1 / 39

Agenda

eilis
Download Presentation

Agenda

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. Agenda

    2. Agenda Industrial Control Systems (ICS) in Transportation Risk Areas, Progress, Accomplishments Major players Feedback 2

    3. Transportation is Increasingly Dependent on Net-centric Operations and Wireless Communications 3

    4. E-enabled vehicles are now the norm… 4

    5. …for all of us! 5

    6. We’re Demanding & Exploiting Connectivity 6

    7. Control Systems Security Challenges 7

    8. Critical Infrastructure Sectors Volpe Leads Transportation Homeland Security Presidential Directive 7 (HSPD-7) along with the National Infrastructure Protection Plan (NIPP) identified & categorized U.S. Critical Infrastructure into the following 18 Critical Infrastructure & Key Resources Sectors 8

    9. Partnership Between DHS and DOT Inventory Risk assessments Standards and best practices Laboratory Notification & response plans Outreach, training and professional capacity building Transportation Control System Security Roadmap 9

    10. Highway Existing Technologies Transportation Management Systems 10

    11. Transportation Management System Safe assignment of right of ways Maintain movement along major transportation facilities Provide reliable and relevant information

    12. Highway Field Devices Types of Devices Ramp/Gate/Signal Controllers Fixed Dynamic Message Signs Portable Dynamic Message Signs Enforcement System Embedded Devices Attack Vectors Direct device access Vehicle born device cloning Viruses (emergent threat) 12

    13. Emerging Technologies: Cooperative Vehicle Applications 13

    14. We’re Increasing the Potential Attack Surface 14

    15. Highway Progress to Date Documenting the “universe” of control systems in highway/roadway; Intelligent Transportation Systems (ITS) Reviewing the National ITS Architecture, ITS Application Standards, and US DOT ITS Joint Program Office website (ITS body of knowledge, ITS deployments, etc.) Scheduling surveys and case studies to west coast & southern cities as well as large and medium metropolitan areas. Some sites lead the nation in transportation Innovation Examine Cooperative Vehicle Applications (Vehicle-Vehicle, Vehicle-Infrastructure) 15

    16. Surface Transportation Public Transportation Emerging Technologies Positive Train Control Systems 16

    17. Lodz, Poland, January 2008 14 Year Old Boy Derails Polish Trams with Modified TV Remote 4 light rail train (trams) derailed, 12 people hurt Tool used: Converted television IR remote Vulnerability: Locks disabling track changes when vehicle are present was not installed.

    18. Surface Transportation – Public Transit Progress to Date Inventory Scans Public Transit Rail Heavy Rail Case Studies Small east coast Transit Authority Large west Coast metropolitan city APTA CCSWG Regional Meetings UK TRANSEC Cyber Threat Workshop Schedule DHS-CSSP CSET Training (across USA) Coordinated DHS-CSSP Panel for APTA Meeting in New Orleans (Oct ) 18

    19. Aviation Existing Air Traffic Control System 19

    20. Emerging Technologies NextGen Air Traffic Control System 20

    21. Understanding Requires Collaboration Designers & manufacturers Equipment suppliers System integrators Expert consultants University & government researchers Testing organizations Users (airlines) Infrastructure operators Standards organizations Certifiers and regulators 21

    22. Aviation Progress to Date Inventory Scans Completed the preliminary inventory of eEnabled aviation assets & finalized preliminary findings = 613 Control Systems (211 ranked) Continue collection, research and analysis on UAS info for the eEnabled Aircraft Inventory National Airspace System (NAS) Inventory (TBD) CSET - Planned Health and Usage Monitoring System (HUMS) - engines CSETs – Under Consideration Airlines EFB Applications In-Flight Entertainment (IFE) Incident Response eEnabled Aircraft Incident Response White Paper 22

    23. Maritime Automated Systems 23

    24. Today’s maritime environment includes automation throughout our nation’s ports Automated entry systems Wireless cargo tracking Driverless cranes and other vehicles Existing Automated Maritime Systems 24

    25. Driverless Vehicle Hamburg Germany. Driverless vehicle moving 40’ container to automated storage crane.

    26. Crane Accident Oakland, CA. Dropped cargo container too early. Is this a result of a Control System failure?

    27. Inland Waterway System 27

    28. SmartLock 28

    29. Fire Onboard Could bad planning software have made it worse? Hazmat too close together? 29

    30. Navigation Malfunction Human error or equipment malfunction? 30

    31. Dry-dock Malfunction Dubai. Opened sea gate while workers were under vessel resulting in 27 deaths and the loss of 2 vessels.

    32. Maritime Progress to Date Surveyed A major international ship container carrier’s two vessels docked on the east coast. An international truck/car carrier on the east coast. Two major container terminals on the east coast, and one in the Gulf of Mexico. One of the worlds largest port and container terminals in the US Contacted vessel owners and shipping lines at CMA Shipping 2011 Conference in Stamford, CT. Presented CSSP info to ports, terminals, & equipment manuf. at Port & Terminal Technology Conf in Houston, TX. 32

    33. Pipeline 33

    34. Pipeline systems in US infrastructure 34

    35. Pipeline Progress to Date Conducted industry reviews Coordinated outreach and awareness to TSA/Pipeline and DOT/PHMSA Initial meetings with northeastern US gas distribution company Initial review of a large US strategic operator Attended API Pipeline Conference in Texas in April to develop industry contacts and to identify industry risk Develop a Control System inventory for pipeline 35

    36. Cross Cutting Multi Model Progress to Date Professional Capacity Building Government and private sector = 675 Outreach and Awareness Separate activities = 25 CSET - Completed, Planned or ongoing = 25 Case Studies - Completed, Planned or ongoing = 8 Transportation Sector Roadmap 36

    37. Major Players in CSSP-Transportation DHS CSSP. Joint Working Groups, Conferences & Workshops Roadmap Committee & Participants Transportation Security Administration (TSA) Cyber Security Awareness/Outreach American Public Transportation Association (APTA) Association of American Railroads (AAR) Risk Group American Association of State Highway and Transportation Officials (AASHTO) Intelligent Transportation Society of America (ITS America) Society of Automotive Engineers (SAE) Transportation Research Board (TRB) Information Sharing and Analysis Centers (ISACs) Radio Technical Commission for Aeronautics (RCTA) Volpe Center and other DOT Modes International Transportation Counterparts U. S. Coast Guard 37

    38. Next Steps for CSSP-Transportation Expanding assistance to industry in all modes Aviation, ST PT, Highway, Maritime, Pipeline Inventory, CSETS, Standards, NCIRP, Transportation ISACS International Outreach to DOT Model Administrators, operators, vendors Transportation Roadmap Professional Capacity Building Host a Transportation Cyber Collaborative Workshop 38

    39. Questions / Feedback David E. Sawin Program Manager Information Assurance - Control Systems Intermodal Infrastructure Security and Operations US Department of Transportation Research and Innovative Technology Administration Volpe National Transportation Systems Center Voice: 617.494.2206, Wireless: 781.760.4176 , STE: 617.494.3746, Fax: 617.494.2902 david.sawin@dot.gov 39

More Related