E N D
1. Agenda
2. Agenda
Industrial Control Systems (ICS) in Transportation
Risk Areas, Progress, Accomplishments
Major players
Feedback
2
3. Transportation is Increasingly Dependent on Net-centric Operations and Wireless Communications 3
4. E-enabled vehicles are now the norm… 4
5. …for all of us! 5
6. We’re Demanding & Exploiting Connectivity 6
7. Control Systems Security Challenges 7
8. Critical Infrastructure Sectors Volpe Leads Transportation Homeland Security Presidential Directive 7 (HSPD-7) along with
the National Infrastructure Protection Plan (NIPP) identified & categorized
U.S. Critical Infrastructure into the following 18 Critical Infrastructure & Key Resources Sectors 8
9. Partnership Between DHS and DOT Inventory
Risk assessments
Standards and best practices
Laboratory
Notification & response plans
Outreach, training and professional capacity building
Transportation Control System Security Roadmap
9
10. Highway Existing TechnologiesTransportation Management Systems 10
11. Transportation Management System Safe assignment of right of ways
Maintain movement along major transportation facilities
Provide reliable and relevant information
12. Highway Field Devices Types of Devices Ramp/Gate/Signal Controllers
Fixed Dynamic Message Signs
Portable Dynamic Message Signs
Enforcement System
Embedded Devices Attack Vectors Direct device access
Vehicle born device cloning
Viruses (emergent threat)
12
13. Emerging Technologies:Cooperative Vehicle Applications 13
14. We’re Increasing the Potential Attack Surface 14
15. Highway Progress to Date Documenting the “universe” of control systems in highway/roadway; Intelligent Transportation Systems (ITS)
Reviewing the National ITS Architecture, ITS Application Standards, and US DOT ITS Joint Program Office website (ITS body of knowledge, ITS deployments, etc.)
Scheduling surveys and case studies to west coast & southern cities as well as large and medium metropolitan areas.
Some sites lead the nation in transportation Innovation
Examine Cooperative Vehicle Applications (Vehicle-Vehicle, Vehicle-Infrastructure) 15
16. Surface Transportation Public TransportationEmerging TechnologiesPositive Train Control Systems 16
17. Lodz, Poland, January 200814 Year Old Boy Derails Polish Trams with Modified TV Remote 4 light rail train (trams) derailed, 12 people hurt
Tool used: Converted television IR remote
Vulnerability: Locks disabling track changes when vehicle are present was not installed.
18. Surface Transportation – Public Transit Progress to Date
Inventory Scans
Public Transit Rail
Heavy Rail
Case Studies
Small east coast Transit Authority
Large west Coast metropolitan city
APTA CCSWG Regional Meetings
UK TRANSEC Cyber Threat Workshop
Schedule DHS-CSSP CSET Training (across USA)
Coordinated DHS-CSSP Panel for APTA Meeting in New Orleans (Oct ) 18
19. Aviation Existing Air Traffic Control System 19
20. Emerging TechnologiesNextGen Air Traffic Control System 20
21. Understanding Requires Collaboration Designers & manufacturers
Equipment suppliers
System integrators
Expert consultants
University & government researchers
Testing organizations
Users (airlines)
Infrastructure operators
Standards organizations
Certifiers and regulators 21
22. Aviation Progress to Date Inventory Scans
Completed the preliminary inventory of eEnabled aviation assets & finalized preliminary findings = 613 Control Systems (211 ranked)
Continue collection, research and analysis on UAS info for the eEnabled Aircraft Inventory
National Airspace System (NAS) Inventory (TBD)
CSET - Planned
Health and Usage Monitoring System (HUMS) - engines
CSETs – Under Consideration
Airlines
EFB Applications
In-Flight Entertainment (IFE)
Incident Response
eEnabled Aircraft Incident Response White Paper
22
23. Maritime Automated Systems 23
24. Today’s maritime environment includes automation throughout our nation’s ports
Automated entry systems
Wireless cargo tracking
Driverless cranes and other vehicles
Existing Automated Maritime Systems 24
25. Driverless Vehicle Hamburg Germany. Driverless vehicle moving 40’ container to automated storage crane.
26. Crane Accident Oakland, CA. Dropped cargo container too early. Is this a result of a Control System failure?
27. Inland Waterway System 27
28. SmartLock 28
29. Fire Onboard Could bad planning software have made it worse?
Hazmat too close together? 29
30. Navigation Malfunction Human error or equipment malfunction? 30
31. Dry-dock Malfunction Dubai. Opened sea gate while workers were under vessel resulting in 27 deaths and the loss of 2 vessels.
32. Maritime Progress to Date Surveyed
A major international ship container carrier’s two vessels docked on the east coast.
An international truck/car carrier on the east coast.
Two major container terminals on the east coast, and one in the Gulf of Mexico.
One of the worlds largest port and container terminals in the US
Contacted vessel owners and shipping lines at CMA Shipping 2011 Conference in Stamford, CT.
Presented CSSP info to ports, terminals, & equipment manuf. at Port & Terminal Technology Conf in Houston, TX.
32
33. Pipeline 33
34. Pipeline systems in US infrastructure 34
35. Pipeline Progress to Date
Conducted industry reviews
Coordinated outreach and awareness to TSA/Pipeline and DOT/PHMSA
Initial meetings with northeastern US gas distribution company
Initial review of a large US strategic operator
Attended API Pipeline Conference in Texas in April to develop industry contacts and to identify industry risk
Develop a Control System inventory for pipeline 35
36. Cross Cutting Multi Model Progress to Date Professional Capacity Building
Government and private sector = 675
Outreach and Awareness
Separate activities = 25
CSET - Completed, Planned or ongoing = 25
Case Studies - Completed, Planned or ongoing = 8
Transportation Sector Roadmap
36
37. Major Players in CSSP-Transportation DHS CSSP. Joint Working Groups, Conferences & Workshops
Roadmap Committee & Participants
Transportation Security Administration (TSA) Cyber Security Awareness/Outreach
American Public Transportation Association (APTA)
Association of American Railroads (AAR) Risk Group
American Association of State Highway and Transportation Officials (AASHTO)
Intelligent Transportation Society of America (ITS America)
Society of Automotive Engineers (SAE)
Transportation Research Board (TRB)
Information Sharing and Analysis Centers (ISACs)
Radio Technical Commission for Aeronautics (RCTA)
Volpe Center and other DOT Modes
International Transportation Counterparts
U. S. Coast Guard
37
38. Next Steps for CSSP-Transportation Expanding assistance to industry in all modes
Aviation, ST PT, Highway, Maritime, Pipeline
Inventory, CSETS, Standards, NCIRP,
Transportation ISACS
International
Outreach to DOT Model Administrators, operators, vendors
Transportation Roadmap
Professional Capacity Building
Host a Transportation Cyber Collaborative Workshop
38
39. Questions / Feedback
David E. Sawin
Program Manager
Information Assurance - Control Systems
Intermodal Infrastructure Security and Operations
US Department of Transportation
Research and Innovative Technology Administration
Volpe National Transportation Systems Center
Voice: 617.494.2206, Wireless: 781.760.4176 , STE: 617.494.3746, Fax: 617.494.2902
david.sawin@dot.gov
39