Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Why Cyber Security is Important to the Transportation Ecosystem NHI IDC Ray Murphy 10-25-19
1. WHY CYBERSECURITY
IS IMPORTANT TO THE
TRANSPORTATION
ECOSYSTEM
NHI INSTRUCTOR DEVELOPMENT COURSE
Ray Murphy
ITS Specialist, USDOT/FHWA
ray.murphy@dot.gov
2. Introduction
NHI Instructor Development Course
INTRODUCTIONS
1
Instructor:
Ray Murphy
ITS Specialist, USDOT/FHWA
Over 2 decades as a State DOT Electrical Engineer
Transportation Cyber Security
Connected and Automated Vehicle technologies
3. Introduction
NHI Instructor Development Course
ENGAGE IN YOUR LEARNING…
WHAT’S IN IT FOR ME?
• Your familiarity with the Cyber Security?
• Your thoughts on transportation Cyber Security?
2
4. Introduction
NHI Instructor Development Course
WHAT’S IN IT FOR ME?
Transportation Cyber Security is important to you,
because:
• As infrastructure operators & owners, you are
entrusted in protecting the information systems
including software and hardware investments
which operate & manage the transportation
network.
3
7. Introduction
NHI Instructor Development Course
PROTECTION OF THE
TRANSPORTATION ECOSYSTEM
6
Photo source: US DOT ITS JPO PCB
Why should you
care about
protecting
transportation
infrastructure?
8. Introduction
NHI Instructor Development Course
PROTECTION OF THE
TRANSPORTATION ECOSYSTEM
7
• Advanced Computing
• Sensing and
• Communication
Technologies
• System Security & Protection
• Design, Operations & Maintenance Responsibilities.
Photo source: US DOT ITS JPO PCB
10. WhyisCybersecurityImportantandhowdoesitimpacttheTransportationEcosystem?
NHI Instructor Development Course
WHAT ARE WE TRYING TO PROTECT
AND WHY?
Transportation Management Systems have
at least Four operational objectives:
• The primary focus of cybersecurity protection should be on
the most critical; your operational objectives
9
1. Safety
2. Mobility
3. Environment
4. Communication
Operational Objectives
12. WhyisCybersecurityImportantandhowdoesitimpacttheTransportationEcosystem?
NHI Instructor Development Course
VULNERABILITIES TO
TRANSPORTATION OPERATIONS
11
• Can interact with other network devices
• Has vulnerability due to lack of patching
Legacy
Systems
• 1st step in gaining access
• Combined to deliver malware / ransomware
Brute Force
• Unlocked/Exposed ITS infrastructure
• Readily available Vendor & detailed
product information
Physical
Vulnerabilities
13. NHI Instructor Development Course
TRAFFIC MANAGEMENT SYSTEMS
12
Potential Vulnerabilities:
Attack surface =
the sum of the
different points
or vectors where
an "attacker"
can try to enter
or extract data.
• Malware
• Compromised
networks &
credentials
• Poorly
configured
security
Photo source: US DOT ITS JPO PCB
14. WhyisCybersecurityImportantandhowdoesitimpacttheTransportationEcosystem?
NHI Instructor Development Course
KNOWLEDGE CHECK - CYBERSECURITY
Cybersecurity is the protection of information systems
from theft or damage to the 1)________, the
2)________, the 3)_________on them, and from
disruption or misdirection of the services they provide.
a)virus
b)hardware
c) information
d)software
e) ransomware
13
16. WhyisCybersecurityImportantandhowdoesitimpacttheTransportationEcosystem?
NHI Instructor Development Course
TMC NETWORK COMMON ATTACKS
Common attacks on a TMC network may include:
• Malware delivered using email or a compromised
1)__________or 2)_____________either inadvertently
or deliberately.
• Compromised partner 3)_______ & user 4)________.
a)firewall
b)Website
c) networks
d)switch
15
e) software
f) walked in
g) credentials
18. WhyisCybersecurityImportantandhowdoesitimpacttheTransportationEcosystem?
NHI Instructor Development Course
LEARNING OBJECTIVES REVIEW
17
You should now be able to:
• Defend why cybersecurity is important and how it
impacts the transportation system
• Explain cyber threats and how they can impact an
agency’s infrastructure and operations
• Identify devices that could be vulnerabilities or
weaknesses in your own systems
1.
2.
3.
Good day & Welcome to Why Cyber Security is important and to Transportation Systems
I am Ray Murphy and will be serving as your instructor today.
I am an Intelligent Transportation Systems Specialist with the Federal Highway Administration under the US Department of Transportation
My formal training is as an Electrical Engineer and I support
Transportation Cyber Security, Connected & Automated Vehicle technologies
Think about why you are here today and what’s in it for you”?
((If the group is large or time is a concern, I’ll poll the audience by asking them to raise hands or shout out answers to the questions on the screen. ))
Interactivity: I’d like everyone to introduce themselves and touch on these questions
What is your familiarity with Cyber Security?
Why do you think cybersecurity is important for transportation systems?
We can Create a “parking lot” using the whiteboard or Post-its to Document any questions that you want addressed throughout the session.
We’ll entertain any questions that may not be within the scope for today’s workshop and follow up on these after the workshop.
The reasons for why transportation cyber security is important to you is because:
As infrastructure operators & owners, you are entrusted in protecting
the information systems including software and hardware investments which manage the transportation network.
Upon completion of Module 1, participants will be able to:
1st Articulate why cybersecurity is important and how it impacts the transportation system
Secondly, Describe cyber threats and how they can impact an agency’s infrastructure and operations
And the 3rd – be able to Recognize devices that could be vulnerabilities or weaknesses in your own systems
Let’s Set the stage for the course with a common definition of cyber security
Cybersecurity, broadly speaking,
is the protection of information systems from theft or damage to the hardware, the software,
and to the information on them,
as well as from disruption or misdirection from the services they provide
It includes
controlling physical security and software security providing protection against harm
that may come from outsider threat via network access,
or insider threat by operators, whether intentional, or accidental
deviating from secure procedures.
Let’s transition from a national level of critical infrastructure
to why you should care about this
as transportation infrastructure owners & operators
As you all may know, the transportation sector is changing.
The use of advanced computing, sensing, and communication technologies
support transportation systems in meeting the increasing operational challenges on our national highway transportation network.
As various technologies are being increasingly deployed,
infrastructure owners/operators should include system security and protection in their design, operations and maintenance responsibilities.
Ask yourself – what are we trying to protect and why?
In general, most transportation management systems touch on the following 4 operational objectives:
Safety is always fundamental.
Mobility is typically a major concern. It will surely benefit from improved connectivity…
through improved situational awareness & coordination between vehicles & management systems.
The Environment will benefit from less congestion resulting in less fuel consumption.
Public communication is essential tool for managing your message to the public.
The point is, as transportation owners and operators, especially with limited resources,
it’s daunting to protect everything and we suggest that your focus be on these operational objectives.
Ask yourself – what are we trying to protect and why?
In general, most transportation management systems touch on the following 4 operational objectives:
Safety is always fundamental.
Mobility is typically a major concern. It will surely benefit from improved connectivity…
through improved situational awareness & coordination between vehicles & management systems.
The Environment will benefit from less congestion resulting in less fuel consumption.
Public communication is essential tool for managing your message to the public.
The point is, as transportation owners and operators, especially with limited resources,
it’s daunting to protect everything and we suggest that your focus be on these operational objectives.
Now that you know what you are trying to protect, let’s dig deeper into what specifically you are protecting from. I’d like to now Introduce several example type of cyber threats and their basic definitions.
We’re delving into these at a high level. There is additional information on each on these topics in Module 5 and in the back of your workbook. If your questions aren’t answered by these resources, please contact me.
A Denial of Service: or (DoS) attack occurs when legitimate users are unable to access information systems, devices, or other network resources due to the actions of a malicious cyber threat actor.
A DoS is accomplished by flooding the targeted host or network until the target cannot respond or simply crashes, preventing access for legitimate users.
A Distributed denial-of-service or (DDoS) attack occurs when multiple machines are operating together to attack one target.
Malware which is short for malicious software, is an umbrella term used to refer to a variety of forms of hostile or intrusive software,
including computer viruses, worms, trojan horses, ransomware, spyware, adware, scareware, and other malicious programs.
Malware is often disguised as, or embedded in, non-malicious files.
Ransomware is a type of malware that blocks access to the victim’s data and threatens to publish or delete it unless a ransom is paid.
It can encrypt the victim’s files in a way that makes them nearly impossible to recover without the decryption key.
Interactivity: It is important to note that this is not an exhaustive list of cyber threats… Does anyone else know of any others?
It is also important to note that sophisticated hackers will use a combination of methods to access systems and or devices.
Legacy systems were put in place decades ago with no thought of cybersecurity.
The problem with legacy systems is that they run old and sometimes outdated versions of operating systems or application software that are no longer supported.
Such systems that interact with other network devices that are unpatched, making them vulnerable to attacks and exploits
A Brute force attack consists of an attacker submitting many passwords and can be the 1st step in gaining access.
The attacker systematically checks all possible passwords and passphrases until the correct one is found,
usually in an automated manner perhaps by software robot devices or BOTs… Anything “password protected” is vulnerable to the brute force method
Physical Vulnerabilities which exist may involves exposed, unlocked ITS infrastructure making them highly accessible. Additionally, vendor & product information may be readily available online. Can anyone briefly share their experiences with any of these vulnerabilities?
Let’s Take it a step further, let’s look at a TMC layout and discuss potential vulnerabilities and possible attack vectors.
Within a software environment an Attack surface is the sum of the different points or vectors
where an unauthorized user (the "attacker") can try to enter data to or extract data.
Keeping the attack surface as small as possible is a basic security measure.
Common attacks on a TMC network include:
Malware delivered using email or a compromised website or walked in by a user either inadvertently or deliberately
Compromised partner networks & user credentials
Poorly configured security including external firewall, switches, or agency webpages;
The perimeter is made up of common field devices connected together over a network. Interactivity: What other edge devices can you think of?
Let’s take a quick knowledge check… (INTERACTION)
Cybersecurity is the protection of information systems from theft or damage to the WHAT, the WHAT, the WHAT on them, and from disruption or misdirection of the services they provide
In addition, Cybersecurity includes controlling physical security and software security which provides protection against harm that may come from outsider threats
Let’s take a quick knowledge check… (INTERACTION)
Cybersecurity is the protection of information systems from theft or damage to the hardware, the software, the information on them, and from disruption or misdirection of the services they provide
In addition, Cybersecurity includes controlling physical security and software security which provides protection against harm that may come from outsider threats
Let’s take a quick knowledge check… (INTERACTION)
Cybersecurity is the protection of information systems from theft or damage to the WHAT, the WHAT, the WHAT on them, and from disruption or misdirection of the services they provide
In addition, Cybersecurity includes controlling physical security and software security which provides protection against harm that may come from outsider threats
Let’s take a quick knowledge check… (INTERACTION)
Cybersecurity is the protection of information systems from theft or damage to the WHAT, the WHAT, the WHAT on them, and from disruption or misdirection of the services they provide
In addition, Cybersecurity includes controlling physical security and software security which provides protection against harm that may come from outsider threats
Now that you’ve finished this lesson, you should be able to:
convey why cybersecurity is important and how it can impact transportation systems,
describe cyber threats and how they can impact your infrastructure & operations
determine what transportation devices that are vulnerable and at risk
This concludes the module 1
Interactivity: Any questions on what we just covered?
I am Ray Murphy and will be serving as your instructor today.
I am an Intelligent Transportation Systems Specialist with the Federal Highway Administration under the US Department of Transportation
My formal training is as an Electrical Engineer and I support
Transportation Cyber Security, Connected & Automated Vehicle technologies