2. Introduction
NHI Instructor Development Course
INTRODUCTIONS
1
Instructor:
Ray Murphy
ITS Specialist, USDOT/FHWA
ray.murphy@dot.gov
Electrical Engineer
Transportation Cyber Security
Connected and Automated Vehicle technologies
3. Introduction
NHI Instructor Development Course
ENGAGE IN YOUR LEARNING
• Your interests?
• Your familiarity with the National Institute of
Standards and Technology (NIST) Framework?
• Your thoughts on transportation cybersecurity?
2
4. Introduction
NHI Instructor Development Course
COURSE MODULES
3
Why is Cybersecurity Important and How Does It Impact
the Transportation Ecosystem?
NIST Framework Core
Tiers, Profile, and Applying the Framework at Your
Organization
Current US DOT Initiatives to Enhance Cybersecurity
Additional Resources and Tying It Together
1
3
2
4
5
5. WhyisCybersecurityImportantandhowdoesitimpacttheTransportationEcosystem?
NHI Instructor Development Course
MODULE 1 LEARNING OBJECTIVES
Upon completion of Module 1, participants will be able to:
- Why transportation cybersecurity is important
- Cyber threats on your infrastructure and operations
- Recognize device vulnerabilities or weaknesses
4
Why is Cybersecurity Important and How Does It Impact the
Transportation Ecosystem?1
1.1
1.2
1.3
8. Introduction
NHI Instructor Development Course
PROTECTION OF CRITICAL INFRASTRUCTURE
7
• Advanced Computing,
• Sensing, and
• Communication
Technologies
• Infrastructure Owner/Operators
• System Security/Protection
• Design & Maintenance Responsibilities.
9. WhyisCybersecurityImportantandhowdoesitimpacttheTransportationEcosystem?
NHI Instructor Development Course
WHAT ARE WE TRYING TO PROTECT AND WHY?
Transportation Management Systems have at least Four
operational objectives:
• The primary focus of cybersecurity protection should be on
the most critical; your operational objectives
8
1. Safety
2. Mobility
3. Environment
4. Communication
Operational Objectives
10. WhyisCybersecurityImportantandhowdoesitimpacttheTransportationEcosystem?
NHI Instructor Development Course
CYBER THREAT EXAMPLES
9
• Interruption targeted at crashing systems
• Distributed DoS - multiple machines used
to overwhelm bandwidth
Denial of
Service
(DoS)
• Malicious inserted software - disruptive,
subversive & hostile
• Used to gain access & gather sensitive
information
Malware
• Malware via email, malicious attachment
or links restricts use until a ransom is paid
• Blocks access to data unless a decryption
key is paid for
Ransomware
11. WhyisCybersecurityImportantandhowdoesitimpacttheTransportationEcosystem?
NHI Instructor Development Course
VULNERABILITIES TO TRANSPORTATION OPERATIONS
10
• Can interact with other network devices
• Has vulnerability due to lack of patching
Legacy
Systems
• 1st step in gaining access
• Combined to deliver malware / ransomware
Brute Force
• Unlocked/Exposed ITS infrastructure
• Readily available Vendor & detailed
product information
Physical
Vulnerabilities
12. NHI Instructor Development Course
TRAFFIC MANAGEMENT SYSTEMS
11
Potential Vulnerabilities:
Within a software
environment an Attack
surface is the sum of
the different points or
vectors where an
unauthorized user (the
"attacker") can try to
enter data to or extract
data.
Keeping the attack
surface as small as
possible is a basic
security measure.
• Malware
• Compromised
networks &
credentials
• Poorly
configured
security
15. WhyisCybersecurityImportantandhowdoesitimpacttheTransportationEcosystem?
NHI Instructor Development Course
LEARNING OBJECTIVES REVIEW
14
Why is Cybersecurity Important and How Does it
Impact the Transportation Ecosystem?1
Now you should be able to:
• Articulate why cybersecurity is important and how it
impacts the transportation system
• Describe cyber threats and how they can impact an
agency’s infrastructure and operations
• Recognize devices that could be vulnerabilities or
weaknesses in your own systems
1.1
1.2
1.3
Editor's Notes
Good day & Welcome to Applying the National Institute of Standards and Technology or NIST Cyber Security Framework to Transportation Systems
I am Ray Murphy and will be serving as your instructor today.
I am an Intelligent Transportation Systems Specialist with the Federal Highway Administration under the US Department of Transportation
My formal training is as an Electrical Engineer and I support
Transportation Cyber Security, Connected & Automated Vehicle technologies
Think about why you are here today.
If time permits, I’d like everyone to introduce themselves and touch on these questions as to help identify “what’s in it for me”?
What are you most interested to learn about?
What is your familiarity with the National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure?
Why do you think cybersecurity is important for transportation systems?
Record in the parking lot and relate as they are shown later in the course if applicable
If the group is large or time is a concern, I’ll poll the audience by asking them to raise hands or shout out answers to the questions on the screen.
We can Create a “parking lot” using the whiteboard or Post-its to Document any questions that you want addressed throughout the session.
We’ll entertain any questions that may not be within the scope for today’s workshop and follow up on these after the workshop.
Key Message: The purpose of this course is to help transportation professionals improve their understanding of the subject and offer the tools that are useful for learning more about cyber security and resilience.
Each of the subject areas could be a course of their own and are constantly changing, which is expected as the technologies are evolving under competitive pressure.
Interactivity: If time permits, I’ll have each person introduce themselves.
This course is intended to provide an overview on Applying the National Institute of Standards and Technology or NIST Cyber Security Framework to Transportation Systems.
The material is designed in a modular fashion,
Module 1 will address Why is Cybersecurity Important and How Does It Impact the Transportation Ecosystem?
Module 2 will introduce the NIST Framework Core
Module 3 will delve a bit deeper into the NIST Framework Tiers, Profile, and Applying the Framework at Your Organization
We will end with Module 4 where I’ll provide an overview of some of the Current US DOT Initiatives to Enhance Cybersecurity
Module 5 is a listing of additional resources that will help you apply the NIST framework.
So Let’s Get Started with Module 1, “Why is Cybersecurity Important and How Does It Impact the Transportation Ecosystem?”
Here are the 3 learning objectives we’ll focus on within this module.
Upon completion of Module 1, participants will be able to:
1st Articulate why cybersecurity is important and how it impacts the transportation system
Secondly, Describe cyber threats and how they can impact an agency’s infrastructure and operations
And the 3rd – be able to Recognize devices that could be vulnerabilities or weaknesses in your own systems
Let’s Set the stage for the course with a common definition of cyber security
Cybersecurity, broadly speaking,
is the protection of information systems from theft or damage to the hardware, the software,
and to the information on them,
as well as from disruption or misdirection from the services they provide
It includes
controlling physical security and software security providing protection against harm
that may come from outsider threat via network access,
or insider threat by operators, whether intentional, or accidental
deviating from secure procedures.
Transportation fits into the larger scheme of our nation's critical infrastructure
U.S. Highway system includes the interstate highway,
strategic highways, arterial roadways, intermodal connectors, as well as bridges and tunnels.
Let’s transition from a national level of critical infrastructure
to why you should care about this
as transportation infrastructure owners & operators
As you all may know, the transportation sector is changing.
The use of advanced computing, sensing, and communication technologies
support transportation systems in meeting the increasing operational challenges on our national ground transportation network.
As Intelligent Transportation Systems (ITS) and other technologies are being increasingly deployed,
infrastructure owners/operators should include system security and protection in their design, operations and maintenance responsibilities.
Ask yourself – what are we trying to protect and why?
In general, most transportation management systems touch on the following 4 operational objectives:
Safety is always fundamental.
Mobility is typically a major concern. It will surely benefit from improved connectivity…
through improved situational awareness and coordination between vehicles and management systems.
The Environment will benefit from less congestion which will result in less fuel consumption.
Public communication is an essential tool for mastering and controlling your message to the public and
has become a latent expectation from a much more connected population.
The point is, as transportation owners and operators, especially with limited resources,
it’s daunting to protect everything and we suggest that your Focus be on your operational objectives.
Now that you know what you are trying to protect, let’s dig deeper into what specifically you are protecting from.
I’d like to now Introduce the type of cyber threats and ensure everyone knows their basic definitions.
We’re delving into these at a high level. There is additional information on each on these topics in the resources in the back of your workbook.
If your questions aren’t answered by these resources, please contact me.
A Denial of Service: or (DoS) attack occurs when legitimate users are unable to access information systems, devices, or other network resources due to the actions of a malicious cyber threat actor. Services affected may include email, websites, online accounts (e.g., banking), or other services that rely on the affected computer or network. A denial-of-service is accomplished by flooding the targeted host or network with traffic until the target cannot respond or simply crashes, preventing access for legitimate users. DoS attacks can cost an organization both time and money while their resources and services are inaccessible.
A Distributed denial-of-service or (DDoS) attack occurs when multiple machines are operating together to attack one target. DDoS allows for exponentially more requests to be sent to the target, therefore increasing the attack power. It also increases the difficulty of attribution, as the true source of the attack is harder to identify.
Malware which is short for malicious software, is an umbrella term used to refer to a variety of forms of hostile or intrusive software, including computer viruses, worms, trojan horses, ransomware, spyware, adware, scareware, and other malicious programs. It can take the form of executable code, scripts, active content, and other software. Malware is often disguised as, or embedded in, non-malicious files.
Ransomware is a type of malware that blocks access to the victim’s data and threatens to publish or delete it unless a ransom is paid. While some simple computer ransomware can lock the system in a way that is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called crypto viral extortion, which encrypts the victim’s files in a way that makes them nearly impossible to recover without the decryption key.
…ransomware gets a user to open a malicious attachment or link to a compromised website.
Once a document is open or a link has been clicked, then the ransomware scans local drives for files to encrypt.
Some variants may even encrypt unmapped network drives, extending the reach of the infection and making potential damage even more widespread.
Interactivity: It is important to note that this is not an exhaustive list of cyber threats… Does anyone else know of any others?
It is also important to note that sophisticated hackers will use a combination of methods to access systems and or devices.
Legacy systems were put in place decades ago with no thought of cybersecurity.
The problem with legacy systems is that they run old and sometimes outdated versions of operating systems or application software that are no longer supported.
Such systems that interact with other network devices that are unpatched, making them vulnerable to attacks and exploits
A Brute force attack consists of an attacker submitting many passwords or passphrases and can be the 1st step in gaining access.
The attacker systematically checks all possible passwords and passphrases until the correct one is found,
usually in an automated manner perhaps by software robot devices or BOTs
Anything “password protected” is vulnerable to the brute force method
Physical Vulnerabilities which exist may involve ITS infrastructure which sits physically exposed on roadways and roadsides,
can sometimes be unlocked, making them highly accessible.
Additionally, vendor & product information may be readily available online.
Can anyone briefly share their experiences with any of these vulnerabilities?
Let’s Take it a step further, let’s look at a TMC layout and discuss potential vulnerabilities and possible attack vectors.
Within a software environment an Attack surface is the sum of the different points or vectors where an unauthorized user (the "attacker") can try to enter data to or extract data.
Keeping the attack surface as small as possible is a basic security measure.
Common attacks on a TMC network include:
Malware delivered using email or a compromised website
or walked in by a user either inadvertently or deliberately
Compromised partner networks & user credentials
Poorly configured security including external firewall, switches, or agency webpages;
The perimeter is made up of common field devices connected together over a network spread across a wide geographical area.
Interactivity: What other edge devices can you think of?
Let’s take a quick knowledge check… (INTERACTION)
Cybersecurity is the protection of information systems from theft or damage to the WHAT, the WHAT, the WHAT on them, and from disruption or misdirection of the services they provide
In addition, Cybersecurity includes controlling physical security and software security which provides protection against harm that may come from outsider threats
Let’s take a quick knowledge check… (INTERACTION)
Cybersecurity is the protection of information systems from theft or damage to the hardware, the software, the information on them, and from disruption or misdirection of the services they provide
In addition, Cybersecurity includes controlling physical security and software security which provides protection against harm that may come from outsider threats
Now that you’ve finished this lesson, you should be able to:
convey why cybersecurity is important and how it can impact transportation systems,
describe cyber threats and how they can impact your infrastructure & operations
determine what transportation devices that are vulnerable and at risk
This concludes the module 1
Interactivity: Any questions on what we just covered?