The National Academies Press

Currently Skimming:

Pages 13-14

The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.

From page 13... ... Hence, we propose these as future research projects to be considered by TRB, which could potentially promote the ultimate objective of helping transportation agencies more effectively prepare for, mitigate, and respond to cybersecurity threats and risk. Opportunity Concept Relevance Output State of OT Cyber Risk Evaluation Research the current state of OT cybersecurity with state DOTs to identify, evaluate, and quantify current cyber risks to OT across the industry Creating a summary of current threats to OT cybersecurity would help DOT CEOs and other agency leadership to understand, prepare for, mitigate, and respond to threats and risks Document detailing current state of OT Cyber Risk Evaluation Knowledgebase of Cybersecurity Resources Create a knowledgebase of available resources and sources of funding for cybersecurity risk and mitigation projects and guidelines for how to find further funding DOT executive leadership who seek to invest in cybersecurity risk mitigation programs are often unaware of available resources and funding, such as federal programs Knowledgebase of available cybersecurity resources IT/OT Organizational Structure Assessment Conduct research to compare and contrast the differences, efficacy, and comparative benefits of different approaches to organizing cybersecurity efforts within a DOT, e.g., compare a unified state IT or cybersecurity department versus a DOT-specific department, as well as benefits to separating or combining IT and OT leadership There is a variety of strategies for implementing IT, OT, and cybersecurity organizational structures from state to state and even from department to department. Read the entire page →
From page 14... ... Non- connected OT Devices Research the different cybersecurity requirements between connected and non- connected OT devices and weigh the benefits of introducing new connected OT devices versus the cost of introducing new cyber vulnerabilities. With the increasing number of connected devices, it is imperative to identify the cyber risk involved, determine their security requirements, and distinguish between those of non-connected devices, providing organizations with proper guidance to mitigate cybersecurity threats Document quantifying risk associated with OT devices Cybersecurity Risk Level Quantification Develop a procedure for quantifying the impact of cybersecurity attacks and the risk levels associated with them. Read the entire page →

From page 13...

... Hence, we propose these as future research projects to be considered by TRB, which could potentially promote the ultimate objective of helping transportation agencies more effectively prepare for, mitigate, and respond to cybersecurity threats and risk. Opportunity Concept Relevance Output State of OT Cyber Risk Evaluation Research the current state of OT cybersecurity with state DOTs to identify, evaluate, and quantify current cyber risks to OT across the industry Creating a summary of current threats to OT cybersecurity would help DOT CEOs and other agency leadership to understand, prepare for, mitigate, and respond to threats and risks Document detailing current state of OT Cyber Risk Evaluation Knowledgebase of Cybersecurity Resources Create a knowledgebase of available resources and sources of funding for cybersecurity risk and mitigation projects and guidelines for how to find further funding DOT executive leadership who seek to invest in cybersecurity risk mitigation programs are often unaware of available resources and funding, such as federal programs Knowledgebase of available cybersecurity resources IT/OT Organizational Structure Assessment Conduct research to compare and contrast the differences, efficacy, and comparative benefits of different approaches to organizing cybersecurity efforts within a DOT, e.g., compare a unified state IT or cybersecurity department versus a DOT-specific department, as well as benefits to separating or combining IT and OT leadership There is a variety of strategies for implementing IT, OT, and cybersecurity organizational structures from state to state and even from department to department.

Read the entire page →

From page 14...

... Non- connected OT Devices Research the different cybersecurity requirements between connected and non- connected OT devices and weigh the benefits of introducing new connected OT devices versus the cost of introducing new cyber vulnerabilities. With the increasing number of connected devices, it is imperative to identify the cyber risk involved, determine their security requirements, and distinguish between those of non-connected devices, providing organizations with proper guidance to mitigate cybersecurity threats Document quantifying risk associated with OT devices Cybersecurity Risk Level Quantification Develop a procedure for quantifying the impact of cybersecurity attacks and the risk levels associated with them.

Read the entire page →

Key Terms

cyber risk

cyber risks

state dots

cybersecurity threats

risk mitigation

state dot

cybersecurity maturity

cybersecurity requirements

transportation agencies

cybersecurity risk

cybersecurity practices

cybersecurity attack

cybersecurity organization

current cyber

security threats

← Previous Chapter Skim

Next Chapter Skim →

This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
More information on Chapter Skim is available.