KLK215: Assessing the Security and Survivability of
Transportation Control Networks
Principal Investigators:
Paul Oman and Axel Krings
Project Objectives:
The five specific objectives of the research project are to
- Determine the similarities between transportation
control networks and other real-time complex control
systems, such as the electric power grid,
- Assess the state-of-the-practice with respect to the
application of Information Security (InfoSec) principles
within existing traffic and transportation control networks,
- Adapt or develop procedures for Common Mode Failure
Analysis (CMFA) and Security/Survivability Systems Analysis
(S/SSA) from the electric power domain to application within
traffic/transportation control networks,
- Identify areas within transportation control networks
where existing InfoSec technologies can be applied, but are
heretofore absent, and
- Identify transportation domain specific vulnerabilities
for which new InfoSec technologies and devices must be
developed or adapted.
Task Descriptions:
Task 1.: Analysis of existing transportation control networks
through visitations, literature review, and meetings with NIATT
and ITD.
Task 2.: In situ security and survivability assessments of
actual control center and dispatch operations.
Task 3.: Fault and failure analyses by trial application of
CMFA and S/SSA procedures to documented failure incidents and/or
transportation network topological diagrams.
Task 4.: Adaptation of CMFA and S/SSA procedures to
accommodate domain specific characteristics of transportation
control networks.
Task 5.: Gap analysis documenting InfoSec applications and
voids within transportation control network topologies.
Milestones:
|
Task/Subtask |
Deliverables |
Due
Date(project qtr) |
|
1.
Analysis of existing transportation control networks. |
|
|
|
Meet
NIATT and ITD representatives |
Meeting notes |
1st
and 2nd |
|
Transportation network literature review |
Bibliography and references |
1st
and 2nd |
|
Search for applicable standards |
List
and analysis of standards |
2nd
or 3rd |
|
Understand transportation topologies |
Network diagrams |
2nd |
|
Identify target control centers for visitation |
List
of target sites |
1st |
|
2.
In situ security and survivability assessments |
|
|
|
Trial visitation, any site |
Notes and observations |
2nd |
|
Target site #1 assessment visitation |
Security checklist of target, Survivability map of target,
Vulnerability/mitigation matrix. |
3rd |
|
Target site #2 assessment visitation |
Security checklist of target, Survivability map of target,
Vulnerability/mitigation matrix. |
4th |
|
3.
Application of CMFA and S/SSA |
|
|
|
Obtain documented transportation failure incidents and
topologies |
Notes, observations, references |
2nd
and 3rd |
|
Apply CMFA |
Incident port-mortem(s), Trial CMF matrix, Trial CMFA model |
3rd |
|
Apply S/SSA |
Trial SSA survivability map |
3rd |
|
4.
Adapt CMFA and S/SSA |
|
|
|
Revise CMFA as per Task C |
Modified CMFA procedures |
3rd
and 4th |
|
Revise S/SSA as per Task C |
Modified S/SSA procedures |
3rd
and 4th |
|
Apply modified procedures to target site #2 |
Security checklist of target, Survivability map of target,
Vulnerability/mitigation matrix. |
4th |
|
5.
Gap analysis |
|
|
|
Map
topologies and control devices |
Notes and observations |
1st
and 2nd |
|
Document existing InfoSec applications |
Notes and observations |
1st
and 2nd |
|
Identify missing InfoSec opportunities |
Gap
analysis report |
3rd
and 4th |
|
Identify domain specific peculiarities |
Gap
analysis report |
3rd
and 4th |
Budget Information:
UTC funds dedicated to this project are
$32,699.
Student Involvement:
Carol Taylor, Computer Science Ph.D., funded by NIST grant
#60NANB1D0116.
Daniel Conte de Leon, Computer Science M.S., funded by NIST
grant #60NANB1D0116.
Robert Morris, Computer Science Ph.D., funded by the Computer
Science Department.
1 Computer Science graduate student
1 or 2 computer science or transportation undergraduate
students
Relationship to the NIATT Strategic Plan and to Other Research
Projects:
This proposal specifically addresses the security and
survivability of a real-time control network supporting an advanced
Center for Traffic Operations and Control, as described in NIATT’s
Strategic Plan. Complex systems like traffic control and
transportation monitoring networks form the heart of our nation’s
critical infrastructures, without which our nation’s commerce and
economy would collapse.
Technologies exist for convenient access and intelligent control
of remote devices, but that convenience and remote operations
capability comes at the cost of reduced security and survivability.
It is now apparent that our nation’s infrastructures and essential
utilities are susceptible to cascading failures induced by
relatively minor events, such weather phenomena, accidental damage
to system components, and physical or cyber attack. In contrast,
survivable complex control structures should and could be designed
to lose sizable portions of the system and still maintain essential
control functions.
The principle investigators have embarked on a two-year project,
funded by NIST, to improve the security and survivability of the
electric power grid. This work will apply those same experimental
procedures to the control network of our transportation grid. The
Computer Science Department’s NSF Cyber Service Fellowship grant
assists with this effort by providing stipends to students whose
work is focused on computer and network security issues. Possible
sources of future funding include follow-up studies funded by NIST,
basic research in InfoSec funded by NSA, and applications of control
system security and survivability principles funded by the new
Office of Homeland Security.
Technology Transfer Activities:
Technologies generated by this project that have the potential
for commercialization and/or institutionalization include
- Traffic/Transportation control network security
checklists and procedures,
- Traffic/Transportation control network survivability
maps and procedures,
- Vulnerability and mitigation matrices, relative to
traffic and transportation control networks,
- CMFA and S/SSA procedures applicable to traffic and
transportation control systems, and
- Results from InfoSec gap analyses conducted on traffic
and transportation control systems.
Institutionalization of the traffic/transportation-centric
checklists, maps, and procedures could only be implemented through a
recognized state or local organization such as NIATT or the Idaho
Transportation Department. However, the vulnerability analyses, CMFA,
and S/SSA procedures are of interest to a wide group of
organizations and entities, including NIST, INEEL, PNNL, NSA, and
the new Office of Homeland Security. Further, commercial potential
of new technologies identified through gap analyses would be of
interest to all those organizations, plus all businesses involved in
manufacturing control systems (e.g., Honeywell, GE, Siemens, SEL,
etc.). All results and deliverables from the proposed project will
be documented in technical reports and publications sufficient to
recreate the procedures and artifacts. Commercialization and
institutionalization of results will be coordinated through NIATT
unless NIST has prior claim to those results.
Potential Benefits of the Project:
Our modern digital society’s critical infrastructures are complex
control systems with interdependencies and fragilities beyond common
expectations. The roots of these characteristics lie in the
relatively benign, but fast-paced development environment in which
our digital society has developed. In short, our non-military
infrastructures were not designed for hostile environments, nor did
they evolve under the hostile conditions experienced by many nations
under constant bombardment by warfare, internal strife, and
terrorism. As such, our computerized control systems contain many
potentials for common mode failures, including physical components,
hardware circuitry, firmware, and software.
We must, however, begin to harden our critical infrastructures
against those very attacks. The hardening process—against both
physical and cyber attack—begins by modeling security and
survivability characteristics within complex systems. We have
already applied fault modeling and security/survivability assessment
procedures to the electric power grid. We are convinced that these
same procedures are applicable to all real-time, complex control
systems, including transportation control networks. The resulting
benefit will be mitigation strategies and design parameters for more
robust and survivable systems for advanced traffic operations and
control.
Project status:
Complete Final Report:
N05-01 (pdf) |
