recommended Research Directions Review and assess international practices in maintenance and operations at the interfaces of IT, Transportation, and other Infrastructure systems for high risk locations (e.g., tunnels, bridges, stations where many lines converge)

VI. Research Directions, cont d. Review and assess the skills of personnel assigned to maintain and operate critical system components Review and assess the reliability of funding mechanisms needed for preventive maintenance and for the safe operations of IT components

VI. Research Directions, cont d. Identify best practices and recommend new policies that improve/assure IT reliability in transportation security Review and assess how maintenance practices are managed (who is in charge?) at the interfaces of IT and other interdependent systems and which agency has lead responsibility

VI. Research Directions, cont d. Explore the feasibility of establishing an independent agency with the responsibility and authority to address the critical interconnections at the security interfaces of the transportation system, IT, and other interconnected systems

Thank You

References Bugliarello, G. A Note on the Interfacial Vulnerabilities of Transportation Systems, Countering Terrorism Biological Agents, Transportation Networks, and Energy Systems, Summary of a US-Russian Workshop, National Research Council of the National Academies, Washington DC, 2009. Falcocchio, J.C. Transportation Planning for Evacuations, Countering Terrorism Biological Agents, Transportation Networks, and Energy Systems, Summary of a US-Russian Workshop, National Research Council of the National Academies, Washington DC, 2009. FHWA, Publication Number FHWA HRT-10-004, Public roads, July- August 2010. Research and Innovative Technology Administration, Intelligent Transportation Systems, http://www.itsoverview.its.dot.gov/default.asp Zimmerman, R. and C. Restrepo, The Next Step: Quantifying Infrastructure Interdependencies to Improve Security, International Journal of Critical Infrastructures, Vol. 2, Nos. 2/3, 2006, pp. 215-230.

Acknowledgements Anecdotes on IT/Transportation failures and successes and interdependencies were drawn from R. Zimmerman s contribution to the following conference presentations and subsequent presentations: March 11, 2008. C. E. Restrepo (presenter), R. Zimmerman, and J. S. Simonoff, Risk Communication in Support of Energy, Transportation and Water Services, 2008 Risk Symposium, Santa Fe, NM. November 6, 2008. R. Zimmerman, Securing Infrastructure Services in the Digital Age, Hooked on Technology: The Benefits and Dangers of the Digital Age, at the Fall 2008 Speakers on the Square Lecture presented by the NYU Alumni Association. October 14, 2009. R. Zimmerman, Infrastructure Dependencies, Interdependencies, and Security: Measuring Anecdotes, Infrastructure Security Workshop, Rutgers University, New Brunswick, NJ. Portions of this work were supported by an NYU-Poly seed grant, Center for Interdisciplinary Studies in Security and Privacy (CRISSP).

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information