Recommended
More Related Content
What's hot
What's hot (20)
Similar to Applying the nist framework to transportation systems mod 1 nhi instructor development course_ray murphy 10-18-19
Similar to Applying the nist framework to transportation systems mod 1 nhi instructor development course_ray murphy 10-18-19 (20)
More from raymurphy9533
More from raymurphy9533 (20)
Recently uploaded
Recently uploaded (20)
Applying the nist framework to transportation systems mod 1 nhi instructor development course_ray murphy 10-18-19
- 1. APPLYING THE NIST CYBER SECURITY FRAMEWORK TO TRANSPORTATION SYSTEMS
- 2. Introduction NHI Instructor Development Course INTRODUCTIONS 1 Instructor: Ray Murphy ITS Specialist, USDOT/FHWA ray.murphy@dot.gov Electrical Engineer Transportation Cyber Security Connected and Automated Vehicle technologies
- 3. Introduction NHI Instructor Development Course ENGAGE IN YOUR LEARNING • Your interests? • Your familiarity with the National Institute of Standards and Technology (NIST) Framework? • Your thoughts on transportation cybersecurity? 2
- 4. Introduction NHI Instructor Development Course COURSE MODULES 3 Why is Cybersecurity Important and How Does It Impact the Transportation Ecosystem? NIST Framework Core Tiers, Profile, and Applying the Framework at Your Organization Current US DOT Initiatives to Enhance Cybersecurity Additional Resources and Tying It Together 1 3 2 4 5
- 5. WhyisCybersecurityImportantandhowdoesitimpacttheTransportationEcosystem? NHI Instructor Development Course MODULE 1 LEARNING OBJECTIVES Upon completion of Module 1, participants will be able to: - Why transportation cybersecurity is important - Cyber threats on your infrastructure and operations - Recognize device vulnerabilities or weaknesses 4 Why is Cybersecurity Important and How Does It Impact the Transportation Ecosystem?1 1.1 1.2 1.3
- 6. WhyisCybersecurityImportantandhowdoesitimpacttheTransportationEcosystem? NHI Instructor Development Course WHAT IS CYBERSECURITY? 5 The protection of… • Information Systems • Hardware & Software • Theft, damage, disruption or misdirection (including controlling physical access) The protection against harm… • via network access, • malpractice by operators, • deviating from secure procedures.
- 7. WhyisCybersecurityImportantandhowdoesitimpacttheTransportationEcosystem? NHI Instructor Development Course CRITICAL INFRASTRUCTURE 6 Photo source: trainweb.org The U.S. Highway system includes… • Interstate Highway, • Strategic Highways & Arterial Roadways, • Intermodal Connectors • Bridges and Tunnels
- 8. Introduction NHI Instructor Development Course PROTECTION OF CRITICAL INFRASTRUCTURE 7 • Advanced Computing, • Sensing, and • Communication Technologies • Infrastructure Owner/Operators • System Security/Protection • Design & Maintenance Responsibilities.
- 9. WhyisCybersecurityImportantandhowdoesitimpacttheTransportationEcosystem? NHI Instructor Development Course WHAT ARE WE TRYING TO PROTECT AND WHY? Transportation Management Systems have at least Four operational objectives: • The primary focus of cybersecurity protection should be on the most critical; your operational objectives 8 1. Safety 2. Mobility 3. Environment 4. Communication Operational Objectives
- 10. WhyisCybersecurityImportantandhowdoesitimpacttheTransportationEcosystem? NHI Instructor Development Course CYBER THREAT EXAMPLES 9 • Interruption targeted at crashing systems • Distributed DoS - multiple machines used to overwhelm bandwidth Denial of Service (DoS) • Malicious inserted software - disruptive, subversive & hostile • Used to gain access & gather sensitive information Malware • Malware via email, malicious attachment or links restricts use until a ransom is paid • Blocks access to data unless a decryption key is paid for Ransomware
- 11. WhyisCybersecurityImportantandhowdoesitimpacttheTransportationEcosystem? NHI Instructor Development Course VULNERABILITIES TO TRANSPORTATION OPERATIONS 10 • Can interact with other network devices • Has vulnerability due to lack of patching Legacy Systems • 1st step in gaining access • Combined to deliver malware / ransomware Brute Force • Unlocked/Exposed ITS infrastructure • Readily available Vendor & detailed product information Physical Vulnerabilities
- 12. NHI Instructor Development Course TRAFFIC MANAGEMENT SYSTEMS 11 Potential Vulnerabilities: Within a software environment an Attack surface is the sum of the different points or vectors where an unauthorized user (the "attacker") can try to enter data to or extract data. Keeping the attack surface as small as possible is a basic security measure. • Malware • Compromised networks & credentials • Poorly configured security
- 13. WhyisCybersecurityImportantandhowdoesitimpacttheTransportationEcosystem? NHI Instructor Development Course KNOWLEDGE CHECK Cybersecurity is the protection of information systems from theft or damage to the ________, the ________, the _________on them, and from disruption or misdirection of the services they provide. a) virus b)hardware c) information d)software e) ransomware 12
- 14. WhyisCybersecurityImportantandhowdoesitimpacttheTransportationEcosystem? NHI Instructor Development Course KNOWLEDGE CHECK Cybersecurity is the protection of information systems from theft or damage to the HARDWARE, the SOFTWARE, the INFORMATION on them, and from disruption or misdirection of the services they provide. 13
- 15. WhyisCybersecurityImportantandhowdoesitimpacttheTransportationEcosystem? NHI Instructor Development Course LEARNING OBJECTIVES REVIEW 14 Why is Cybersecurity Important and How Does it Impact the Transportation Ecosystem?1 Now you should be able to: • Articulate why cybersecurity is important and how it impacts the transportation system • Describe cyber threats and how they can impact an agency’s infrastructure and operations • Recognize devices that could be vulnerabilities or weaknesses in your own systems 1.1 1.2 1.3
Editor's Notes
- Good day & Welcome to Applying the National Institute of Standards and Technology or NIST Cyber Security Framework to Transportation Systems
- I am Ray Murphy and will be serving as your instructor today. I am an Intelligent Transportation Systems Specialist with the Federal Highway Administration under the US Department of Transportation My formal training is as an Electrical Engineer and I support Transportation Cyber Security, Connected & Automated Vehicle technologies
- Think about why you are here today. If time permits, I’d like everyone to introduce themselves and touch on these questions as to help identify “what’s in it for me”? What are you most interested to learn about? What is your familiarity with the National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure? Why do you think cybersecurity is important for transportation systems? Record in the parking lot and relate as they are shown later in the course if applicable If the group is large or time is a concern, I’ll poll the audience by asking them to raise hands or shout out answers to the questions on the screen. We can Create a “parking lot” using the whiteboard or Post-its to Document any questions that you want addressed throughout the session. We’ll entertain any questions that may not be within the scope for today’s workshop and follow up on these after the workshop. Key Message: The purpose of this course is to help transportation professionals improve their understanding of the subject and offer the tools that are useful for learning more about cyber security and resilience. Each of the subject areas could be a course of their own and are constantly changing, which is expected as the technologies are evolving under competitive pressure. Interactivity: If time permits, I’ll have each person introduce themselves.
- This course is intended to provide an overview on Applying the National Institute of Standards and Technology or NIST Cyber Security Framework to Transportation Systems. The material is designed in a modular fashion, Module 1 will address Why is Cybersecurity Important and How Does It Impact the Transportation Ecosystem? Module 2 will introduce the NIST Framework Core Module 3 will delve a bit deeper into the NIST Framework Tiers, Profile, and Applying the Framework at Your Organization We will end with Module 4 where I’ll provide an overview of some of the Current US DOT Initiatives to Enhance Cybersecurity Module 5 is a listing of additional resources that will help you apply the NIST framework.
- So Let’s Get Started with Module 1, “Why is Cybersecurity Important and How Does It Impact the Transportation Ecosystem?” Here are the 3 learning objectives we’ll focus on within this module. Upon completion of Module 1, participants will be able to: 1st Articulate why cybersecurity is important and how it impacts the transportation system Secondly, Describe cyber threats and how they can impact an agency’s infrastructure and operations And the 3rd – be able to Recognize devices that could be vulnerabilities or weaknesses in your own systems
- Let’s Set the stage for the course with a common definition of cyber security Cybersecurity, broadly speaking, is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection from the services they provide It includes controlling physical security and software security providing protection against harm that may come from outsider threat via network access, or insider threat by operators, whether intentional, or accidental deviating from secure procedures.
- Transportation fits into the larger scheme of our nation's critical infrastructure U.S. Highway system includes the interstate highway, strategic highways, arterial roadways, intermodal connectors, as well as bridges and tunnels.
- Let’s transition from a national level of critical infrastructure to why you should care about this as transportation infrastructure owners & operators As you all may know, the transportation sector is changing. The use of advanced computing, sensing, and communication technologies support transportation systems in meeting the increasing operational challenges on our national ground transportation network. As Intelligent Transportation Systems (ITS) and other technologies are being increasingly deployed, infrastructure owners/operators should include system security and protection in their design, operations and maintenance responsibilities.
- Ask yourself – what are we trying to protect and why? In general, most transportation management systems touch on the following 4 operational objectives: Safety is always fundamental. Mobility is typically a major concern. It will surely benefit from improved connectivity… through improved situational awareness and coordination between vehicles and management systems. The Environment will benefit from less congestion which will result in less fuel consumption. Public communication is an essential tool for mastering and controlling your message to the public and has become a latent expectation from a much more connected population. The point is, as transportation owners and operators, especially with limited resources, it’s daunting to protect everything and we suggest that your Focus be on your operational objectives.
- Now that you know what you are trying to protect, let’s dig deeper into what specifically you are protecting from. I’d like to now Introduce the type of cyber threats and ensure everyone knows their basic definitions. We’re delving into these at a high level. There is additional information on each on these topics in the resources in the back of your workbook. If your questions aren’t answered by these resources, please contact me. A Denial of Service: or (DoS) attack occurs when legitimate users are unable to access information systems, devices, or other network resources due to the actions of a malicious cyber threat actor. Services affected may include email, websites, online accounts (e.g., banking), or other services that rely on the affected computer or network. A denial-of-service is accomplished by flooding the targeted host or network with traffic until the target cannot respond or simply crashes, preventing access for legitimate users. DoS attacks can cost an organization both time and money while their resources and services are inaccessible. A Distributed denial-of-service or (DDoS) attack occurs when multiple machines are operating together to attack one target. DDoS allows for exponentially more requests to be sent to the target, therefore increasing the attack power. It also increases the difficulty of attribution, as the true source of the attack is harder to identify. Malware which is short for malicious software, is an umbrella term used to refer to a variety of forms of hostile or intrusive software, including computer viruses, worms, trojan horses, ransomware, spyware, adware, scareware, and other malicious programs. It can take the form of executable code, scripts, active content, and other software. Malware is often disguised as, or embedded in, non-malicious files. Ransomware is a type of malware that blocks access to the victim’s data and threatens to publish or delete it unless a ransom is paid. While some simple computer ransomware can lock the system in a way that is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called crypto viral extortion, which encrypts the victim’s files in a way that makes them nearly impossible to recover without the decryption key. …ransomware gets a user to open a malicious attachment or link to a compromised website. Once a document is open or a link has been clicked, then the ransomware scans local drives for files to encrypt. Some variants may even encrypt unmapped network drives, extending the reach of the infection and making potential damage even more widespread. Interactivity: It is important to note that this is not an exhaustive list of cyber threats… Does anyone else know of any others?
- It is also important to note that sophisticated hackers will use a combination of methods to access systems and or devices. Legacy systems were put in place decades ago with no thought of cybersecurity. The problem with legacy systems is that they run old and sometimes outdated versions of operating systems or application software that are no longer supported. Such systems that interact with other network devices that are unpatched, making them vulnerable to attacks and exploits A Brute force attack consists of an attacker submitting many passwords or passphrases and can be the 1st step in gaining access. The attacker systematically checks all possible passwords and passphrases until the correct one is found, usually in an automated manner perhaps by software robot devices or BOTs Anything “password protected” is vulnerable to the brute force method Physical Vulnerabilities which exist may involve ITS infrastructure which sits physically exposed on roadways and roadsides, can sometimes be unlocked, making them highly accessible. Additionally, vendor & product information may be readily available online. Can anyone briefly share their experiences with any of these vulnerabilities?
- Let’s Take it a step further, let’s look at a TMC layout and discuss potential vulnerabilities and possible attack vectors. Within a software environment an Attack surface is the sum of the different points or vectors where an unauthorized user (the "attacker") can try to enter data to or extract data. Keeping the attack surface as small as possible is a basic security measure. Common attacks on a TMC network include: Malware delivered using email or a compromised website or walked in by a user either inadvertently or deliberately Compromised partner networks & user credentials Poorly configured security including external firewall, switches, or agency webpages; The perimeter is made up of common field devices connected together over a network spread across a wide geographical area. Interactivity: What other edge devices can you think of?
- Let’s take a quick knowledge check… (INTERACTION) Cybersecurity is the protection of information systems from theft or damage to the WHAT, the WHAT, the WHAT on them, and from disruption or misdirection of the services they provide In addition, Cybersecurity includes controlling physical security and software security which provides protection against harm that may come from outsider threats
- Let’s take a quick knowledge check… (INTERACTION) Cybersecurity is the protection of information systems from theft or damage to the hardware, the software, the information on them, and from disruption or misdirection of the services they provide In addition, Cybersecurity includes controlling physical security and software security which provides protection against harm that may come from outsider threats
- Now that you’ve finished this lesson, you should be able to: convey why cybersecurity is important and how it can impact transportation systems, describe cyber threats and how they can impact your infrastructure & operations determine what transportation devices that are vulnerable and at risk This concludes the module 1 Interactivity: Any questions on what we just covered?