National Academies Press: OpenBook

Cybersecurity Issues and Protection Strategies for State Transportation Agency CEOs: Volume 2, Transportation Cyber Risk Guide (2023)

Chapter: Front Matter

Get This Book
Unfortunately, this book can't be printed from the OpenBook. If you need to print pages from this book, we recommend downloading it as a PDF.

Visit NAP.edu/10766 to get more information about this book, to buy it in print, or to download it as a free PDF.
Page i
Suggested Citation:"Front Matter." National Academies of Sciences, Engineering, and Medicine. 2023. Cybersecurity Issues and Protection Strategies for State Transportation Agency CEOs: Volume 2, Transportation Cyber Risk Guide. Washington, DC: The National Academies Press. doi: 10.17226/27035.
×
Save
Cancel
Page R1
Page ii
Suggested Citation:"Front Matter." National Academies of Sciences, Engineering, and Medicine. 2023. Cybersecurity Issues and Protection Strategies for State Transportation Agency CEOs: Volume 2, Transportation Cyber Risk Guide. Washington, DC: The National Academies Press. doi: 10.17226/27035.
×
Save
Cancel
Page R2
Page iii
Suggested Citation:"Front Matter." National Academies of Sciences, Engineering, and Medicine. 2023. Cybersecurity Issues and Protection Strategies for State Transportation Agency CEOs: Volume 2, Transportation Cyber Risk Guide. Washington, DC: The National Academies Press. doi: 10.17226/27035.
×
Save
Cancel
Page R3
Page iv
Suggested Citation:"Front Matter." National Academies of Sciences, Engineering, and Medicine. 2023. Cybersecurity Issues and Protection Strategies for State Transportation Agency CEOs: Volume 2, Transportation Cyber Risk Guide. Washington, DC: The National Academies Press. doi: 10.17226/27035.
×
Save
Cancel
Page R4
Page v
Suggested Citation:"Front Matter." National Academies of Sciences, Engineering, and Medicine. 2023. Cybersecurity Issues and Protection Strategies for State Transportation Agency CEOs: Volume 2, Transportation Cyber Risk Guide. Washington, DC: The National Academies Press. doi: 10.17226/27035.
×
Save
Cancel
Page R5

Below is the uncorrected machine-read text of this chapter, intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text of each book. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

N C H R P W e b - O n l y D o c u m e n t 3 5 5 : C y b e r s e c u r i t y I s s u e s a n d P r o t e c t i o n S t r a t e g i e s f o r S t a t e T r a n s p o r t a t i o n A g e n c y C E O s V o l u m e 2 : T r a n s p o r t a t i o n C y b e r R i s k G u i d e M a r i s a C . R a m o n A u s t i n T . D o d s o n J o h n P . W o l f f J o a h R . S a p p h i r e S o u t h w e s t R e s e a r c h I n s t i t u t e S a n A n t o n i o , T X G u i d e f o r N C H R P P r o j e c t 2 3 - 0 3 S u b m i t t e d F e b r u a r y 2 0 2 2 © 2 0 2 3 b y t h e N a t i o n a l A c a d e m y o f S c i e n c e s . N a t i o n a l A c a d e m i e s o f S c i e n c e s , E n g i n e e r i n g , a n d M e d i c i n e a n d t h e g r a p h i c a l l o g o a r e t r a d e m a r k s o f t h e N a t i o n a l A c a d e m y o f S c i e n c e s . A l l r i g h t s r e s e r v e d . N A T I O N A L C O O P E R A T I V E H I G H W A Y R E S E A R C H P R O G R A M S y s t e m a t i c , w e l l - d e s i g n e d , a n d i m p l e m e n t a b l e r e s e a r c h i s t h e m o s t e f f e c t i v e w a y t o s o l v e m a n y p r o b l e m s f a c i n g s t a t e d e p a r t m e n t s o f t r a n s p o r t a t i o n ( D O T s ) a d m i n i s t r a t o r s a n d e n g i n e e r s . O f t e n , h i g h w a y p r o b l e m s a r e o f l o c a l o r r e g i o n a l i n t e r e s t a n d c a n b e s t b e s t u d i e d b y s t a t e D O T s i n d i v i d u a l l y o r i n c o o p e r a t i o n w i t h t h e i r s t a t e u n i v e r s i t i e s a n d o t h e r s . H o w e v e r , t h e a c c e l e r a t i n g g r o w t h o f h i g h w a y t r a n s p o r t a t i o n r e s u l t s i n i n c r e a s i n g l y c o m p l e x p r o b l e m s o f w i d e i n t e r e s t t o h i g h w a y a u t h o r i t i e s . T h e s e p r o b l e m s a r e b e s t s t u d i e d t h r o u g h a c o o r d i n a t e d p r o g r a m o f c o o p e r a t i v e r e s e a r c h . R e c o g n i z i n g t h i s n e e d , t h e l e a d e r s h i p o f t h e A m e r i c a n A s s o c i a t i o n o f S t a t e H i g h w a y a n d T r a n s p o r t a t i o n O f f i c i a l s ( A A S H T O ) i n 1 9 6 2 i n i t i a t e d a n o b j e c t i v e n a t i o n a l h i g h w a y r e s e a r c h p r o g r a m u s i n g m o d e r n s c i e n t i f i c t e c h n i q u e s — t h e N a t i o n a l C o o p e r a t i v e H i g h w a y R e s e a r c h P r o g r a m ( N C H R P ) . N C H R P i s s u p p o r t e d o n a c o n t i n u i n g b a s i s b y f u n d s f r o m p a r t i c i p a t i n g m e m b e r s t a t e s o f A A S H T O a n d r e c e i v e s t h e f u l l c o o p e r a t i o n a n d s u p p o r t o f t h e F e d e r a l H i g h w a y A d m i n i s t r a t i o n ( F H W A ) , U n i t e d S t a t e s D e p a r t m e n t o f T r a n s p o r t a t i o n , u n d e r A g r e e m e n t N o . 6 9 3 J J 3 1 9 5 0 0 0 3 . C O P Y R I G H T I N F O R M A T I O N A u t h o r s h e r e i n a r e r e s p o n s i b l e f o r t h e a u t h e n t i c i t y o f t h e i r m a t e r i a l s a n d f o r o b t a i n i n g w r i t t e n p e r m i s s i o n s f r o m p u b l i s h e r s o r p e r s o n s w h o o w n t h e c o p y r i g h t t o a n y p r e v i o u s l y p u b l i s h e d o r c o p y r i g h t e d m a t e r i a l u s e d h e r e i n . C o o p e r a t i v e R e s e a r c h P r o g r a m s ( C R P ) g r a n t s p e r m i s s i o n t o r e p r o d u c e m a t e r i a l i n t h i s p u b l i c a t i o n f o r c l a s s r o o m a n d n o t - f o r - p r o f i t p u r p o s e s . P e r m i s s i o n i s g i v e n w i t h t h e u n d e r s t a n d i n g t h a t n o n e o f t h e m a t e r i a l w i l l b e u s e d t o i m p l y T R B , A A S H T O , F A A , F H W A , F T A , G H S A , N H T S A , o r T D C e n d o r s e m e n t o f a p a r t i c u l a r p r o d u c t , m e t h o d , o r p r a c t i c e . I t i s e x p e c t e d t h a t t h o s e r e p r o d u c i n g t h e m a t e r i a l i n t h i s d o c u m e n t f o r e d u c a t i o n a l a n d n o t - f o r - p r o f i t u s e s w i l l g i v e a p p r o p r i a t e a c k n o w l e d g m e n t o f t h e s o u r c e o f a n y r e p r i n t e d o r r e p r o d u c e d m a t e r i a l . F o r o t h e r u s e s o f t h e m a t e r i a l , r e q u e s t p e r m i s s i o n f r o m C R P . D I S C L A I M E R T h e o p i n i o n s a n d c o n c l u s i o n s e x p r e s s e d o r i m p l i e d i n t h i s r e p o r t a r e t h o s e o f t h e r e s e a r c h e r s w h o p e r f o r m e d t h e r e s e a r c h . T h e y a r e n o t n e c e s s a r i l y t h o s e o f t h e T r a n s p o r t a t i o n R e s e a r c h B o a r d ; t h e N a t i o n a l A c a d e m i e s o f S c i e n c e s , E n g i n e e r i n g , a n d M e d i c i n e ; t h e F H W A ; o r t h e p r o g r a m s p o n s o r s . T h e T r a n s p o r t a t i o n R e s e a r c h B o a r d d o e s n o t d e v e l o p , i s s u e , o r p u b l i s h s t a n d a r d s o r s p e c i f i c a t i o n s . T h e T r a n s p o r t a t i o n R e s e a r c h B o a r d m a n a g e s a p p l i e d r e s e a r c h p r o j e c t s w h i c h p r o v i d e t h e s c i e n t i f i c f o u n d a t i o n t h a t m a y b e u s e d b y T r a n s p o r t a t i o n R e s e a r c h B o a r d s p o n s o r s , i n d u s t r y a s s o c i a t i o n s , o r o t h e r o r g a n i z a t i o n s a s t h e b a s i s f o r r e v i s e d p r a c t i c e s , p r o c e d u r e s , o r s p e c i f i c a t i o n s . T h e T r a n s p o r t a t i o n R e s e a r c h B o a r d , t h e N a t i o n a l A c a d e m i e s , a n d t h e s p o n s o r s o f t h e N a t i o n a l C o o p e r a t i v e H i g h w a y R e s e a r c h P r o g r a m d o n o t e n d o r s e p r o d u c t s o r m a n u f a c t u r e r s . T r a d e o r m a n u f a c t u r e r s ’ n a m e s a p p e a r h e r e i n s o l e l y b e c a u s e t h e y a r e c o n s i d e r e d e s s e n t i a l t o t h e o b j e c t o f t h e r e p o r t . T h e i n f o r m a t i o n c o n t a i n e d i n t h i s d o c u m e n t w a s t a k e n d i r e c t l y f r o m t h e s u b m i s s i o n o f t h e a u t h o r ( s ) . T h i s m a t e r i a l h a s n o t b e e n e d i t e d b y T R B .

e National Academy of Sciences was established in 1863 by an Act of Congress, signed by President Lincoln, as a private, non- governmental institution to advise the nation on issues related to science and technology. Members are elected by their peers for outstanding contributions to research. Dr. Marcia McNutt is president. e National Academy of Engineering was established in 1964 under the charter of the National Academy of Sciences to bring the practices of engineering to advising the nation. Members are elected by their peers for extraordinary contributions to engineering. Dr. John L. Anderson is president. e National Academy of Medicine (formerly the Institute of Medicine) was established in 1970 under the charter of the National Academy of Sciences to advise the nation on medical and health issues. Members are elected by their peers for distinguished contributions to medicine and health. Dr. Victor J. Dzau is president. e three Academies work together as the National Academies of Sciences, Engineering, and Medicine to provide independent, objective analysis and advice to the nation and conduct other activities to solve complex problems and inform public policy decisions. e National Academies also encourage education and research, recognize outstanding contributions to knowledge, and increase public understanding in matters of science, engineering, and medicine. Learn more about the National Academies of Sciences, Engineering, and Medicine at www.nationalacademies.org. e Transportation Research Board is one of seven major programs of the National Academies of Sciences, Engineering, and Medicine. e mission of the Transportation Research Board is to provide leadership in transportation improvements and innovation through trusted, timely, impartial, and evidence-based information exchange, research, and advice regarding all modes of transportation. e Board’s varied activities annually engage about 8,000 engineers, scientists, and other transportation researchers and practitioners from the public and private sectors and academia, all of whom contribute their expertise in the public interest. e program is supported by state transportation departments, federal agencies including the component administrations of the U.S. Department of Transportation, and other organizations and individuals interested in the development of transportation. Learn more about the Transportation Research Board at www.TRB.org.

C O O P E R A T I V E R E S E A R C H P R O G R A M S CRP STAFF FOR NCHRP WEB-ONLY DOCUMENT 355 Christopher J. Hedges, Director, Cooperative Research Programs Waseem Dekelbab, Deputy Director, Cooperative Research Programs, and Manager, National Cooperative Highway Research Program Camille Crichton-Sumners, Senior Program Officer Mazen Alsharif, Senior Program Assistant Natalie Barnes, Director of Publications Heather DiAngelis, Associate Director of Publications Jennifer J. Weeks, Publishing Projects Manager NCHRP PROJECT 23-03 PANEL Field of Administration—Area of Agency Administration Xianding Tao, District Department of Transportation, Washington, DC (Chair) Mike G. Bousliman, Montana Department of Transportation, Helena, MT Michael Chandler, South Carolina Department of Transportation, Columbia, SC Subasish Das, Texas State University, San Antonio, TX Rodney R. DeLisle, New York State Department of Transportation, Albany, NY Karl L. Kopper, California Department of Transportation (CALTRANS), Sacramento, CA Kara A. Larsen, University of Rhode Island, Kingston, RI Cindy L. Owings-Hutchison, Maine Department of Transportation, Augusta, ME Jeffrey A. Rockower, New Jersey Department of Transportation, Trenton, NJ Joseph E. Gregory, FHWA Liaison Robert Thomas White, AASHTO Liaison

iv TABLE OF CONTENTS SUMMARY ........................................................................................................................................... 1 1. INTRODUCTION ........................................................................................................................... 2 Project Background.......................................................................................................................... 2 Project Goals .................................................................................................................................... 3 Objective .......................................................................................................................................... 3 2. GUIDE CONCEPTS......................................................................................................................... 4 CEO Functional Areas of Responsibility ........................................................................................... 4 Key OT Assets and Operational Functions ....................................................................................... 5 Integrating the Business Functions into the NIST Guidance for Cybersecurity ............................... 6 Ten Cybersecurity Transportation Agency Capabilities for Executive Leadership .......................... 7 3. TRANSPORTATION CYBER RISK GUIDE ......................................................................................... 8 Governance...................................................................................................................................... 8 Managing OT Assets....................................................................................................................... 10 Strategic Planning .......................................................................................................................... 12 Distribution of Authority................................................................................................................ 14 Investing in People......................................................................................................................... 16 Managing Operations .................................................................................................................... 18 Measuring Performance ................................................................................................................ 20 4. PROPOSED LEVELS OF CYBERSECURITY CAPABILITY ................................................................... 22 5. CONCLUSION ............................................................................................................................. 24

v LIST OF FIGURES Figure 1. Typical State Transportation Agency System Architecture ............................................................ 3 Figure 2. CPS Conceptual Model ................................................................................................................. 10 Figure 3. NIST SP 800-50 "Partially Decentralized Program Management Model ..................................... 16

Next: Summary »
Cybersecurity Issues and Protection Strategies for State Transportation Agency CEOs: Volume 2, Transportation Cyber Risk Guide Get This Book
×
Cybersecurity Issues and Protection Strategies for State Transportation Agency CEOs: Volume 2, Transportation Cyber Risk Guide
MyNAP members save 10% online.
Login or Register to save!
Download Free PDF

Chief executive leadership of transportation agencies have placed substantial emphasis on the protection of IT systems against cyber threats. Less focus has been devoted to the risks to operational technology (OT) and equipment or in protecting transportation business operations.

The TRB National Cooperative Highway Research Program's NCHRP Web-Only Document 355: Cybersecurity Issues and Protection Strategies for State Transportation Agency CEOs seeks to mitigate that imbalance, especially as physical OT assets become increasingly connected through electronic networks and managed remotely by software. Volume 2, Transportation Cyber Risk Guide consists of a high-level framework to assess cyber risk; identifies strategies for preparing for, preventing, and managing cyber incidents; and links transportation asset classification with cyber risk. Details of the research project that developed this guide are available in NCHRP Web-Only Document 355: Cybersecurity Issues and Protection Strategies for State Transportation Agency CEOs, Volume 1: Project Summary Report.

Supplemental to the document is a presentation of an overview of the research.

READ FREE ONLINE

  1. ×

    Welcome to OpenBook!

    You're looking at OpenBook, NAP.edu's online reading room since 1999. Based on feedback from you, our users, we've made some improvements that make it easier than ever to read thousands of publications on our website.

    Do you want to take a quick tour of the OpenBook's features?

    No Thanks Take a Tour »
  2. ×

    Show this book's table of contents, where you can jump to any chapter by name.

    « Back Next »
  3. ×

    ...or use these buttons to go back to the previous chapter or skip to the next one.

    « Back Next »
  4. ×

    Jump up to the previous page or down to the next one. Also, you can type in a page number and press Enter to go directly to that page in the book.

    « Back Next »
  5. ×

    To search the entire text of this book, type in your search term here and press Enter.

    « Back Next »
  6. ×

    Share a link to this book page on your preferred social network or via email.

    « Back Next »
  7. ×

    View our suggested citation for this chapter.

    « Back Next »
  8. ×

    Ready to take your reading offline? Click here to buy this book in print or download it as a free PDF, if available.

    « Back Next »
Stay Connected!