Cyber Security Risk Assessment Tools
As the transportation infrastructure is operated with more connectivity between systems, it becomes important that the intelligent transportation system components and processes are dependable, resilient, authenticated and used appropriately. To this end, a more formal process of monitoring, alerting, and advising owners/operators of these systems must be established. Although there are other organizations and processes that cover some aspects of roadway ICS/ITS deployments, a focused effort would better serve the highway transportation community with those existing avenues if put into a collaborative and supporting role. As such, the project team (ITE, AASHTO, ITS America, NEMA, and NACTO) proposed a Transportation Systems Cyber-Security Framework (TSCF) to meet this need: https://cyberguidance.transportationops.org/.
- Providing a means of rapid, secure communication of relevant cybersecurity challenges among trusted stakeholders.
- Provide a common means whereby all stakeholder classes (including USDOT FHWA; regional, state, and municipal traffic system operators; equipment manufacturers and integrators; academia; the cybersecurity community; and law enforcement may communicate as equals to discuss and develop guidance to address cybersecurity challenges.
- Develop guidance that may be implemented on a responsive basis as cybersecurity threats materialize.
Cyber Transportation Systems Framework
The landscape in which transportation systems reside and how it operates is changing as computers and communication systems become essential features to sustain highway and street-level operations in metropolitan areas. With this changing environment, the threat environment has also changed. Information sharing regarding threats to the transportation infrastructure is now critically important. This restricted portal endeavors to share information regarding cyber security vulnerabilities and exploitation quickly and efficiently among subscribers.
Creating or Reviewing Your Cyber Resiliency Plan
Based on recent cyber activity in public agencies that has been reported in the news, it is recommended that State and local agencies who own and operate their transportation system to review their cyber resiliency plan at the earliest possible opportunity. This includes reviewing the following steps:
- Identify where and/or who has your IT and control system plan in response to a cyber event.
- If necessary, familiarize yourself with the response plan procedures.
- Review contact information with internal and external partners to make sure it is current and all partners understand their role and responsibility during a response.
- Verify the location and condition of any backup software, database, and necessary supporting applications and files.
- Confirm the response plan has current procedures for restoring software and systems to operating conditions.
If you need guidance or tools for crafting your cyber resiliency plan, please contact us directly.