Analysis of the Threat of Cyberattacks to Major Transportation Control Systems in Russia
Mikhail B. Ignatyev
St. Petersburg State University of Aerospace Instrumentation
INTRODUCTION
Russia is a large and cold country for which the transportation infrastructure is of vital significance. Russia has a developed system of railroads; powerful systems for gas, oil, and electricity distribution; developed air, sea, and river transport systems; and a significant road transport system, although the latter is in need of intensive work. An intermodal shipping system1 is being created, and this requires a highly developed informational infrastructure. Every cargo shipment must be accompanied by a packet of documents, and delays in preparing these documents often lead to delays in shipping, especially when cargo is transferred from one mode of transportation to another at junctures between the sea, rail, and road transport systems.
As with the means of transportation themselves—planes, trucks, or ships—the cargo being carried may also be used for terrorist purposes. This is illustrated by the terrorist act of September 11, 2001, in New York City, as well as other incidents.2
Large computer systems are used to manage transport flows. Criminal elements use these computer systems to steal cargo in especially large volumes. They steal large freight containers and even entire trains of such freight cars, gas and oil from pipelines, ships and their cargo, and large trucks on the roads. Customs rules are violated, and large amounts of contraband are circulated. Major transport control systems have become a battlefield for criminal elements and governmental authorities. To protect information and ward off cyberattacks, all known means of protection are being utilized, but there are also special points to consider.
First, computerized transportation control systems are directly linked to specific cargoes. Information about the cargoes and their shipment routes and schedules are of interest to criminal groups and therefore requires protection.
Second, a supplemental information system is needed to track the movement of cargoes, and this is especially important during emergencies. A number of projects could be proposed in this regard, including a cybernetic container, cybernetic pipeline, robotic system for use in gas pipelines, and system for the external control of various modes of transport—planes, automobiles, and ships.
Third, to ensure that correct decisions are made in rapidly changing situations associated with the battle against terrorism, interactive modeling of emergency situations is needed on the basis of three-dimensional graphics and animation, multiagent systems, and virtual world technologies.
Fourth, a cyberspace immune system must be created based on the analogy of biological immune systems, with special cyberagents playing the role of the white cells.
Fifth, an external control system must be created in which the top level is integrated into controls at the lowest level in order to prevent emergencies.
A CYBERSPACE IMMUNE SYSTEM
Construction of a cyberspace immune system is a matter of global interest. In the first stage of the formation of cyberspace, no thought was given to information protection, while in the second stage, passive protection methods, such as steganography and cryptographic systems, began to be implemented. The third stage is now beginning, and it has become obvious that passive methods will not resolve the problem. It is necessary to look to the analogy of biological systems, which over the millennia have developed immune systems to protect against penetration by disease-causing microbes and substances.3
Among plants and animals, resistance to bacterial and viral infections on an individual and species basis is ensured by a complex and multifaceted protection system inherent in each organism. In the battle between protective forces and infectious agents, the advantage often lies with the latter, as microorganisms multiply rapidly, creating populations numbering in the many millions, including mutant forms with more aggressive properties than those present in the initial strain. To protect themselves, it is likely that at a certain evolutionary stage, vertebrates developed a system of adaptive immunity (antibody formation). This is an organism’s most powerful line of defense, particularly against repeated contacts with infectious agents. The capability or lack of capability to produce antibodies is an inherited characteristic. The genetic regulation of antibody biosynthesis has several specific features. For instance, the formation of an antibody molecule by one polypeptide chain is controlled by two different genes. One of them controls the formation of the part of the chain involved in constructing the active center, with the construction of this part being different for antibodies
having different specificities. Another gene controls the formation of the part of the chain that is constructed the same in all antibodies related to a given class of immunoglobulins. The degree of natural resistance to disease possessed by a given type of animal is determined by many factors, which in total reflect the special characteristics of both the animal and the disease pathogen.
The creation of a cyberspace immune system is possible by creating a multiagent system. Some of the agents would perform useful work in transmitting information and could be identified with responsible principles (these agents could be analogous to red blood cells). Other agents would perform active police functions, detecting and rendering them harmless (these agents would be like antibodies). A third group of agents and other information structures could be identified as alien and harmful to the operation of the information system, and they would be removed from cyberspace. To construct a cyberspace immune system, it will be necessary to look at the architecture of the Internet and other global systems.
VIRTUAL WORLDS AND CYBERTERRORISM
Current Situation
-
Society is undergoing a massive and often uncontrolled process of virtualization, resulting in virtual enterprises, work, universities, museums, economies, government, anatomy, and so forth.
-
There is no single theory of virtual worlds, but rather various and often mutually exclusive views of philosophers, cultural specialists, psychologists, sociologists, and computer specialists.
-
Hardware and software involved in the formation and support of computerized virtual worlds are developing rapidly without prior consideration of their capacities and the consequences of their use.
-
Certain features of virtual worlds, such as initiation, interactivity, presence, resonance, reflexivity, and classification as information management systems allow us to assert that the concept of protection cannot be reduced to modern methods of protecting the base technologies that form the foundation supporting virtual worlds, but rather must take their special features into account.
-
The most important characteristic of virtual worlds is their direct impact on the individual and, as a result, on society—the totality of the real world—which gives rise to the need to protect not only the infrastructure of a given object but also the life and health of the individual. Furthermore, by integrating biological and electronic elements (biocybernetic interface), the problems of protecting virtual worlds go beyond the limits of cyberterrorism and are associated with other forms of terrorism—biological, chemical, electromagnetic, radiological, and so forth.
Goals of Work
The main goal should be research and development of methods and models for forming, managing, and interacting with computer-created virtual worlds with the aim of improving the efficiency (safety, reliability) of the operations of various types of human-machine systems, including those related to transportation.
The fundamental problem involved in creating virtual worlds is the definition and formalization of mechanisms for establishing and managing these worlds as well as facilitating interactions with them in terms of sensory motor parameters and other human characteristics. This is because virtual worlds are based on a set of human sensations experienced upon entering a given virtual environment and interacting with objects in it using various characteristics—physical, psychological, physiological, and so forth—that are either similar to or substantially different from those involved in the user’s daily life and activities.
Research and development efforts are proposed in the following areas:
-
virtual worlds as a focus of protection
-
virtual worlds as a means of protection
-
virtual worlds as a means of modeling situations and training specialists in how to combat cyberterrorism
Proposed Approaches
The process of addressing these tasks and the role of virtual worlds in this process may be described as follows:
-
a class of functional tasks in the topical area
-
functionally significant states of consciousness (psychological conditions) for each task described in terms of modalities (visual, auditory, and so forth)
-
the virtual world as an integral representation of states of consciousness
-
the information management channels of virtual worlds, which perform functional tasks and support the virtual world, with dynamic distribution of sensory motor resources among the various tasks being handled at a given time
-
the integrated systems of virtual worlds, involved with receiving and transmitting (interaction), information computing (processing), and management
-
a number of unified device and software modules for the creation and support of virtual worlds
The creation of virtual worlds will make it possible to resolve certain typical management problems, for example,
-
organizing the information management field “user-application” (representation of information plus management) with the possibility of managing the
-
volume and content of information exchanged between them (response rate, periodicity, content, formats, and transmission channels)
-
recommending behavior in working with an application according to the following model: recorded stage in virtual multimedia scene corresponding to effective behavior → scene corresponding to user’s current decisions → comparison and correction of discrepancies
-
determining conditions for initiation of functionally significant state of consciousness of a given type and, on this basis, forming or predicting a person’s behavior in various situations (for example, by sending a selection of initiation conditions)
The proposed and traditional approaches are presented in Table 1.
Virtual worlds should be considered both in the broad sense of the struggle against cyberterrorism and their use for civilian purposes (dual-use technologies) and in the narrow sense of their possible use in specific topical areas, for
TABLE 1 Traditional and Virtually Based Management Systems
Traditional Management Systems |
Management Systems Based on Virtual Worlds |
Systems-oriented architecture is divided into complexes according to functional tasks. |
Open function-oriented modular architecture is divided into complexes according to typical concepts of perceptive human resources and related operations necessary to handle functional tasks, with dynamic distribution of resources among the tasks. |
Integrated processing of all incoming information and interaction of separate subsystems are driven mainly by the operator; that is, a person decides on an action to be taken after receiving and processing a variety of multiparametric information. |
Two-level management: the top level is represented by the user, who determines the basic management objectives; the second level receives the user’s command, analyzes it under specific application conditions, and selects and performs the appropriate function, taking into account available resources; that is, the user goes from coordinating system operations and categorizing information to giving the management system commands that it dynamically redistributes as it handles the command. |
As a rule, separate management systems are created for new applications. |
Virtual worlds for specific applications are formed on the basis of the tasks at hand using a number of unified standard device and software modules appropriate to the level of operations of the base virtual world. |
example, in external control of transportation systems in emergency situations, with a potential second application in the area of intermodal shipping. In the latter case, one of the main objectives would be the development of virtual reality-based models of the seizure of a plane, ship, or vehicle by terrorists.
Basic Stages of Study
-
study of internal and external mechanisms for creating and managing virtual worlds with the aim of analyzing possible points at which they could be subject to outside effects and the consequences of such effects
-
study of the role of virtual worlds in the process by which individuals carry out tasks in a particular topical area: “fragment of reality plus tasks at hand plus human action” (primarily sensory motor, cognitive, and linguistic) to determine mechanisms for protection against outside effects
-
construction of a generalized model of virtual worlds, including models of internal and external mechanisms for creation and management, basic characteristics and their management and classification, and user representations and behavior
-
construction of a model for the protection of virtual worlds that would facilitate adaptive (level of automation of interaction is determined by the user’s condition, the user’s preferred means of receiving information, limitations on technical resources, and so forth) and bilateral (with mixed initiative) interaction between the individual user and the application
-
testing of models using the example of the creation of protected systems in the fields of transportation, education, and science
-
creation of electronic means for the training of specialists in this field
EXTERNAL CONTROL OF MEANS OF TRANSPORTATION IN EMERGENCY SITUATIONS
The events of recent years show that means of transportation—planes, ships, and motor vehicles—are increasingly being used as tools in the commission of terrorist acts. Means of transportation are controlled by people, and the current security concept is based on the assumption that these people value their own lives and will therefore operate their vehicles so that they themselves will not suffer and will not find themselves in any dangerous situations. However, terrorist acts are committed by people who are prepared to sacrifice their lives for the sake of ideas, and such people are becoming increasingly common because of the growth of social inequality and the exacerbation of the world situation. This forces us to reconsider the very concept of transportation security. These conditions gave rise to the idea of external control of means of transportation. The essence of this idea is as follows: In emergencies, the control capability of the pilot, captain, or driver would be shut off (as they might be under the control of
malefactors), and external control of the vehicle would be implemented from a special center, thus preventing the vehicle from being used as a weapon.4
The technical means for instituting external control would be provided by the presence of onboard computer systems, which already perform a large volume of functions in the operation of various types of vehicles. Aviation computer systems handle complex tasks related to navigation, control, diagnostics, overall aircraft operations, communications, and so forth. Computer systems aboard ships also take care of many tasks and have made it possible to reduce crew sizes significantly. New generations of automobiles are also equipped with computer systems, which help to conserve fuel and improve safety. However, implementing external controls is a complex problem involving the resolution of many technical, psychological, and legal issues.
It should be noted that the development of means of transportation is proceeding at a rapid pace. Transportation systems do a great deal of environmental damage to the planet, many people are killed in transportation accidents, and it is becoming obvious that the entire concept of transportation development needs to be reviewed and linked to the concept of security. All means of transportation should have external control capability, which not only will make it possible to improve security but also will facilitate the resolution of problems related to traffic jams, intermodal shipping, and so forth. To resolve these problems, we need a computer model of the entire transportation space, populated with representatives of all means of transportation in the form of agents that would accurately reflect the location of each vehicle and its characteristics, destinations, and capabilities. In essence, this calls for the construction of a multiuser virtual world. This is no simple task, but in our times it is an achievable goal and can be tackled in stages, region by region, so that in the future it would grow to encompass the entire planet. With the help of this multiuser virtual world, it would be possible to test various options for resolving transportation problems and select the best ones for the current situation. As an example, we have considered the multiuser virtual transportation world of St. Petersburg, which has a multitude of problems.5
Resolution of the problem of external control of means of transportation in emergencies involves the following elements:
-
detection of an emergency situation on an aircraft
-
decision to implement external control
-
removal of control capabilities from cabin and institution of external control—a problem of onboard equipment
-
operation of dispatch center where external control commands are processed
-
placement of aircraft in multiuser virtual-world mode for flight coordination
-
landing of aircraft in external control mode
Plans call for participation in this project by the leading scientific research, design, engineering, and flight-testing organizations in the Russian aviation sector. These organizations specialize in designing, operating, and testing heavy, light, civilian, and military aircraft; onboard systems for automated and manual flight control; ground-based flight control systems; onboard and ground-based radio communications systems; and others. They have great creative potential and experience and have done much previous scientific and engineering work in aircraft design, testing, and operation; design and operation of onboard equipment and software for use aboard civilian and military aircraft; systematic development of failure-resistant and fail-safe onboard equipment, such as ergatic (man-machine) systems; development and operation of imitation and seminatural model displays; certification of aircraft, equipment, and software; and operation of flight control systems. Based on this concept, a number of technical features could be developed for the stage-by-stage implementation of the project, with the goal of the first stage being the execution of a test flight of a heavy passenger plane in external control mode. The problem must be resolved with the involvement of leading foreign firms and organizations.
CONCLUSION
The appearance of international terrorism on a broad scale represents a challenge to all mankind. Problems involving the improvement of security may be resolved only through the joint efforts of many countries.