Protection of Transportation Infrastructure from Cyber Attacks: A Primer (2016) / Chapter Skim
Currently Skimming:
Pages 127-170
The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.
From page 127... ...
127 Appendices Appendix A References and Sources Appendix B Acronyms Appendix C Glossary
|
From page 128... ...
A - 1 References and Sources Contents General Cybersecurity ................................................................................................................. 1 Cybersecurity and Transportation ...............................................................................................
|
From page 129... ...
A - 2 Minimum Security Requirements for Federal Information and Information Systems, Federal Information Processing Standards (FIPS) Publication 200, March 2006 "Thirteen Principles to Ensure Enterprise System Security", G
|
From page 130... ...
A - 3 System Assurance, Operations and Reactive Defense for Next Generation Vehicles, Intelligent Highway Infrastructure, and Road User Services, S
|
From page 131... ...
A - 4 Assessing the Security and Survivability of Transportation Control Networks, P Oman, National Institute for Advanced Transportation Technology, 2005 Connected Vehicle Research Program Presentation, Sheehan, Robert, ITSJPO, USDOT Transportation Research Board Special Report 274: Cybersecurity of Freight Information Systems: A Scoping Study, Transportation Research Board, 2003 "The Roadmap to Secure Control Systems in Transportation", National Transportation Systems Center VOLPE, Presentation made at TRB Cyber Subcommittee Teleconference, October 2012 Cyber-Physical Systems.
|
From page 132... ...
A - 5 Security for Critical Infrastructure SCADA Systems, A Hildick-Smith, SANS Institute, 2005 "Understanding the Physical and Economic Consequences of Attacks Against Control Systems", Y.Huang, A
|
From page 133... ...
A - 6 "Cyberthreats, Vulnerabilities and Attacks on SCADA", R Tang, UC Berkeley, 2009 "Protecting Critical Infrastructure: SCADA Network Security Monitoring", Tenable Network security whitepaper, August 1, 2008 Industrial Network Security, 2nd Edition, Teumim, David J., International Society of Automation, 2010 Protecting Industrial Control Systems from Electronic Threats, Weiss, J., Momentum Press, 2010 Transportation System Vulnerabilities American Public Transportation Association, Recommended Practice: Securing Control and Communications Systems in Rail Transit Environment, Part 1: Elements, Organization and Risk Assessment/Management, July 2010.
|
From page 134... ...
A - 7 HP Tippingpoint Hacktivist Survival Guide: Simplifying the Complex, Hewlett-Packard, 2013 Security for Critical Infrastructure SCADA Systems, A Hildick-Smith, SANS Institute, 2005 "Understanding the Physical and Economic Consequences of Attacks Against Control Systems", Y.Huang, A
|
From page 135... ...
A - 8 "SCADA System Vulnerabilities to Field-Based Cyber Attacks", W
|
From page 136... ...
A - 9 Ponemon Institute Report 2014 Symantec Internet Security Threat Report: 2011, 2012 Trends Verizon 2012 and 2013 Data Breach Investigations Reports UK 2013 Information Security Breaches Survey, Price Waterhouse, 2013 Risk Assessment and Management Security for Industrial Automation and Control Systems: Establishing an Industrial Automation and Control Systems Security Program, ANSI/ISA-62443-2-1 (99.02.01) , 2009 American Public Transportation Association, Cybersecurity Considerations for Public Transportation, 2014 American Public Transportation Association, Recommended Practice: Securing Control and Communications Systems in Rail Transit Environment, Part 1: Elements, Organization and Risk Assessment/Management, July 2010.
|
From page 137... ...
A - 10 NERC CIP-002-3 Critical Cyber Asset Identification NIST Special Publication 800-100, Information Security Handbook: A Guide for Managers NIST Special Publication 800-30 Risk Management Guide for Information Technology Systems, Revision 1, 2012 NIST Special Publication 800-39 Managing Information Security Risk Framework for Improving Critical Infrastructure Cybersecurity, Version 1.0, National Institute of Standards and Technology, 2014 Guide to Developing a Cyber Security and Risk Mitigation Plan, National Rural Electric Cooperative Association, 2011 Leveraging Behavioral Science to Mitigate Cyber Security Risk, Shari Lawrence Pfleeger and Deanna D Caputo, MITRE, 2012 Developing a Security-Awareness Culture –Improving Security Decision Making, SANS Institute, 2005 Control Systems Security Program, Sawin, D., Volpe Program Manager , Powerpoint Presentation given at DHS CSSP ICSJWG Conference, Seattle, Oct.
|
From page 138... ...
A - 11 what can be done to improve existing security as well as how to develop a new security practice. Eight principles and fourteen practices are described within this document.
|
From page 139... ...
A - 12 Enterprise Information Security and Privacy, J
|
From page 140... ...
A - 13 Training Recommended Practice on Security Awareness Training for Transit Employees, APTA, 2012 A Role-Based Model for Federal Information Technology/Cybersecurity Training, NIST SP 80016, Revision 1 (Third Draft) October, 2014 Building an Information Technology Security Awareness and Training Program, NIST SP80050, October, 2003 2014 Cybersecurity Framework, Version 1.0, NIST, 2014 Information Security Training Requirements: A Role- and Performance-Based Model, NIST SP800-16 Revision 1, 1998 National Rural Electric Cooperative Association, Guide to Developing a Cybersecurity and Risk Mitigation Plan, 2011 NCHRP Report 685 Strategies to Attract and Retain a Capable Transportation Workforce, Transportation Research Board, 2011 NCHRP Report 693 Attracting, Recruiting and Retaining a Skilled Staff for Transportation Systems Operations and Management, Transportation Research Board, 2012 TCRP Report 162 Building a Sustainable Workforce in the Public Transportation Industry – A Systems Approach, Transportation Research Board, 2013 NCHRP Report 793, Incorporating Transportation Security Awareness into Routine State DOT Operations and Training , Transportation Research Board, 2014 NCHRP Synthesis Report 468 on Interactive Training for All-Hazards Emergency Planning, Preparation, and Response for Maintenance & Operations Field Personnel, Transportation Research Board, 2015 Transportation Roadmap, DHS, August, 2012 NIST SP 800-16 (1998)
|
From page 141... ...
A - 14 Knowledge and Skills Catalog and Appendix C presents the roles matrix using generic roles and titles. Standards and Recommended Practices NIST The National Institutes of Standards and Technology (NIST)
|
From page 142... ...
A - 15 control systems (ICS) , threats and vulnerabilities, risk factors, incident scenarios, security program development.
|
From page 143... ...
A - 16 NERC CIP North American Electric Reliability Council (NERC) , have developed Critical Infrastructure Protection (CIP)
|
From page 144... ...
A - 17 US CERT A more in-depth description of typical ICSs and their vulnerabilities and currently available general security enhancements can be found on the United States Computer Emergency Readiness Team (USCERT) Control System website at the following URL: http://www.uscert.gov/control_systems/csvuls.html, and in the National Institute of Standards and Technology (NIST)
|
From page 145... ...
A - 18 Wireless Communications Wireless communications and wireless security standards include the following: IEEE 802.15.4 building automation and control systems IEEE 802.11 WLAN or Wi-Fi IEEE 802.16 WiMax for long-distance broadband Bluetooth, proprietary 900 MHz or 2.4 GHz (license-free spread spectrum) , fixedfrequency radios (100 to 800 MHz, typically licensed)
|
From page 146... ...
B - 19 Acronyms NIST Interagency Report 7581 System And Network Security Acronyms and Abbreviations, September 2009, contains a list of acronyms and abbreviations with their generally accepted or preferred definitions. ACL Access Control List ARP Address Resolution Protocol AASHTO American Association of State Highway and Transportation Officials BCP Business Continuity Plan CIP Critical Infrastructure Protection CMVP Cryptographic Module Validation Program COTS Commercial Off-the-Shelf CPNI Centre for the Protection of National Infrastructure CPU Central Processing Unit CSE Communications Security Establishment CSRC Computer Security Resource Center CSSC Control System Security Center CVE Common Vulnerabilities and Exposures DCOM Distributed Component Object Model DCS Distributed Control System(s)
|
From page 147... ...
B - 20 IAONA Industrial Automation Open Networking Association ICCP Inter-control Center Communications Protocol ICMP Internet Control Message Protocol ICS Industrial Control System(s) ICS-CERT Industrial Control Systems - Cyber Emergency Response Team IDS Intrusion Detection System IEC International Electrotechnical Commission IED Intelligent Electronic Device IEEE Institute of Electrical and Electronics Engineers IETF Internet Engineering Task Force IGMP Internet Group Management Protocol INL Idaho National Laboratory IP Internet Protocol IPS Intrusion Prevention System IPsec Internet Protocol Security ISA International Society of Automation ISID Industrial Security Incident Database ISO International Organization for Standardization IT Information Technology ITE Institute of Electrical Engineers ITL Information Technology Laboratory ITS Intelligent Transportation Systems LAN Local Area Network M2M Machine to Machine MAC Media Access Control MES Manufacturing Execution System MIB Management Information Base MTU Master Terminal Unit (also Master Telemetry Unit)
|
From page 148... ...
B - 21 PDA Personal Digital Assistant PIN Personal Identification Number PID Proportional – Integral - Derivative PIV Personal Identity Verification PLC Programmable Logic Controller PP Protection Profile PPP Point-to-Point Protocol R&D Research and Development RADIUS Remote Authentication Dial In User Service RBAC Role-Based Access Control RFC Request for Comments RMA Reliability, Maintainability, and Availability RMF Risk Management Framework RPC Remote Procedure Call RPO Recovery Point Objective RTO Recovery Time Objective RTU Remote Terminal Unit (also Remote Telemetry Unit) SC Security Category SCADA Supervisory Control and Data Acquisition SCP Secure Copy SFTP Secure File Transfer Protocol SIS Safety Instrumented System SMTP Simple Mail Transfer Protocol SNL Sandia National Laboratories SNMP Simple Network Management Protocol SP Special Publication SPP-ICS System Protection Profile for Industrial Control Systems SQL Structured Query Language SSH Secure Shell SSID Service Set Identifier SSL Secure Sockets Layer TCP Transmission Control Protocol TCP/IP Transmission Control Protocol/Internet Protocol TFTP Trivial File Transfer Protocol TLS Transport Layer Security UDP User Datagram Protocol UPS Uninterruptible Power Supply US-CERT United States Computer Emergency Readiness Team USB Universal Serial Bus VFD Variable Frequency Drive VLAN Virtual Local Area Network VPN Virtual Private Network WAN Wide Area Network XML Extensible Markup Language
|
From page 149... ...
C - 22 Glossary There are a number of glossaries published with definitions of cybersecurity related terms. The National Institute of Science and Technology (NIST)
|
From page 150... ...
C - 23 53 Rev 4) Air gap To physically separate or isolate a system from other systems or networks (verb)
|
From page 151... ...
C - 24 adversary to probe, attack, or maintain presence in the information system. Authentication The process of verifying the identity or other attributes of an entity (user, process, or device)
|
From page 152... ...
C - 25 Bot A computer connected to the Internet that has been surreptitiously / secretly compromised with malicious logic to perform activities under remote the command and control of a remote administrator. A member of a larger collection of compromised computers known as a botnet.
|
From page 153... ...
C - 26 networks. Common uses for routers include connecting a LAN to a WAN, and connecting MTUs and RTUs to a long-distance network medium for SCADA communication.
|
From page 154... ...
C - 27 devices, actuators, sensors, and their supporting communication systems. Control Center An equipment structure or group of structures from which a process is measured, controlled, and/or monitored.
|
From page 156... ...
C - 29 Cybercrime Criminal activity conducted using computers and the Internet, often financially motivated. Cybercrime includes identity theft, fraud, and internet scams, among other activities.
|
From page 157... ...
C - 30 Cyberspace The interdependent network of information technology infrastructures, that includes the Internet, telecommunications networks, computer systems, and embedded processors and controllers. (Adapted from NSPD 54/HSPD -23, CNSSI 4009, NIST SP 800-53 Rev 4)
|
From page 158... ...
C - 31 sources with restricted access to releasable information while shielding the internal networks from outside attacks.(CNSSI4009) Denial of service An attack that prevents or impairs the authorized use of information system resources or services.
|
From page 159... ...
C - 32 risk posture and an effective dynamic response to active threats; and assessing enterprise performance against threats and adjusts countermeasures as necessary. (Adapted from: DHS Risk Lexicon, CNSSI 4009)
|
From page 160... ...
C - 33 Hacktivism The exploitation of computers and computer networks as a means of protest to promote political ends. The anti-secrecy group Anonymous is an example of a hacktivist organization.
|
From page 161... ...
C - 34 NIST SP 800-53 Rev 4, NIST SP 800-82) Information assurance The measures that protect and defend information and information systems by ensuring their availability, integrity, and confidentiality.
|
From page 162... ...
C - 35 Integrated risk management The structured approach that enables an enterprise or organization to share risk information and analysis and to synchronize independent yet complementary risk management strategies to unify efforts across the enterprise. (Adapted from DHS Risk Lexicon)
|
From page 163... ...
C - 36 the user of an information system. Cybercriminals install them on computers to clandestinely record the computer user's passwords and other confidential information.
|
From page 164... ...
C - 37 N Network resilience The ability of a network to: (1) provide continuous operation (i.e., highly resistant to disruption and able to operate in a degraded mode if damaged)
|
From page 165... ...
C - 38 Password A string of characters (letters, numbers, and other symbols) used to authenticate an identity or to verify access authorization.
|
From page 166... ...
C - 39 for generating, producing, distributing, controlling, accounting for, and revoking (destroying) public key certificates.
|
From page 167... ...
C - 40 the activities conducted by the tools. (Adapted from CNSSI 4009)
|
From page 168... ...
C - 41 System integrity The attribute of an information system when it performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system.
|
From page 169... ...
C - 42 U Unauthorized access Any access that violates the stated security policy.
|
From page 170... ...
C - 43 Work factor An estimate of the effort or time needed by a potential adversary, with specified expertise and resources, to overcome a protective measure. (Adapted from CNSSI 4009)
|
Key Terms
This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
More
information on Chapter Skim is available.