National Academies Press: OpenBook

Guidebook on Best Practices for Airport Cybersecurity (2015)

Chapter: References

Get This Book
Unfortunately, this book can't be printed from the OpenBook. If you need to print pages from this book, we recommend downloading it as a PDF.

Visit NAP.edu/10766 to get more information about this book, to buy it in print, or to download it as a free PDF.
« Previous: Glossary, Abbreviations, Acronyms, and Symbols
Page 76
Suggested Citation:"References." National Academies of Sciences, Engineering, and Medicine. 2015. Guidebook on Best Practices for Airport Cybersecurity. Washington, DC: The National Academies Press. doi: 10.17226/22116.
×
Save
Cancel
Page 76
Page 77
Suggested Citation:"References." National Academies of Sciences, Engineering, and Medicine. 2015. Guidebook on Best Practices for Airport Cybersecurity. Washington, DC: The National Academies Press. doi: 10.17226/22116.
×
Save
Cancel
Page 77
Page 78
Suggested Citation:"References." National Academies of Sciences, Engineering, and Medicine. 2015. Guidebook on Best Practices for Airport Cybersecurity. Washington, DC: The National Academies Press. doi: 10.17226/22116.
×
Save
Cancel
Page 78
Page 79
Suggested Citation:"References." National Academies of Sciences, Engineering, and Medicine. 2015. Guidebook on Best Practices for Airport Cybersecurity. Washington, DC: The National Academies Press. doi: 10.17226/22116.
×
Save
Cancel
Page 79

Below is the uncorrected machine-read text of this chapter, intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text of each book. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

76 Airport Consultants Council 2012. Airport Information Technology & Systems (IT&S) Best Practice Guidelines for the Airport Industry. Jan. AirTight Networks 2012. “Impact of Bring Your Own Device (BYOD).” www.airtightnetworks.com. Apr. Asian Age 2014. “Airports Authority of India Conducts Security Audit After Hacking.” The Asian Age. www.asianage. com/india/airports-authority-india-conducts-security-audit-after-hacking-640. 24 Sept. Battey, J. 2014. “FAA Moving to Secure Microsoft Cloud.” Computer Sciences Corporation. www.csc.com/public_ sector/publications/91598/91642-faa_moving_to_secure_microsoft_cloud (As of Nov. 16, 2014). Bodeau, D., Boyle S., Fabius-Greene J., and Graubar R. 2010. “Cyber Security Governance.” MITRE Technical Report MTR100308. The MITRE Corporation. Sept. Butler, B. 2014. “Even the Most Secure Cloud Storage May Not Be So Secure, Study Finds.” Network World. Web. 21 Apr. Byres, E. 2012. “SCADA Security Basics: SCADA vs. ICS Terminology.” Tofino Security. www.tofinosecurity.com/ blog/scada-security-basics-scada-vs-ics-terminology. 5 Sept. Camhi, J. 2014. “State Governments & the Future of Cyber Security Regulation.” Information Week’s Bank Systems & Technology. 9 Jul. Cappelli, D. 2012. “The CERT Top 10 List for Winning the Battle Against Insider Threats.” Presented at the RSA Conference 2012, San Francisco, CA. Cappelli, D., Moore, A., and Trzeciak, R. 2012. The CERT Guide to Insider Threats. Boston: Addison-Wesley Professional. Carnegie Mellon University 2014a. “Insider Threat.” Community Emergency Response Team (CERT), Software Engineering Institute. www.cert.org/insider-threat/ (As of Nov. 21, 2014). Carnegie Mellon University 2014b. “Insider Threat Test Datasets” Software Engineering Institute. www.cert.org/ insider-threat/tools/index.cfm (As of Nov. 18, 2014). Center for Internet Security 2013. “2013 Annual Report.” East Greenbush, New York. Cheong, B. 2011. “Cyber Security at Airports.” Presented at the Airports Council International–North America Conference. Oct. Christey, S. 2011, “CWE/SANS Top 25 Most Dangerous Software Errors.” The MITRE Corporation. cwe.mitre. org/top25/ (As of Oct 30, 2014). CIRT.net 2014. Default Passwords. cirt.net/passwords (As of May 2014). Citrix 2012. “Best Practices BYOD Simple and Secure.” www.citrix.com/content/dam/citrix/en_us/documents/ oth/byod-best-practices.pdf. Sept. City of Chicago 2014. “Comprehensive Annual Financial Report for the Year Ended December 31, 2013.” 30 June. Committee on National Security Systems 2010. “National Information Assurance Glossary 2010, Instruction No. 4009.” 26 April. Corrin, A. 2013. “Budget Shows How Cyber Programs Are Spreading.” Federal Computer Week. fcw.com/articles/ 2013/04/12/budget-cybersecurity.aspx. 13 Apr. Dallas/Ft. Worth International Airport 2014. “Dallas/Ft. Worth International Airport FY 2015 Adopted Budget.” Finance Department. Texas. DarkTrace 2014. “What Darktrace Finds: Example Anomalies.” www.darktrace.com/proven-track-record/example- anomalies/ (As of Oct. 22, 2014). Depner, H. 2014. “Home Depot: Yet Another Retail Breach. PCI Compliance Just Doesn’t Cut It.” Blog post. Kaseya. http://blog.kaseya.com/blog/2014/09/03/home-depot-yet-another-retail-breach/. 3 Sept. Dugan, D., Berg, M., Dillinger, J., and Stamp, J. 2005. “Penetration Testing of Industrial Control Systems.” Sandia Report SAND2005-2846P. Sandia National Laboratories. 7 Mar. References

References 77 Energy Sector Control Systems Working Group 2014. “Cybersecurity Procurement Language for Energy Delivery Systems.” Apr. Fischer, E. 2013. “Federal Laws Relating to Cybersecurity: Overview and Discussion of Proposed Revisions.” Congressional Research Service. 20 Jun. FISMA 2013. DOT Has Made Progress but Its Systems Remain Vulnerable to Significant Security Threats. Office of Inspector General Audit Report, November 22. Francy, F. 2014. “The Aviation Information Sharing and Analysis Center.” Presented at the ICAC Conference. 15 Sept. Gartner, Inc. 2013. “Gartner Says Cloud Computing Will Become the Bulk of New IT Spend by 2016.” Press Release. 24 Oct. Gilliland, A. 2014. “Enterprise Security Products.” Presented at RSA Conference 2014. Glasser, J. and Lindauer B. 2013. “Bridging the Gap: A Pragmatic Approach to Generating Insider Threat Data.” Security and Privacy Workshops, 2013 IEEE, pp. 98–104. Institute of Electrical and Electronics Engineers. doi:10.1109/SPW.2013.37. Gopalakrishnan, K., Govindarasu, M., Jacobsonson, D., and Phares, B. 2013. “Cyber Security for Airports.” International Journal for Traffic and Transport Engineering, 3(4): pp. 365–376. Guttman, B. and Roback, E. A. 1995. An Introduction to Computer Security: The NIST Handbook. NIST Special Publication 800-12. Honorof, M. 2013a. “Why the NSA’s PRISM Program Shouldn’t Surprise You.” TechNewsDaily. www.technewsdaily. com/18291-prism-shouldnt-surprise-you.html. 7 Jun. Honorof, M. 2013b. “How to Secure Your Cloud Storage.” Tom’s Guide. www.tomsguide.com/us/howto-secure- cloud-storage,review-1799.html. 29 Jul. HSN Consultants, Inc. “The Nilson Report.” Issue 1024, Aug. IBM 2014. IBM Security Services 2014 Cyber Security Intelligence Index. Information Security Standards 2014. Summary of ISO/IEC 27002:2013. IsecT Ltd. www.iso27001security.com/ html/27002.html (As of Oct. 23, 2014). Infosecurity Magazine 2008. “Cyber Security Lacking at Airports.” www.infosecuritymagazine.com/news/cyber- security-lacking-at-airports/. 7 Mar. Infrastructure Security and Energy Restoration Committee 2007. “21 Steps to Improve Cyber Security of SCADA Networks.” U.S. Department of Energy. 1 Jan. Jansen, W. and Grance, T. 2011. Guidelines on Security and Privacy in Public Cloud Computing. Draft NIST Special Publication 800-144. Dec. Janssen, C. 2014. “IT Infrastructure.” Technopedia. www.techopedia.com/definition/29199/it-infrastructure. 21 Nov. Joint Task Force Transformation Initiative 2012. Security and Privacy Controls for Federal Information Systems and Organizations. NIST Special Publication 800-53 Revision 4. Feb. Kaiser, L. 2012. “2013–2023 Transportation Industrial Control Systems Cybersecurity Standards Strategy.” U.S. Department of Homeland Security. Karol, G. 2013. “5 Steps to Recovery After Your Business Has Been Hacked.” FOXBusiness. smallbusiness.foxbusiness. com/technology-web/2013/02/19/5-steps-to-recovery-afteryour-business-has-been-hacked/. 19 Feb. Khalaf, S. 2014. “Mobile Use Grows 115% in 2013, Propelled by Messaging Apps.” Flurry from Yahoo. blog.flurry. com/default.aspx?Tag=Apps. 13 Jan. Kimery, A. 2014. “Tunisian Hackers Announce Cyber Jihad Against U.S. Banks, Airport Computer Systems.” www.hstoday.us. 4 Jul. Klein, A. 2012. “Man-in-the-Browser: Citadel Trojan Targets Airport Employees with VPN Attack.” Blog post. Trusteer. 14 Aug. Kumar, A. 2012. “Airport VPN Hacked Using Citadel Malware.” The Hacker News. Web. 16 Aug. Kumar, M. 2011. “Catania airport website hacked, Moroccan Suspected!” The Hacker News. Web. Lofgren, A. 2013. “Practicing Safe BYOD: Is Your Data at Risk?” All Things D. Dow Jones & Company Inc. allthingsd.com/20130827/practicing-safe-byod-is-your-data-at-risk/. 27 Aug. Marfatia, M. 2014. “How Legacy Code Is Exposing Business and Government Systems.” Security Info Watch. www.securityinfowatch.com/article/11386786/advanced-persistent-threats-plagueapplications-that-were- written-decades-ago-in-deadprogramming-languages. 8 Apr. Marks, J. 2013. “FAA Considers Putting NextGen Weather System in the Cloud.” Nextgov. www.nextgov.com/ cloud-computing/2013/02/faa-considers-putting-nextgen-weather-system-cloud/61319/. 14 Feb. McAfee 2014. “McAfee Labs Threats Report.” www.mcafee.com/us/resources/reports/rp-quarterly-threat- q4-2013.pdf (As of Nov. 15. 2014). McGraw, G. 2006. Software Security: Building Security In. Upper Saddle River, NJ: Addison-Wesley Professional. Mercedes, K. and Winograd, T. 2008. “Enhancing the Development Life Cycle to Produce Secure Software.” Data & Analysis Center for Software. Oct.

78 Guidebook on Best Practices for Airport Cybersecurity Merriam-Webster Dictionary 2014. Encyclopedia Britannica. Inc. www.merriam-webster.com/. Minneapolis–St. Paul Metropolitan Airports Commission 2014. “Operating Budget.” Minnesota. MITRE Corporation 2014a. “Software Assurance, Making Security Measurable.” measurablesecurity.mitre.org/ directory/areas/softwareassurance.html (As of Oct.30, 2014). MITRE Corporation 2014b. CAPEC-1000: Mechanism of Attack, Common Attack Pattern Enumeration and Classification. 7 Nov. capec.mitre.org (Last Viewed May 5, 2015). MS-ISAC 2014. MS-ISAC Membership Overview. National Initiative for Cybersecurity Education (NICE) 2014. National Cybersecurity Workforce Framework, Version 1.0, May 2014. National Institute of Standards and Technology. niccs.us-cert.gov/training/national- cybersecurity-workforce-framework. NIST 2012. Guide for Conducting Risk Assessments. NIST Special Publication 800-30 Revision 1. Sept. NIST 2014. “Framework for Improving Critical Infrastructure Cybersecurity” Version 1, 14 Feb. Orlando Aviation Authority 2014. “Orlando International Airport and Orlando Executive Airport Budget Fiscal Year 2014–2015.” City of Orlando, Florida. Paganini, P. 2013. “Istanbul Ataturk International Airport Targeted by a Cyber Attack.” Securityaffairs.co. 28 Jul. Palmer, D. 2013. “Education Helps Miami International Airport Reduce Threat of 20,000 Cyber Attacks a Day.” Computing. www.computing.co.uk/ctg/news/2276385/education-helps-miami-international-airportreduce- threat-of-20-000-cyber-attacks-a-day. 20 Jun. PCI Security Standards Council 2013. Payment Card Industry (PCI) Data Security Standard: Requirements and Security Assessment Procedures. Version 3.0. Nov. Peters, G. and Woosley, T. 2009. “The New Sustainable Airport Manual.” Presented at Airports Going Green Conference 2009. Phifer, L. 2013. “BYOD Security Strategies: Balancing BYOD Risks and Rewards.” TechTarget SearchSecurity. n.p. searchsecurity.techtarget.com/feature/BYOD-security-strategies-Balancing-BYOD-risksand-rewards. Jan. Phneah, E. 2013. “BYOD and the Consumerization of IT: Five Security Risks of Moving Data in BYOD Era.” ZDnet. www.zdnet.com/five-securityrisks-of-moving-data-in-byod-era-7000010665/. 4 Feb. Port Authority of New York & New Jersey no date. National Alliance to Advance NextGen. www.panynj.gov/ airports/nextgen.html (As of Nov. 11, 2014). Purnell, J., Hough, R., White, R., Gonzalez, S., Haley, F., Hyde, M., Willis, J., de Grandis, G., and Walfish, J. 2012. ACRP Report 59: Information Technology Systems at Airports—A Primer, Washington, DC: Transportation Research Board. Rainie, L., Anderson, J., and Connolly, J. 2014. “Cyber Attacks Likely to Increase.” Pew Research Internet Project. Pew Research Center. www.pewinternet.org/2014/10/29/cyber-attacks-likely-to-increase/. 29 Oct. Ranasinghe, D. 2014. “Technology the Backbone of World’s Best Airport” TechEdge, A CNBC Special Report. www.cnbc.com/id/101521255#. 30 Mar. Razo, J. R. 2012. “Overview of Best Practices for Protecting Sensitive Information.” Presented at Dartmouth College’s Securing the eCampus 2012 Conference, July 17. www.ists.dartmouth.edu/docs/ecampus/2012/ 2012ecampus_razo.pdf. Rios, B. 2014. “Pulling the Curtain on Airport Security.” Presented at the BlackHat 2014 Conference. Roadmap to Secure Control Systems in the Transportation Sector Working Group 2012. “Roadmap to Secure Control Systems in the Transportation Sector.” Control Systems Security Program, National Cybersecurity Division, U.S. Department of Homeland Security. Aug. Rouse, M. 2011. “Endpoint Security.” TechTarget. Web. Jun. Sawyer, R. 2007. The Seven Military Classics of Ancient China. New York: Basic Books. Selvan, S. 2013. “Dubai International Hacked by Portugal Cyber Army.” E Hacking News. Web. 19 Apr. 2013. Silowash, G., Cappelli, D., Moore, A. P., Trzeciak, R. F., Shimeall, T. J., and Flynn, L. 2012. Common Sense Guide to Mitigating Insider Threats, 4th Edition. Software Engineering Institute, December. Software Assurance Marketplace 2014. Currently Available Open Source Assurance Tools. Morgridge Institute for Research. continuousassurance.org/solutions/tool-selection/ (As of Oct. 30, 2014). Souppaya, M. and Scarfone, K. 2013. Guidelines for Managing the Security of Mobile Devices in the Enterprise. NIST Special Publication 800-124 Revision 1. Stapleton, T. 2014. “Human Error: The Biggest Cyber Security Threat?” Strategic Risk. n.p. www.strategic-riskglobal. com/human-error-the-biggest-cyber-securitythreat/1410557.article. 30 Oct. Stotts, R. and Lippenholz, S. 2014. “Cyber Hunting: Proactively Track Anomalies to Inform Risk Decisions.” Booz Allen Hamilton. www.boozallen.com/insights/2013/03/cyber-hunting-proactively-track-anomalies- to-inform-risk-decisions (As of Oct. 22, 2014). Stouffer, K., Falco, J., and Scarfone, K. 2013. Guide to Industrial Control Systems Security. NIST Special Publication 800-82, Revision 1. May.

References 79 Strahler, S. 2014. “A New Job Title for 2014: CISO.” Crain’s Chicago Business. www.chicagobusiness.com/article/ 20140913/ISSUE02/309139997/a-new-job-title-for-2014-ciso. 15 Sept. Sullivan, A. 2013. “Obama Budget Makes Cybersecurity a Growing U.S. Priority.” Reuters. 10 Apr. Transportation Security Administration 2014. Security Technologies. www.tsa.gov/about-tsa/security-technologies (As of October 30, 2014). U.S. Department of Energy 2008. “Common Cyber Security Vulnerabilities Observed in Control System Assessments by the INL NSTB Program.” Office of Electricity Delivery and Energy Reliability. Nov. U.S. Department of Energy 2014. “National SCADA Test Bed Fact Sheet, Office of Electricity Delivery and Energy Reliability.” energy.gov/sites/prod/files/oeprod/DocumentsandMedia/NSTB_Fact_Sheet_FINAL_09-16-09. pdf (Last Viewed Nov. 21, 2014). U.S. Department of Homeland Security 2009. “Cyber Security Procurement Language for Control Systems.” Control Systems Security Program, National Cyber Security Division. Sept. U.S. Department of Homeland Security 2010. “Cyber Security Assessments of Industrial Control Systems.” ics-cert. uscert.gov/sites/default/files/documents/Cyber_Security_Assessments_of_Industrial_Control_Systems.pdf. Nov. U.S. Department of Homeland Security 2012. “Federal Continuity Directive 1.” Oct. Verizon 2012. Verizon Enterprise Risk and Incident Sharing Metrics Framework. White paper. Verizon 2014. “Verizon 2014 PCI Compliance Report.” www.verizonenterprise.com/pcireport/2014/ (As of June 16, 2014). Vijay 2014. “Airports Authority of India (AAI) Hacked, Critical Data Compromised.” TechWorm. www.techworm. net/2014/09/airports-authority-of-india-hacked.html. 24 Sept. White House 2009. “Cyberspace Policy Review.” www.whitehouse.gov/assets/documents/Cyberspace_Policy_ Review_final.pdf Wi-Fi Alliance 2015. Discover Wi-Fi: Security. http://www.wi-fi.org/discover-wi-fi/security (Last Viewed May 5, 2015).

Next: Appendix A - Categorized List of Cybersecurity Threats »
Guidebook on Best Practices for Airport Cybersecurity Get This Book
×
Guidebook on Best Practices for Airport Cybersecurity
MyNAP members save 10% online.
Login or Register to save!
Download Free PDF

TRB’s Airport Cooperative Research Program (ACRP) Report 140: Guidebook on Best Practices for Airport Cybersecurity provides information designed to help reduce or mitigate inherent risks of cyberattacks on technology-based systems.

Traditional IT infrastructure such as servers, desktops, and network devices are covered along with increasingly sophisticated and interconnected industrial control systems, such as baggage handling, temperature control, and airfield lighting systems.

The guidebook also includes a CD-ROM of multimedia material that may be used to educate all staff at airports about the need, and how, to be diligent against cybersecurity threats.

The CD-ROM is also available for download from TRB’s website as an ISO image. Links to the ISO image and instructions for burning a CD-ROM from an ISO image are provided below.

Help on Burning an .ISO CD-ROM Image

Download the .ISO CD-ROM Image

(Warning: This is a large file and may take some time to download using a high-speed connection.)

CD-ROM Disclaimer - This software is offered as is, without warranty or promise of support of any kind either expressed or implied. Under no circumstance will the National Academy of Sciences or the Transportation Research Board (collectively "TRB") be liable for any loss or damage caused by the installation or operation of this product. TRB makes no representation or warranty of any kind, expressed or implied, in fact or in law, including without limitation, the warranty of merchantability or the warranty of fitness for a particular purpose, and shall not in any case be liable for any consequential or special damages.

READ FREE ONLINE

  1. ×

    Welcome to OpenBook!

    You're looking at OpenBook, NAP.edu's online reading room since 1999. Based on feedback from you, our users, we've made some improvements that make it easier than ever to read thousands of publications on our website.

    Do you want to take a quick tour of the OpenBook's features?

    No Thanks Take a Tour »
  2. ×

    Show this book's table of contents, where you can jump to any chapter by name.

    « Back Next »
  3. ×

    ...or use these buttons to go back to the previous chapter or skip to the next one.

    « Back Next »
  4. ×

    Jump up to the previous page or down to the next one. Also, you can type in a page number and press Enter to go directly to that page in the book.

    « Back Next »
  5. ×

    To search the entire text of this book, type in your search term here and press Enter.

    « Back Next »
  6. ×

    Share a link to this book page on your preferred social network or via email.

    « Back Next »
  7. ×

    View our suggested citation for this chapter.

    « Back Next »
  8. ×

    Ready to take your reading offline? Click here to buy this book in print or download it as a free PDF, if available.

    « Back Next »
Stay Connected!