Cybersecurity of Freight Information Systems: A Scoping Study -- Special Report 274 (2003)

Most freight transportation information technology (IT) is the same as in other industries. Differences arise because of the nature of the industry and the consequences of terrorist exploitation of potential vulnerabilities, as noted in the Executive Summary. The freight transportation industry uses IT in several ways:

• Backroom management and integration. Companies use a range of general-purpose business applications to manage internal processes and to link them by sharing information internally and with suppliers and customers (see, for example, Chopra and Meindl 2001; McDougall 2003; Radding 2000).

• Mobile communications and tracking. To keep track of the locations of trailers, trucks, rail cars, and other mobile assets and their contents, companies use everything from bar codes to Global Positioning System (GPS) receivers.

• Internet applications. The Internet plays a growing role for all freight companies. Electronic commerce of all kinds uses the Internet because of its wide accessibility and its flexibility in allowing companies to link various kinds of Web, client-server, and legacy systems. These properties make it easier for companies to develop distributed applications that can exchange various types of formatted data (Kiely 1999).

All of these technologies have cybersecurity implications. As companies make their operations more efficient by integrating their systems and those of their customers and suppliers, they also raise cybersecurity concerns. The purpose of this chapter is not to define specific information technologies into or out of the war on cyberterrorism. Rather, it is to provide a basic understanding of the range and

character of possible technology tools that might become valuable in that context. The committee believes that this will help the Department of Homeland Security (DHS) and the Department of Transportation (DOT) in the development of their cybersecurity strategies.

Many kinds of IT are used by the freight transportation industry. The various modes (air, truck, rail, pipeline, and water), to varying degrees, use specialized, sector-specific technologies, but the ultimate goal is to get the shipment from its origin to its destination, which may involve multiple modes. The challenge is to get the shipment to its destination on schedule, with the appropriate degree of tracking en route; to minimize delays in transferring from mode to mode; and to do all of this at a competitive price without damage to the product shipped.

For most companies, transportation is a strategic asset. Large companies today are likely to have sophisticated models of their operations, known as enterprise resource planning (ERP) systems. ERP systems may include scheduling modules for manufacturing plants, which would allow the company to automate major portions of the decision processes in transportation or other aspects of the value chain for that plant. The use of such modules (in finance, logistics, manufacturing, human resources, or supplier management) helps the company improve the way it does business by increasing efficiency and reducing human error.

Freight transportation planning and operation decisions are often assisted by software that is designed to help analyze and determine how, where, when, and in what quantity materials should be transported. These systems also compare different carriers, modes, routes, and freight plans; include supply chain management software; and rely on sophisticated algorithms to analyze options and generate solutions that increase profitability. These applications can respond in real time to problems and emergencies—for example, by instantly rescheduling if a machine breaks down.

For any mode, freight operations can generally be categorized into the following tasks, each of which can be assisted or improved by the use of IT:

• Matching a load with a carrier. The cargo owner, or shipper, must identify and engage a carrier—truck, train, ship, air, or a combination of modes. Freight brokers, agents, and freight forwarders may be involved in this task. The technology involved can span the range from telephone and fax on the low end to Internet-based load bidding. If a multimodal shipment is involved,

the shipper or broker (agent) will either have to arrange each leg of the trip or request a carrier to arrange the entire intermodal movement.

• Order acceptance. It is necessary to establish a dated record of the carrier to which the load is assigned. This record is typically called a bill of lading (airbill or waybill). It is a statement of the nature and value of goods being transported and the conditions and terms applying to their transport. It serves as or evidences a contract of transport between the owner of the goods and the carrier. It may be paper, or it may take various electronic forms.

• Routing/dispatching. Choosing a course and directing the vehicle to its destination can be a matter of strictly human effort (for a simple truck trip) or it can be automated to nearly any extent desired.

• Pickup confirmation, en route tracking, and delivery confirmation. Shippers and freight companies often desire to track the progress of their shipments. A variety of processes and technologies—depending on the transportation modes— can be used for this purpose, including GPS satellites, digital or analog wireless telephones, and bar code scanning. Some carriers use all of these devices, so customers may monitor the locations of their shipments in near real time by using the Internet.

• Transmitting shipping documentation. Paper documents are traditional here, but many carriers use electronic communications [e.g., the Internet and electronic data interchange (EDI)].

• Cargo manifesting. This step often uses special information software and systems.

The various transportation modes use different technologies, which reflect their recent histories. All, however, are moving toward greater computer-assisted systems and reliance on communication, frequently using EDI and the Internet. Yet they have far to go before truly intermodal transportation communications are possible.

The trucking industry is a component in nearly every company’s supply chain. Trucking companies use computing and communications technologies heavily

to improve their own efficiency and to meet the demands of their customers for cost-effective, efficient, and easily tracked logistics. The proliferation of small trucking companies over the past 20 years has been built on the use of low-cost IT such as mobile phones, fax machines, and the Internet.

Trucking companies and freight brokers increasingly use the Internet to match loads with the most appropriate carriers. Both independent brokers and some larger truck freight companies have websites on which drivers can bid for loads or use EDI, which is also commonly used by railroads and waterborne freight companies. Phone and fax, of course, are still vital, especially for the tens of thousands of smaller firms (i.e., those with fewer than 10 trucks).

To document the agreement to carry a shipment, many shippers use electronic means [such as the well-established EDI or the emerging and more flexible Extensible Markup Language (XML)], but smaller shippers use paper records.

Except for extremely time-sensitive operations, such as sophisticated logistics systems serving just-in-time manufacturing operations, the driver or human dispatcher is responsible for routing and dispatching the truck. The technology is available for automating these operations to nearly any extent desired (including special software for generating maps and trip schedules).

For confirming the pickup, en route tracking, and delivery confirmation, truckers use a variety of technologies, including GPS (satellites), digital or analog wireless telephones, and bar code scanning. New electronic automatic vehicle identification systems, much like those used in the electronic collection of tolls on highways, are used increasingly in busy ports and other intermodal transfer points. Some carriers use all of these devices, so customers may monitor the locations of their shipments in near real time by using the Internet.

In transmitting shipping documentation, paper documents are the norm, but some carriers use digital communications such as EDI.

The rapid growth of air freight in the past decade was made possible by advances in communications as much as anything else. Coordinating the worldwide movement of time-sensitive freight, from business documents to garments to fresh flowers, is a challenging and complex task.

Air cargo companies gain their competitive edge from technology innovation. They pioneered the generation and use of large databases that can be queried at will to monitor each of the millions of items that a large air freight company may have in transit at any moment. A vital part of the problem is to ensure that intermodal communication is efficient (Air Transport Association 2002).

Rail freight is increasingly supported by information systems and communications technologies. Typical trains a decade or so ago had a crew of four, compared with two today. Rail companies have made growing use of onboard computers, local area networks, automated equipment identifiers, GPS tracking, automatic reporting of work orders to headquarters, car scheduling and train order systems, and two-way wireless connections (Association of American Railroads 2003).

Signaling and monitoring systems are also more automated, taking advantage of commercial fiber-optic communications cable that has been laid along rights-of-way. The rails themselves are used as communications channels for signal controllers and trackside signals. Wayside “hotbox” detectors take infrared readings on the bearing boxes of passing rail cars and automatically report overheated journals over VHF voice networks. In arranging transfers to and from other modes, railroads have long used EDI.

To help track shipments, nearly all locomotives and rail cars are tagged with automatic identification transponders, which automatically record car locations. This technique allows automatic verification of the standing order of cars in each train and faster, more accurate reporting of car locations to railroad service centers and customers.

Waterborne freight has many of the same information needs as other modes. The carrier must identify cargo, make intermodal handoffs efficiently, and get the cargo to the agreed destination as quickly and securely as possible. The types and sizes of typical cargo (mainly containerized freight, petroleum and other fluids, motor vehicles, and various bulk cargo) are somewhat different from those of other modes, but the types of information needed are essentially the same.

The focus of the remainder of this section is on the international liner shipping industry (that is, ocean carriers that offer scheduled services on fixed routes), since this type of shipping activity involves the greatest need to manage information and communicate with others. Further detail can be found in Appendix A.

The heart of a company’s information and communication processes is usually a legacy mainframe computer system, which is generally accessible over the Internet (with various levels of access to users inside and outside the company). Access is secured by passwords or a virtual private network with different levels of security

for, and access to, the centralized mainframe systems. Many global carriers also have company intranets.

Central to liner shipping companies’ activities in this area is keeping track of containers and truck chassis. Shippers (cargo owners) must arrange with the line for the specific types and numbers of containers needed, the pickup date, and which vessel is to carry the containers. To do this, the shipper either directly contacts the line’s booking agent or enters the necessary information (including origin, destination, port of loading, commodity description, shipper’s name, and type of container) using the appropriate transaction section of the line’s website. In either case, the information goes into the company’s mainframe system and becomes available to dispatchers of containers and to vessel operators and terminal operators, who make the necessary preparations for the movement, loading, and stowage of containers on the vessel and for the availability of needed equipment. At the destination port, the terminal operations staff—also working from the company’s mainframe system—will access information needed for off-loading the containers and handing them off for the next leg of the journey.

Multiline alliances and other vessel-sharing arrangements are central to liner shipping. Because a vessel may carry the cargo of various container lines, it is necessary to exchange significant amounts of information among alliance members. Most of this information exchange is handled via EDI, which in turn requires that each alliance partner’s information system be programmed to accept data from the other partners’ systems.

They also must share information with truckers and rail carriers to ensure efficient intermodal transfers. The EDI protocol or Web tools, or both, are generally used with “house” truckers or railroads; with smaller trucking companies, the transactions are handled by fax or e-mail.

The freight industry has innumerable electronic links, mandated or voluntary, with local, state, and federal agencies. These include manifest filings, operating authorities and permits (e.g., permits to carry hazardous materials), route filings, electronic funds transfers, and personnel files, to name a few. For example, ocean carriers must post information on imported cargo with the Automated Manifest System (AMS) of DHS’s Bureau of Customs and Border Protection (formerly

U.S. Customs Service). The Customs databases and systems are discussed in more detail in Appendix D. Customs recently promulgated the so-called 24-hour rule (see Box 2-1), which requires that advance cargo declarations be submitted 24 hours before loading of U.S.-bound cargoes in foreign ports. AMS and the Customs’ Automated Targeting System are becoming the preeminent centralized government data management system for security prescreening of import cargoes to the United States. In addition, many ocean carriers and shippers are participating in Customs’ Automated Export System for electronic submission of

export cargo information; other ocean carriers provide that information today in paper (fax) form. The Advanced Passenger Information System, which has been used by airlines since 1986 to report airline passengers, has now become mandatory for other modes, under the Enhanced Border Security Act of 2002. It will soon require mandatory advance electronic crew member information from vessels. As with information technology in other applications, the use of systems and databases in public–private partnerships is subject to the cybersecurity implications previously mentioned in this chapter.

Estimates in the trade press suggest that about 75 percent of shippers’ transactions with ocean carriers are handled by telephone or fax, 20 percent through individual carriers’ websites, and 5 percent via the three Web-based portals (e.g., GT Nexus, Inttra, and CargoSmart) that provide access to multiple carriers at one site. In electronic transactions between ocean carriers and their customers, user registration and assignment of passwords is a common security measure. Encryption of data is primarily used in situations in which the parties are passing data related to title to goods, as, for example, with remote printing of bills of lading. Some companies in the liner shipping industry are moving to customer relationship management software, which allows them to more flexibly manage customer transactions through a simpler linking of all the company’s individual business systems. Customers can obtain information on the status of particular cargo movements from the ocean carrier’s customer service department or track the cargo’s position in a secure section of the carrier’s website using coded information from the bill of lading.

A variety of approaches using new technologies may be linked to IT systems in the future. Some are intended to improve cybersecurity. Others would be implemented for efficiency reasons but may have secondary implications, positive or negative, for IT vulnerability. The topics discussed are still developmental, and there is no assurance that they will be (a) appropriate for freight transportation security or (b) available at an acceptable cost. The technologies discussed here are intended as examples of technology that the full study should consider. Determining which are likely to be widely implemented was beyond the scope of this study.

DOT, working with freight shippers, has tested a variety of ways to improve intermodal transfers of freight under the Intelligent Transportation Systems program. For example, at O’Hare International Airport, the Electronic Supply Chain Manifest system was tested in a 2-year demonstration that focused on the air–truck interface, but it is being considered for other modes as well.

The Freight Information Real-Time System for Transport (FIRST), being developed by the Port Authority of New York and New Jersey (https://www.firstnynj.com/), is an Internet-based system for trucking companies, railroads, terminal operators, ocean carriers, brokers/freight forwarders, and others to use in speeding the flow of cargo through the area (one of the busiest and most congested in the country). It allows cargo brokers, shipping agents, freight forwarders, and steamship companies, as well as trucking companies and railroads, to check the status of cargo and vessel arrivals, arrange pickups, and confirm deliveries. The FIRST website includes alerts of bridge and tunnel problems and traffic congestion (and Webcams of the busiest container terminals).

FIRST consolidates in one place on the Web various existing sources of critical cargo transfer and carrier information (including near real-time information on truck, ship, and train arrivals), real-time video feeds to monitor congestion at seaport entry gates and road conditions on arterial roads leading to the port, and enhanced intermodal connectivity by improving the in-transit visibility of cargo.

The interconnection of systems across the freight transportation sector, properly implemented, significantly increases the ability of participants to communicate effectively and efficiently by reducing mundane tasks and increasing accuracy. Various forces are currently driving the interconnection of information systems across the entire transportation sector. Economic forces, among other considerations, are causing large organizations in the transportation sector to interconnect their own systems to create enterprise-spanning systems. For example, all of the large overseas shippers now have interconnected systems that are used to control most aspects of the shipping process within their organizations. The systems have many of the same characteristics as those developed by FedEx to handle all of its various operations, including overnight, freight, and custom

deliveries. Furthermore, customers are being granted electronic access to those systems to gain “visibility” of shipments, which allows the customers to make their own operations more efficient.

As some large organizations develop interconnected systems for their own purposes, they also provide the resulting computer-assisted services to a larger number of smaller organizations who otherwise would not have their own systems. For example, the system used by Union Pacific to control its networkwide operations is also used by many short-line carriers to control local and regional operations. Such sharing of information systems helps large and small operators alike to increase efficiency, reduce overall costs, and amortize investments in IT.

Smaller operators also are interconnecting their existing systems to create “federated” or “cooperative” systems that allow them to compete more effectively with larger organizations. For example, four regional trucking carriers have formed the ExpressLink system to interconnect their own corporate-level systems. ExpressLink gives each carrier national coverage while allowing it to maintain a relatively small infrastructure.

In addition, policy and regulatory forces are driving the interconnection of governmental systems and the interconnection of commercial and governmental systems. The Bureau of Customs and Border Protection has several new IT systems (described in Appendix D) under development that—once they become operational—could serve more government agencies than originally envisaged as a result of homeland security initiatives and requirements. In many respects, the interconnection of government systems parallels the interconnection of commercial systems because regulatory agencies must streamline their operations to keep pace with increased efficiencies provided by commercial systems.

Regulatory forces are also driving the interconnection of commercial and government systems by requiring more information to be submitted electronically to the government by carriers, shippers, and manufacturers. For example, effective December 2002, Customs has been requiring the submission of sea cargo manifests 24 hours before loading of export cargoes destined for the United States (see Box 2-1). Customs, acting under statutory authority, is poised to propose that all sea cargo manifests be electronically submitted for both import and export cargo. Customs is likely to propose that similar electronic submission requirements for cargo descriptions be implemented for the other transportation modes.

Many of the economic, business, policy, and regulatory forces described above have existed for quite some time, although the pace of development in many of these areas has quickened as a result of homeland security initiatives.

Accordingly, pilot programs have been started or are being planned in various sectors to gain practical experience with various existing and emerging technological and procedural applications and processes before decisions are made on their adoption. Pilot programs (see Appendices B and C) such as Operation Safe Commerce, Sim-Tag, Cargo Handling Cooperative Program, and Smart and Secure Trade Lanes involve the testing of, and comparison between, different monitoring and identification systems of shipments as well as the handling of those shipments through the intermodal transportation chain. Each pilot program is intended to provide insights that may be relevant to determining future economic, policy, and regulatory priorities and requirements.

For all of the reasons stated above, the interconnection of information systems across large transportation sectors is likely to develop further. Transport carriers, shippers, and manufacturers will likely find economic value in increasing the efficiency of their operations by development and deployment of multifunctional and multifirm intelligent management systems. Similarly, government systems and the interconnection of commercial and government systems are likely to be used increasingly in satisfying complex policy and regulatory requirements. However, as the web of interconnected information systems increases to fulfill these requirements, it is likely to become more susceptible to unauthorized access, improper use, and denial-of-service attacks.¹ That is, the natural solution for the current set of economic and regulatory problems could become the cause of a host of cybersecurity problems if it is not implemented properly (CSTB 2002a).

Various architectural and technical mechanisms can be used to maintain security across interconnected systems, such as firewalls and different access control levels. However, regardless of the specific mechanism, they all essentially rely on authentication, the identification of every person or computer that accesses the system. The stronger the mechanism of identification, the stronger the overall security of the system. For example, most stand-alone and interconnected systems, including PCs, departmental servers, mainframes, and enterprise-spanning Web-based services, rely on a simple username and password combination to identify each person who should be allowed to access the system. Although many techniques have been developed to “increase the security” of the simple password

scheme (e.g., stamping additional numbers on the back of credit cards or requiring at least six characters in a password), most security experts agree that passwords are a weak authentication mechanism because it is relatively easy for an intruder to acquire such information. In an interconnected system, the potential problems caused by weak authentication mechanisms are amplified significantly because of the increased number of entry points into the system. Furthermore, access to one part of the system could lead to access to other parts of the system, if not to the entire system. As important as the authentication of individuals in an interconnected system is the authentication of every system that accesses another system.

The importance of credible authentication in interconnected systems has been well known for more than 20 years. Moreover, various competing theories and technologies have evolved over that time to address these concerns, primarily through the use of cryptographic techniques that rely on mathematical approaches to ensure that the authentication information cannot be stolen or forged (CSTB 1996). Credible authentication is based on a set of “digital certificates” (i.e., credentials) that have been “digitally signed” (i.e., authenticated) by a “trusted entity.”²

The use of digital certificates and signatures went a long way toward solving the wide-scale software authentication problem. Support for digital certificates, which were first developed in a widespread manner in the mid-1990s with the Netscape Web browser, has since been added to most e-mail software for the authentication and encryption of e-mail, although it is not yet widely used. Digital certificates and signatures are often used in conjunction with hardware devices such as smart cards and smart tokens to further strengthen the authentication scheme used by a system.

Historically, the primary interface between the real world and the cyberworld has been a human being: someone interprets real-world activities and enters data into the computer system, or someone is provided tasking by the computer and performs a real-world chore. Embedded processors transfer information directly between the real world and the cyberworld. They are already used in the transportation sector, primarily for the monitoring and identification of shipments, and

that use could grow. Radio frequency identification (RFID) tags, e-sensors, and e-seals, together with their electronic readers at all relevant points, are examples of embedded processors.

RFID tags are used to provide an automated means of identifying an asset or its declared contents, or both. These tags can be either active or passive. Active RFID uses an internal power source (e.g., battery) within the tag to continuously power the tag and its RF communication circuitry, whereas passive RFID relies on RF energy transferred from the reader to the tag to power the tag. Passive RFID operation requires strong signals from the reader, and the signal strength returned from the tag is low because of the limited energy. As with any RFID system, one of the vulnerabilities to cyberattack occurs at the point where the tag communicates with the reader. The simplicity of passive RFID tags makes them relatively easy to “spoof.” Active RFID systems, on the other hand, can include authentication and encryption techniques similar to those of any computer network. Some of their cybersecurity challenges are therefore similar to those of other IT systems, as discussed above.

E-sensors make use of embedded processors to detect and document environmental characteristics or changes to a shipment along its route. For example, temperature sensors can be used on refrigerated containers to detect whether the internal temperature was maintained within proper limits over the entire route. Certain types of sensors have been used for some time in various applications in the transportation sector but are now, to some degree, being integrated with embedded processors. For example, a temperature e-sensor can record the actual temperature of the shipment over the entire route, and the temperature data can be stored in a tamper-indicative manner by using a variety of hardware and software techniques. E-sensors also can be configured to document container intrusions.

Seals, whether electronic or mechanical, are placed on shipments or structures to detect an unauthorized entry (thereby alerting officials to the need for further inspections) or deter intrusions because of the fear of detection. They can be designed for different applications. For example, e-seals on a container door might store information about the container, the declaration of its contents, and its intended route through the system. E-seals can document when the seal was opened. In combination with digital certificates and signatures, an e-seal also could document whether the individuals sealing and unsealing the container were authorized.

While these technologies are intended to enable monitoring of shipments and physical security, they all use IT and are linked to IT systems. Thus the additional

connection points (e.g., electronic readers) may increase cybervulnerability. A full assessment of the potential cybersecurity vulnerabilities that would be created through the widespread adoption of these technologies in the freight transportation industry is needed (see Task 1 in Chapter 3), perhaps as part of the larger study that is the focus of this report.

In addition to the embedded devices described above, enabling technologies, including public-key cryptography, biometrics, and wireless communication tracking, are of potential use in the transportation sector’s IT infrastructure and are relevant from a cybersecurity perspective.

Cryptography has been used across a range of application areas for more than 25 years to ensure that information is exchanged privately between two entities over a network. Cryptography is the basis for most “secure” Web-based activities and “secure” e-mail applications, and it is supported by all major software applications. The need for strong cryptographic techniques in electronic commerce has led to its widespread availability beyond traditional military applications.

Biometric devices are used to authenticate human beings on the basis of one or more physical attributes such as a retina or iris pattern, a fingerprint, digital face recognition, or voice pattern. As such, this limits access to a specific person, not just to someone who knows certain information (i.e., a password) or holds certain credentials (e.g., a digital certificate). Biometric devices can be used in conjunction with a smart card (or smart token) and a digital certificate to improve authentication. [The report Who Goes There? Authentication Technologies and Their Privacy Implications (CSTB 2003b) has a more in-depth discussion of biometrics as an authentication technology, commonsense rules for the uses of biometrics, and potential privacy and other social implications of their use.]

Wireless communication tracking systems are used in the domestic transportation sector to monitor the location of shipments along their route. In some cases, the shipment reports its location using wireless communication to a control system, while in other cases the shipment simply records its location along its route, and those data are gathered at a control point.

It will be important to closely monitor ongoing and planned pilot programs (e.g., Operation Safe Commerce and Smart and Secure Trade Lanes) intended to test these technologies to determine what role, if any, they might have in enhancing supply chain security. Standardization efforts of various national and international organizations and institutions (e.g., the Auto-ID Center at the

Massachusetts Institute of Technology and the International Organization for Standardization) and the degree to which such efforts would address recognized cybersecurity vulnerabilities of the technologies and their possible commercial deployment are also worth monitoring.

Proper paperwork, including the bill of lading, work order, and letters of credit, is essential to the movement of shipments. The electronic exchange of documents required throughout the shipping process is becoming more and more common. Mature EDI standards exist for the transportation sector, and operational systems are already in use by large and small organizations within the sector.

The first electronic documents to be exchanged were those directly related to money, such as purchase orders, work orders, invoices, and payments. For example, 96 percent of all invoices generated by Union Pacific are exchanged electronically. The electronic exchange of other documents in the shipping process is increasing, to the extent that no paper document is ever generated in some cases. For example, 80 percent of all FedEx orders are placed electronically over the Internet, and corresponding electronic invoices and credit-card receipts are sent to the consumer.

Historically, the validity of a shipping document was verified by human beings along the route who physically examined the document itself and any attached seal. Some fraudulent or forged documents would routinely be detected, but some would not. In general, the system was designed to limit the number of improper documents to an acceptable level across the entire transportation sector. The steady move toward electronic documents, however, could significantly alter that delicate balance because electronic documents are easily reproduced, altered, or forged if they are not implemented properly. More important, it is practically impossible for a human being to detect such a forgery, let alone monitor the rapidly increasing number of documents being exchanged.

The use of a cryptographically generated signature on a sensitive document that is exchanged between two information systems helps ensure the authenticity of the document author and that it can be exchanged privately with another party. As discussed above, such technology has been used extensively in many application areas and is widely available. An effective digital signature would reduce the vulnerability of a document to tampering and fraudulent use.

The transportation sector in general and system developers in particular have not to any large degree incorporated digital signatures into emerging systems

and standards. To date, forgeries in the freight transportation industry have had few implications beyond finance. If weapons of mass destruction were to be smuggled, however, forgery might be an integral part of the deception. The study that is outlined here should analyze the use of digital signatures on electronic documents and determine whether steps could be taken to encourage more widespread use.

In many cases, the worst cybersecurity problems result from the first wave of productivity enhancements gained by computer-assisted systems. That is, when computerized systems are first deployed to increase productivity, they naturally cause a change in the business processes and procedures followed by human beings to do their job. If the consequences of those human-oriented changes are not considered by the system designers, a wrongdoer could take advantage of those changes and cause more difficult problems than were possible before (CSTB 2003a, 80–81). Similarly, equipping electronic documents with digital signatures based on strong cryptography might create an environment in which the electronic documents would replace paper-based documents, thus possibly altering normal business processes and procedures.

The productivity enhancements provided by electronic documents come at a price. Widespread use of electronic documents would require development of an electronic infrastructure to support the authentication of individuals and organizations, document standards across a range of transportation sectors, and a set of auditing processes to ensure that the system is working properly. Such infrastructure elements are being developed across a wide range of business sectors and are starting to evolve in the transportation sector. The study that is outlined here should consider the value of pilot programs to identify the various issues and challenges surrounding the creation of such an electronic infrastructure throughout the transportation sector.

As in the deployment of any technology, the deployment of EDI could result in new or additional vulnerabilities and consequences. They could result from alteration of existing business practices (e.g., the involvement of one less person in a check-and-validation process) and the development of infrastructure elements across various business sectors (e.g., two incompatible systems are “united” by a third “mediating” system), among other causes.

Economic forces are pushing most systems toward Internet communications as the result of widespread, near-universal access. Consumer-oriented carriers handle a significant portion of their business over the Internet, keeping pace with

the general push toward online commerce in all sectors. Similarly, business-to-business carriers are also starting to use the Internet for a significant portion of their transactions.

With the increased use of the Internet has come an increased awareness of the need for secure communications and stronger authentication techniques in most information systems, especially those using the Internet. Hardware-based authentication tokens, which are issued to users who need to access a system over the Internet or by use of some other remote access technology, either replace or augment a conventional password system to strengthen the remote authentication process. For example, FedEx uses 20,000 tokens to provide system access at various levels to remote users. Virtual private network (VPN) technology has been developed to provide extra levels of security for remote user-to-system and system-to-system communication over the Internet. VPN technology creates a virtual network on top of the Internet that allows access only to a specified set of users and systems. The VPN technology has well-established hardware and software standards. VPN works for prearranged situations involving a small number of systems.

One of the challenges still facing Internet developers is that of availability. As the Internet is increasingly used as the primary communication method between transportation systems, the ability to transmit data reliably across the Internet becomes more critical. Internet availability is a double-edged sword. On one hand, the Internet is vast, with many redundant paths between all points—local and even regional breakdowns in one part of the Internet are healed relatively quickly by rerouting traffic around the problem areas (CSTB 2002b, 2). On the other hand, key resources on the Internet depend on standard software components that are under continuous attack from a variety of sources constantly looking for ways to make them fail. For example, attacks on the Domain Name Service and Sendmail servers have demonstrated the susceptibility of these widespread components.

As stated previously, the most difficult security aspect of any large networked system such as the Internet is that the attacks can come from virtually anywhere in a nearly anonymous manner (using current authentication methods). Denial-of-service attacks have been conducted for a long period of time by a wide range of people located around the world. More important, such attacks are inherently difficult to prevent, and it is difficult to track down the perpetrators. Owners of key transportation systems that use the Internet for communication purposes should be aware of the risk of such attacks. Protective measures are often used as a normal part of the business process.

Since the introduction of Web-based application techniques in the early 1990s, decentralized information systems have emerged as an alternative system architecture to the prevalent centralized systems. That is, instead of having a small number of servers that provide services to a large number of users (the centralized approach), systems are now designed with a larger number of servers that communicate directly with each other to provide services (the decentralized approach). Decentralized systems have an inherent ability to work around local and regional network outages, communicating whenever possible, but otherwise not preventing local users from continuing to work. Early applications such as Napster allowed music files to be exchanged between peer systems, while mainstream software applications such as Groove allow peer-to-peer processing of typical business documents. The security implications of decentralized systems include the lack of a centralized “authority” to authenticate that all the users and computers in the system are who they purport to be.

CSTB Computer Science and Telecommunications Board

Air Transport Association. 2002. Annual Report. Washington, D.C.

Association of American Railroads. 2003. Facts About Railroads. Policy and Economics Department, Jan. 10. www.aar.org/PubCommon/Documents/AboutTheIndustry/Statistics.pdf.

Chopra, S., and P. Meindl. 2001. Supply Chain Management: Strategy Planning and Operation. Prentice Hall, Upper Saddle River, N.J.

CSTB. 1994. Continued Review of the Tax Systems Modernization of the Internal Revenue Service. National Research Council, Washington, D.C. www.cstb.org/pub_irscontinuedreview.html.

CSTB. 1996. Cryptography’s Role in Securing the Information Society. National Academies Press, Washington, D.C.

CSTB. 2002a. Cybersecurity Today and Tomorrow: Pay Now or Pay Later. National Academies Press, Washington, D.C.

CSTB. 2002b. The Internet Under Crisis Conditions: Learning from September 11. National Academies Press, Washington, D.C.

CSTB. 2003a. Information Technology for Counterterrorism: Immediate Actions and Future Possibilities. National Academies Press, Washington, D.C.

CSTB. 2003b. Who Goes There? Authentication Technologies and Their Privacy Implications. National Academies Press, Washington, D.C.

Kiely, D. 1999. XML: More Than Just a Quick Fix, Extensible Markup Language Is Seen as a Universal Object Model That Will Enhance Web Development and Simplify Application Integration. Information Week, Feb. 8.

McDougall, P. 2003. Nissan’s I.T. Road Map: Integration and Security Top Automaker’s Project List. Information Week, Feb. 10.

Radding, A. 2000. A New Approach to Integration: E-Commerce Requires Companies to Integrate Processes at Many Levels with Multiple Partners. Information Week, Aug. 28.

This page intentionally left blank.