Below is the uncorrected machine-read text of this chapter, intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text of each book. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.
3 2. INTRODUCTION Th e c o m p l e t i o n o f t h i s Pr o j e c t Su m m a r y Re p o r t f u l f i l l s Ta s k 6 a s o u t l i n e d i n t h e Am p l i f i e d W o r k Pl a n . Th i s s e c t i o n i n t r o d u c e s t h e p r o j e c t , i t s b a c k g r o u n d a n d g o a l s , a n d t h e Ta s k 6 o b j e c t i v e s . Project Background Th e N CHRP 2 3 - 0 3 r e s e a r c h p r o j e c t ( t h e â p r o j e c t â ) w a s i n i t i a t e d t o ( 1 ) i d e n t i f y w h a t e x e c u t i v e s a n d s e n i o r m a n a g e r s a t s t a t e t r a n s p o r t a t i o n a g e n c i e s n e e d t o k n o w a b o u t m a n a g i n g t h e c o n f l u e n c e o f t r a n s p o r t a t i o n OT a n d IT c y b e r s e c u r i t y r i s k s , ( 2 ) c l a s s i f y t r a n s p o r t a t i o n f u n c t i o n s , s e r v i c e s , a n d a s s e t s t h a t m a y b e t a r g e t s o f c y b e r a t t a c k s a n d c y b e r i n c i d e n t s , a n d ( 3 ) d e v e l o p a n e a s y - t o - u s e g u i d e f o r s t a t e t r a n s p o r t a t i o n a g e n c y e x e c u t i v e s a n d s e n i o r m a n a g e r s t h a t w i l l h e l p a s s e s s , c l a s s i f y , a n d r e s p o n d t o t r a n s p o r t a t i o n s y s t e m s c y b e r s e c u r i t y r i s k s . St a t e t r a n s p o r t a t i o n a g e n c i e s , l i k e o t h e r c o m p l e x p u b l i c a n d p r i v a t e o r g a n i z a t i o n s , i n c r e a s i n g l y r e l y o n IT s y s t e m s a n d OT a s s e t s t o f u l f i l l t h e i r p u b l i c m i s s i o n . In a d d i t i o n t o t h e u s e o f IT f o r a d m i n i s t r a t i v e f u n c t i o n s , t h e r e a l - t i m e u s e o f t e c h n o l o g y t o o p e r a t e a n d m a n a g e t r a n s p o r t a t i o n f a c i l i t i e s a n d s e r v i c e s p r e s e n t s p a r t i c u l a r l y a c u t e c h a l l e n g e s . Re c e n t c y b e r i n c i d e n t s w i t h i n p u b l i c a g e n c i e s h a v e h i g h l i g h t e d t h e c h a l l e n g e s t r a n s p o r t a t i o n a g e n c i e s f a c e d u e t o c y b e r s e c u r i t y t h r e a t s . In p r i o r r e s e a r c h , s i g n i f i c a n t e m p h a s i s h a s b e e n g i v e n t o t h e p r o t e c t i o n o f IT s y s t e m s a g a i n s t s u c h r i s k s . Th i s p r o j e c t i s d e v o t e d t o a d d r e s s i n g t h e r i s k s t o OT a n d e q u i p m e n t a n d p r o t e c t i n g t r a n s p o r t a t i o n b u s i n e s s o p e r a t i o n s . Th e r e c o m m e n d a t i o n s d e v e l o p e d t h r o u g h t h i s p r o j e c t w i l l p r o v i d e s t a t e a g e n c y l e a d e r s h i p w i t h i n f o r m a t i o n a n d d i r e c t i o n o n c y b e r - i n c i d e n t m a n a g e m e n t t o p r e v e n t a n d r e s p o n d t o c y b e r s e c u r i t y i n c i d e n t s w h e n t h e y o c c u r a n d h o w t o r e c o v e r , a n d w i t h a p a r t i c u l a r f o c u s o n OT a n d s t a t e t r a n s p o r t a t i o n a g e n c i e s â u n i q u e c y b e r s e c u r i t y c h a l l e n g e s . Project Goals Th e o b j e c t i v e o f t h e p r o j e c t i s t o : ⢠Id e n t i f y w h a t e x e c u t i v e s a n d s e n i o r m a n a g e r s a t s t a t e t r a n s p o r t a t i o n a g e n c i e s n e e d t o k n o w a b o u t m a n a g i n g t h e c o n f l u e n c e o f t r a n s p o r t a t i o n OT a n d IT c y b e r s e c u r i t y r i s k s ⢠Cl a s s i f y t r a n s p o r t a t i o n f u n c t i o n s , s e r v i c e s , a n d a s s e t s t h a t m a y b e t a r g e t s o f c y b e r a t t a c k s a n d c y b e r i n c i d e n t s ⢠D e v e l o p a n e a s y - t o - u s e g u i d e f o r s t a t e t r a n s p o r t a t i o n a g e n c y e x e c u t i v e s a n d s e n i o r m a n a g e r s t h a t w i l l h e l p a s s e s s , c l a s s i f y , a n d r e s p o n d t o t r a n s p o r t a t i o n s y s t e m s c y b e r s e c u r i t y r i s k s Project Scope Th e t w o ( 2 ) y e a r p r o g r a m c o n s i s t e d o f t h e f o l l o w i n g s e v e n ( 7 ) t a s k s : 1 . Id e n t i f y a n d Su m m a r i z e St a t e Tr a n s p o r t a t i o n Ag e n c i e s â Cy b e r s e c u r i t y In i t i a t i v e s 2 . Co n d u c t a Re v i e w o f Re l e v a n t Cy b e r s e c u r i t y L i t e r a t u r e 3 . Id e n t i f y Tr a n s p o r t a t i o n Te c h n o l o g y a n d Cy b e r s e c u r i t y SMEs 4 . Pr e p a r e In t e r i m Re p o r t 5 . D e v e l o p a Tr a n s p o r t a t i o n Cy b e r Ri s k Gu i d e 6 . D e v e l o p D r a f t Pr o j e c t Su m m a r y Re p o r t 7 . F i n a l i z e Pr o j e c t Su m m a r y Re p o r t Ad d i t i o n a l s u m m a r i e s c o n c e r n i n g e a c h o f t h e t a s k s c a n b e f o u n d i n Se c t i o n 3 . Th e f u l l r e p o r t s o f s p e c i f i c t a s k s c a n b e f o u n d i n Ap p e n d i c e s A- C o f t h i s d o c u m e n t a n d NCHRP Web-Only Document 355: Cybersecurity Issues and Protection Strategies for State Transportation Agency CEOs, Volume 2: Transportation Cyber Risk Guide.
4 Project Schedule A h i g h - l e v e l d e l i v e r a b l e s c h e d u l e c a n b e s e e n i n Ta b l e 1 . Table 1. Project Deliverable Schedule Deliverables Estimated Completion Date Delivered Project Management Am p l i f i e d W o r k Pl a n ( AW P) 6 / 1 6 / 2 0 2 0 6 / 1 6 / 2 0 2 0 Project Technical Tasks Task 1: Identify and Summarize State Transportation Agenciesâ Cybersecurity Initiatives Te c h n i c a l Me m o r a n d u m 1 ( TM1 ) D r a f t 1 0 / 2 / 2 0 2 0 F i n a l 1 1 / 6 / 2 0 2 0 1 0 / 2 / 2 0 2 0 1 1 / 6 / 2 0 2 0 Task 2: Conduct a Review of Relevant Cybersecurity Literature Te c h n i c a l Me m o r a n d u m 2 ( TM2 ) D r a f t 1 2 / 4 / 2 0 2 0 F i n a l 1 / 1 5 / 2 0 2 1 1 2 / 4 / 2 0 2 0 1 / 1 5 / 2 0 2 1 Task 3: Identify Transportation Technology and Cybersecurity SMEs Te c h n i c a l Me m o r a n d u m 3 ( TM3 ) D r a f t 3 / 2 6 / 2 0 2 1 F i n a l 4 / 3 0 / 2 0 2 1 3 / 2 6 / 2 0 2 1 4 / 3 0 / 2 0 2 1 Task 4: Prepare Interim Report In t e r i m Re p o r t 1 ( IR1 ) D r a f t 5 / 2 1 / 2 0 2 1 F i n a l 6 / 2 5 / 2 0 2 1 5 / 2 1 / 2 0 2 1 6 / 2 5 / 2 0 2 1 Task 5: Develop a Transportation Cyber Risk Guide Te c h n i c a l Me m o r a n d u m 4 ( TM4 ) D r a f t 1 1 / 5 / 2 0 2 1 F i n a l 2 / 1 8 / 2 0 2 2 1 1 / 5 / 2 0 2 1 2 / 1 8 / 2 0 2 2 Task 6 & 7 : Develop Project Summary Report F i n a l Su m m a r y Re p o r t ( w i t h " Pr i o r i t i z e d Re c o m m e n d a t i o n s f o r F u t u r e Re s e a r c h " ) D r a f t 2 / 1 8 / 2 0 2 2 F i n a l 2 / 1 8 / 2 0 2 2 -