government’s policies on imports. Consideration of possible measures to address such scenarios, and their costs, should reflect these facts.

As a result of this situation, a focused, evolutionary process for identifying and prioritizing security enhancements will be required. Development and implementation of such a process are likely to be slower than one might like, so there is a need to focus efforts on the most critical areas. Otherwise, unnecessary expense will be incurred, and, under some conditions, the efforts might even be counterproductive—every change to the system introduces the risk of new vulnerabilities.

TYPES OF THREATS

Cyberattacks on transportation and logistics networks could take several different forms, with varying consequences and probabilities. Reducing vulnerability requires consideration of all plausible types, including those discussed here. The first one is a direct attack on the information systems, while the latter two use information technology (IT) to enable or amplify a physical attack. It should be noted that a physical attack on the IT systems coordinated with a cyberattack could cause far more damage than either type alone. This report, however, is concerned only with cyberattacks, which would not differ much if they were accompanied by physical attacks. The full study should consider all types of threats involving cyberattacks, and their consequences.

Denial of service: Cyberattacks, whether by terrorists or hackers, might bring down information systems with what is known as a “denial-of-service” attack. For example, the perpetrator might gain entry to a large number of unprotected computers on the Internet and program them to access selected websites simultaneously. The computers controlling these websites might then crash. Companies in other industries have been subjected to denial-of-service attacks on their websites and servers, which were probably perpetrated by individual hackers. Such attacks are not the subject of this report, which focuses on large-scale, organized attacks intended to inflict maximum economic damage over a long period of time. No massive, coordinated attacks have yet been launched on any network, but if directed at freight information systems, such attacks could disrupt freight service, causing significant damage to the economy.1 A related concern is delib-

1

Economic damage from the 12-day shutdown of West Coast ports in October 2002 due to labor–management issues probably exceeded $1 billion (Anderson and Geckil 2002). Damage was limited because the shutdown was widely anticipated. A cyberattack might have different consequences.



The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement