Cover Image

PAPERBACK
$45.00



View/Hide Left Panel

Analysis of the Threat of Cyberattacks to Major Transportation Control Systems in Russia

Mikhail B. Ignatyev

St. Petersburg State University of Aerospace Instrumentation

INTRODUCTION

Russia is a large and cold country for which the transportation infrastructure is of vital significance. Russia has a developed system of railroads; powerful systems for gas, oil, and electricity distribution; developed air, sea, and river transport systems; and a significant road transport system, although the latter is in need of intensive work. An intermodal shipping system1 is being created, and this requires a highly developed informational infrastructure. Every cargo shipment must be accompanied by a packet of documents, and delays in preparing these documents often lead to delays in shipping, especially when cargo is transferred from one mode of transportation to another at junctures between the sea, rail, and road transport systems.

As with the means of transportation themselves—planes, trucks, or ships—the cargo being carried may also be used for terrorist purposes. This is illustrated by the terrorist act of September 11, 2001, in New York City, as well as other incidents.2

Large computer systems are used to manage transport flows. Criminal elements use these computer systems to steal cargo in especially large volumes. They steal large freight containers and even entire trains of such freight cars, gas and oil from pipelines, ships and their cargo, and large trucks on the roads. Customs rules are violated, and large amounts of contraband are circulated. Major transport control systems have become a battlefield for criminal elements and governmental authorities. To protect information and ward off cyberattacks, all known means of protection are being utilized, but there are also special points to consider.



The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement



Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.

OCR for page 85
Terrorism: Reducing Vulnerabilities and Improving Responses - U.S.-Russian Workshop Proceedings Analysis of the Threat of Cyberattacks to Major Transportation Control Systems in Russia Mikhail B. Ignatyev St. Petersburg State University of Aerospace Instrumentation INTRODUCTION Russia is a large and cold country for which the transportation infrastructure is of vital significance. Russia has a developed system of railroads; powerful systems for gas, oil, and electricity distribution; developed air, sea, and river transport systems; and a significant road transport system, although the latter is in need of intensive work. An intermodal shipping system1 is being created, and this requires a highly developed informational infrastructure. Every cargo shipment must be accompanied by a packet of documents, and delays in preparing these documents often lead to delays in shipping, especially when cargo is transferred from one mode of transportation to another at junctures between the sea, rail, and road transport systems. As with the means of transportation themselves—planes, trucks, or ships—the cargo being carried may also be used for terrorist purposes. This is illustrated by the terrorist act of September 11, 2001, in New York City, as well as other incidents.2 Large computer systems are used to manage transport flows. Criminal elements use these computer systems to steal cargo in especially large volumes. They steal large freight containers and even entire trains of such freight cars, gas and oil from pipelines, ships and their cargo, and large trucks on the roads. Customs rules are violated, and large amounts of contraband are circulated. Major transport control systems have become a battlefield for criminal elements and governmental authorities. To protect information and ward off cyberattacks, all known means of protection are being utilized, but there are also special points to consider.

OCR for page 85
Terrorism: Reducing Vulnerabilities and Improving Responses - U.S.-Russian Workshop Proceedings First, computerized transportation control systems are directly linked to specific cargoes. Information about the cargoes and their shipment routes and schedules are of interest to criminal groups and therefore requires protection. Second, a supplemental information system is needed to track the movement of cargoes, and this is especially important during emergencies. A number of projects could be proposed in this regard, including a cybernetic container, cybernetic pipeline, robotic system for use in gas pipelines, and system for the external control of various modes of transport—planes, automobiles, and ships. Third, to ensure that correct decisions are made in rapidly changing situations associated with the battle against terrorism, interactive modeling of emergency situations is needed on the basis of three-dimensional graphics and animation, multiagent systems, and virtual world technologies. Fourth, a cyberspace immune system must be created based on the analogy of biological immune systems, with special cyberagents playing the role of the white cells. Fifth, an external control system must be created in which the top level is integrated into controls at the lowest level in order to prevent emergencies. A CYBERSPACE IMMUNE SYSTEM Construction of a cyberspace immune system is a matter of global interest. In the first stage of the formation of cyberspace, no thought was given to information protection, while in the second stage, passive protection methods, such as steganography and cryptographic systems, began to be implemented. The third stage is now beginning, and it has become obvious that passive methods will not resolve the problem. It is necessary to look to the analogy of biological systems, which over the millennia have developed immune systems to protect against penetration by disease-causing microbes and substances.3 Among plants and animals, resistance to bacterial and viral infections on an individual and species basis is ensured by a complex and multifaceted protection system inherent in each organism. In the battle between protective forces and infectious agents, the advantage often lies with the latter, as microorganisms multiply rapidly, creating populations numbering in the many millions, including mutant forms with more aggressive properties than those present in the initial strain. To protect themselves, it is likely that at a certain evolutionary stage, vertebrates developed a system of adaptive immunity (antibody formation). This is an organism’s most powerful line of defense, particularly against repeated contacts with infectious agents. The capability or lack of capability to produce antibodies is an inherited characteristic. The genetic regulation of antibody biosynthesis has several specific features. For instance, the formation of an antibody molecule by one polypeptide chain is controlled by two different genes. One of them controls the formation of the part of the chain involved in constructing the active center, with the construction of this part being different for antibodies

OCR for page 85
Terrorism: Reducing Vulnerabilities and Improving Responses - U.S.-Russian Workshop Proceedings having different specificities. Another gene controls the formation of the part of the chain that is constructed the same in all antibodies related to a given class of immunoglobulins. The degree of natural resistance to disease possessed by a given type of animal is determined by many factors, which in total reflect the special characteristics of both the animal and the disease pathogen. The creation of a cyberspace immune system is possible by creating a multiagent system. Some of the agents would perform useful work in transmitting information and could be identified with responsible principles (these agents could be analogous to red blood cells). Other agents would perform active police functions, detecting and rendering them harmless (these agents would be like antibodies). A third group of agents and other information structures could be identified as alien and harmful to the operation of the information system, and they would be removed from cyberspace. To construct a cyberspace immune system, it will be necessary to look at the architecture of the Internet and other global systems. VIRTUAL WORLDS AND CYBERTERRORISM Current Situation Society is undergoing a massive and often uncontrolled process of virtualization, resulting in virtual enterprises, work, universities, museums, economies, government, anatomy, and so forth. There is no single theory of virtual worlds, but rather various and often mutually exclusive views of philosophers, cultural specialists, psychologists, sociologists, and computer specialists. Hardware and software involved in the formation and support of computerized virtual worlds are developing rapidly without prior consideration of their capacities and the consequences of their use. Certain features of virtual worlds, such as initiation, interactivity, presence, resonance, reflexivity, and classification as information management systems allow us to assert that the concept of protection cannot be reduced to modern methods of protecting the base technologies that form the foundation supporting virtual worlds, but rather must take their special features into account. The most important characteristic of virtual worlds is their direct impact on the individual and, as a result, on society—the totality of the real world—which gives rise to the need to protect not only the infrastructure of a given object but also the life and health of the individual. Furthermore, by integrating biological and electronic elements (biocybernetic interface), the problems of protecting virtual worlds go beyond the limits of cyberterrorism and are associated with other forms of terrorism—biological, chemical, electromagnetic, radiological, and so forth.

OCR for page 85
Terrorism: Reducing Vulnerabilities and Improving Responses - U.S.-Russian Workshop Proceedings Goals of Work The main goal should be research and development of methods and models for forming, managing, and interacting with computer-created virtual worlds with the aim of improving the efficiency (safety, reliability) of the operations of various types of human-machine systems, including those related to transportation. The fundamental problem involved in creating virtual worlds is the definition and formalization of mechanisms for establishing and managing these worlds as well as facilitating interactions with them in terms of sensory motor parameters and other human characteristics. This is because virtual worlds are based on a set of human sensations experienced upon entering a given virtual environment and interacting with objects in it using various characteristics—physical, psychological, physiological, and so forth—that are either similar to or substantially different from those involved in the user’s daily life and activities. Research and development efforts are proposed in the following areas: virtual worlds as a focus of protection virtual worlds as a means of protection virtual worlds as a means of modeling situations and training specialists in how to combat cyberterrorism Proposed Approaches The process of addressing these tasks and the role of virtual worlds in this process may be described as follows: a class of functional tasks in the topical area functionally significant states of consciousness (psychological conditions) for each task described in terms of modalities (visual, auditory, and so forth) the virtual world as an integral representation of states of consciousness the information management channels of virtual worlds, which perform functional tasks and support the virtual world, with dynamic distribution of sensory motor resources among the various tasks being handled at a given time the integrated systems of virtual worlds, involved with receiving and transmitting (interaction), information computing (processing), and management a number of unified device and software modules for the creation and support of virtual worlds The creation of virtual worlds will make it possible to resolve certain typical management problems, for example, organizing the information management field “user-application” (representation of information plus management) with the possibility of managing the

OCR for page 85
Terrorism: Reducing Vulnerabilities and Improving Responses - U.S.-Russian Workshop Proceedings volume and content of information exchanged between them (response rate, periodicity, content, formats, and transmission channels) recommending behavior in working with an application according to the following model: recorded stage in virtual multimedia scene corresponding to effective behavior → scene corresponding to user’s current decisions → comparison and correction of discrepancies determining conditions for initiation of functionally significant state of consciousness of a given type and, on this basis, forming or predicting a person’s behavior in various situations (for example, by sending a selection of initiation conditions) The proposed and traditional approaches are presented in Table 1. Virtual worlds should be considered both in the broad sense of the struggle against cyberterrorism and their use for civilian purposes (dual-use technologies) and in the narrow sense of their possible use in specific topical areas, for TABLE 1 Traditional and Virtually Based Management Systems Traditional Management Systems Management Systems Based on Virtual Worlds Systems-oriented architecture is divided into complexes according to functional tasks. Open function-oriented modular architecture is divided into complexes according to typical concepts of perceptive human resources and related operations necessary to handle functional tasks, with dynamic distribution of resources among the tasks. Integrated processing of all incoming information and interaction of separate subsystems are driven mainly by the operator; that is, a person decides on an action to be taken after receiving and processing a variety of multiparametric information. Two-level management: the top level is represented by the user, who determines the basic management objectives; the second level receives the user’s command, analyzes it under specific application conditions, and selects and performs the appropriate function, taking into account available resources; that is, the user goes from coordinating system operations and categorizing information to giving the management system commands that it dynamically redistributes as it handles the command. As a rule, separate management systems are created for new applications. Virtual worlds for specific applications are formed on the basis of the tasks at hand using a number of unified standard device and software modules appropriate to the level of operations of the base virtual world.

OCR for page 85
Terrorism: Reducing Vulnerabilities and Improving Responses - U.S.-Russian Workshop Proceedings example, in external control of transportation systems in emergency situations, with a potential second application in the area of intermodal shipping. In the latter case, one of the main objectives would be the development of virtual reality-based models of the seizure of a plane, ship, or vehicle by terrorists. Basic Stages of Study study of internal and external mechanisms for creating and managing virtual worlds with the aim of analyzing possible points at which they could be subject to outside effects and the consequences of such effects study of the role of virtual worlds in the process by which individuals carry out tasks in a particular topical area: “fragment of reality plus tasks at hand plus human action” (primarily sensory motor, cognitive, and linguistic) to determine mechanisms for protection against outside effects construction of a generalized model of virtual worlds, including models of internal and external mechanisms for creation and management, basic characteristics and their management and classification, and user representations and behavior construction of a model for the protection of virtual worlds that would facilitate adaptive (level of automation of interaction is determined by the user’s condition, the user’s preferred means of receiving information, limitations on technical resources, and so forth) and bilateral (with mixed initiative) interaction between the individual user and the application testing of models using the example of the creation of protected systems in the fields of transportation, education, and science creation of electronic means for the training of specialists in this field EXTERNAL CONTROL OF MEANS OF TRANSPORTATION IN EMERGENCY SITUATIONS The events of recent years show that means of transportation—planes, ships, and motor vehicles—are increasingly being used as tools in the commission of terrorist acts. Means of transportation are controlled by people, and the current security concept is based on the assumption that these people value their own lives and will therefore operate their vehicles so that they themselves will not suffer and will not find themselves in any dangerous situations. However, terrorist acts are committed by people who are prepared to sacrifice their lives for the sake of ideas, and such people are becoming increasingly common because of the growth of social inequality and the exacerbation of the world situation. This forces us to reconsider the very concept of transportation security. These conditions gave rise to the idea of external control of means of transportation. The essence of this idea is as follows: In emergencies, the control capability of the pilot, captain, or driver would be shut off (as they might be under the control of

OCR for page 85
Terrorism: Reducing Vulnerabilities and Improving Responses - U.S.-Russian Workshop Proceedings malefactors), and external control of the vehicle would be implemented from a special center, thus preventing the vehicle from being used as a weapon.4 The technical means for instituting external control would be provided by the presence of onboard computer systems, which already perform a large volume of functions in the operation of various types of vehicles. Aviation computer systems handle complex tasks related to navigation, control, diagnostics, overall aircraft operations, communications, and so forth. Computer systems aboard ships also take care of many tasks and have made it possible to reduce crew sizes significantly. New generations of automobiles are also equipped with computer systems, which help to conserve fuel and improve safety. However, implementing external controls is a complex problem involving the resolution of many technical, psychological, and legal issues. It should be noted that the development of means of transportation is proceeding at a rapid pace. Transportation systems do a great deal of environmental damage to the planet, many people are killed in transportation accidents, and it is becoming obvious that the entire concept of transportation development needs to be reviewed and linked to the concept of security. All means of transportation should have external control capability, which not only will make it possible to improve security but also will facilitate the resolution of problems related to traffic jams, intermodal shipping, and so forth. To resolve these problems, we need a computer model of the entire transportation space, populated with representatives of all means of transportation in the form of agents that would accurately reflect the location of each vehicle and its characteristics, destinations, and capabilities. In essence, this calls for the construction of a multiuser virtual world. This is no simple task, but in our times it is an achievable goal and can be tackled in stages, region by region, so that in the future it would grow to encompass the entire planet. With the help of this multiuser virtual world, it would be possible to test various options for resolving transportation problems and select the best ones for the current situation. As an example, we have considered the multiuser virtual transportation world of St. Petersburg, which has a multitude of problems.5 Resolution of the problem of external control of means of transportation in emergencies involves the following elements: detection of an emergency situation on an aircraft decision to implement external control removal of control capabilities from cabin and institution of external control—a problem of onboard equipment operation of dispatch center where external control commands are processed placement of aircraft in multiuser virtual-world mode for flight coordination landing of aircraft in external control mode

OCR for page 85
Terrorism: Reducing Vulnerabilities and Improving Responses - U.S.-Russian Workshop Proceedings Plans call for participation in this project by the leading scientific research, design, engineering, and flight-testing organizations in the Russian aviation sector. These organizations specialize in designing, operating, and testing heavy, light, civilian, and military aircraft; onboard systems for automated and manual flight control; ground-based flight control systems; onboard and ground-based radio communications systems; and others. They have great creative potential and experience and have done much previous scientific and engineering work in aircraft design, testing, and operation; design and operation of onboard equipment and software for use aboard civilian and military aircraft; systematic development of failure-resistant and fail-safe onboard equipment, such as ergatic (man-machine) systems; development and operation of imitation and seminatural model displays; certification of aircraft, equipment, and software; and operation of flight control systems. Based on this concept, a number of technical features could be developed for the stage-by-stage implementation of the project, with the goal of the first stage being the execution of a test flight of a heavy passenger plane in external control mode. The problem must be resolved with the involvement of leading foreign firms and organizations. CONCLUSION The appearance of international terrorism on a broad scale represents a challenge to all mankind. Problems involving the improvement of security may be resolved only through the joint efforts of many countries. NOTES 1.   Chernenko, V. I., and M. B. Ignatyev. 1996. Multimodal transportation in northwest Russia for sustainable development. Proceedings of the Conference on Sustainable Interregional Transport in Europe, Kouvola, Finland, June 10–12. 2.   Wilkinson, P., and B. M. Jenkins. 1999. Aviation terrorism and security. London: Frank Cass Publishers. See also Ignatyev, M. B., N. Simatos, and S. Sivasundaram. 1996. Aircraft as adaptive nonlinear systems which must be in the adaptational maximum zone for safety. Proceedings of the First International Conference on Nonlinear Problems in Aviation and Aerospace, Daytona Beach, FL. 3.   Ignatyev, M. B., L. A. Mironovsky, Yu. M. Smirnov, and G. S. Britov. 1973. Management of computing processes. M. B. Ignatyev, ed. Leningrad: Leningrad State University Publishing House, 296 pp. See also Ignatyev, M. B., A. V. Nikitin, and L. G. Osovetsky. 1988. A bioinformational analogy for building a base interface for software and the INTERFACE-DNA-PC mobile technological environment. In Issues of Programming Technology. Leningrad: Leningrad Institute of Aviation Instrument Building of the USSR Academy of Sciences. 4.   Ignatyev, M., N. Simatos, and S. Sivasundaram. 1996. Aircraft as adaptive nonlinear systems which must be in the adaptational maximum zone for safety. Proceedings of the First International Conference on Nonlinear Problems in Aviation and Aerospace, Daytona Beach, FL. 5.   Ignatyev, M., A. Nikitin, and N. Reshetnikova. 1999. Virtual educational, scientific, and industrial environments. In Proceedings of the International Conference on the Internet, Society, and the Individual, St. Petersburg.