National Academies Press: OpenBook
« Previous: 2 Freight Information System Technologies
Page 39
Suggested Citation:"3 Planning a Full Study." Transportation Research Board and National Research Council. 2003. Cybersecurity of Freight Information Systems: A Scoping Study -- Special Report 274. Washington, DC: The National Academies Press. doi: 10.17226/10730.
×

3
PLANNING A FULL STUDY

As discussed in previous chapters, the freight transportation industry’s information systems may be vulnerable to cyberattacks. The consequences of a cyber-attack could be serious, both economically and physically. Further study is needed to identify specific vulnerabilities and risks and develop possible strategies to address those vulnerabilities while minimizing the costs of doing so. Such studies are warranted for the following reasons:

  • Information technology (IT) is becoming increasingly central to freight transportation.

  • With all IT come cybersecurity issues that should be carefully considered, in particular in the post–September 11 environment.

  • Addressing cybersecurity issues presents the same conundrum as other security issues: a trade-off between risk reduction and the costs of implementation.

  • No mechanism exists for determining analytically how far to go in reducing vulnerability or which steps should have the highest priorities.

  • Not enough is yet known about cybersecurity as related to freight IT or the impact of potential measures to enhance security.

Therefore, the committee concludes that a need exists for a comprehensive study to assess the current challenges in cybersecurity in freight transportation information systems and to identify possible strategies to mitigate identified vulnerabilities. Such strategies must account for the company composition and structure in each mode, the operations the companies perform, and the information systems they use. They must be based on an analysis of security gaps, the

Page 40
Suggested Citation:"3 Planning a Full Study." Transportation Research Board and National Research Council. 2003. Cybersecurity of Freight Information Systems: A Scoping Study -- Special Report 274. Washington, DC: The National Academies Press. doi: 10.17226/10730.
×

advantages and disadvantages of current and emerging technology and processes that could be implemented to enhance cybersecurity, and the ability of transport companies to implement them. The analysis that would permit such strategies to be developed has not been conducted. The committee discusses some elements of the required analysis below.

ASSESSING SECURITY ISSUES

It is generally understood that achieving cybersecurity requires a two-step risk assessment. First, an analysis must be performed to identify overall system vulnerabilities, the threats that might exploit those vulnerabilities, and the consequences if the threats were indeed carried out. Figure 3-1 illustrates the interrelationship of these factors. Second, a risk management analysis must be conducted to evaluate possible measures to enhance cybersecurity, their costs, and their benefits. As discussed in Chapter 2, the nature of the coordinated information system that serves the nation’s freight transportation system makes this risk analysis extraordinarily difficult compared with other computer security assessments. Nonetheless, this analysis of the overall interconnected system, as well as the individual subsystems, could be an important factor in reducing vulnerability to terrorist attacks.

Actions to mitigate threats should depend on the specific threats considered plausible, the natures of the systems involved, and their owners. For example, a broad denial-of-service attack on the Bureau of Customs and Border Protection’s Automated Manifest System could shut down this necessary interaction point for all international shipments into the United States (see Appendix D).

FIGURE 3-1 Factors involved in cybersecurity assessments.

Page 41
Suggested Citation:"3 Planning a Full Study." Transportation Research Board and National Research Council. 2003. Cybersecurity of Freight Information Systems: A Scoping Study -- Special Report 274. Washington, DC: The National Academies Press. doi: 10.17226/10730.
×

Without this system, international transportation activities could grind to a halt, with significant economic consequences for U.S. manufacturers and businesses and, ultimately, the U.S. economy. The U.S. government is responsible for countering such threats. Alternatively, a disabling attack on the dispatch system of a large carrier could bring that operation to a halt (and, correspondingly, all transportation activities linked to it). When potential targets are individually owned and operated systems, the design and implementation of the solution move to the companies that own these systems.

Diversity characterizes the freight transportation sector. Achieving information system security demands a certain continuity of system design, implementation, and security procedures that does not readily permit the flexibility that might be desirable in accommodating such a diverse range of participants. As a result, careful identification of possible measures is required.

The choice of measures to counter cyberterrorism must consider economic as well as security issues. Ignoring cost could have serious economic consequences, handing terrorists one of their stated objectives. It is difficult to estimate economic impacts across a broad sector such as freight transportation. Nonetheless, it must be recognized that this sector operates on tight profit margins. Implementation of cybersecurity measures is unlikely to be optimal unless economic benefits accompany the security solutions. Figure 3-2 provides a visualization of the overlap between measures to improve security and measures to improve economic performance; some security initiatives may improve economic performance, and others may not. Prioritization of possible measures for a diverse consortium of participants must be sensitive to this point as a specific aspect of the risk management analysis. Another example of the tension between the diversity of the community and the continuity required for cybersecurity concerns evaluation of cybersecurity capabilities. Important questions must be addressed, including who would perform the monitoring role, how it would be accomplished (for example, whether penetration tests would be conducted), how frequently evaluations would occur, and how they would be reported.

In view of these points, the process of evaluating possible measures and eventually selecting some for implementation must be an integrated effort that is based on a risk prioritization methodology and a cost–benefit methodology that are shared and understood by all affected members of the freight transportation community. The prioritization methodology should account for the consequences of potential attacks; the availability, efficacy, and cost of possible measures; their side benefits; and the distribution of costs and benefits to community members and the nation as a whole. At present, no such methodology is in use or under

Page 42
Suggested Citation:"3 Planning a Full Study." Transportation Research Board and National Research Council. 2003. Cybersecurity of Freight Information Systems: A Scoping Study -- Special Report 274. Washington, DC: The National Academies Press. doi: 10.17226/10730.
×

FIGURE 3-2 Relationship between security and economic benefits: (a) little or no economic benefit to security enhancements; (b) significant economic benefit to security enhancements.

development. In addition, no single organization has a mandate to develop and manage the use of such a methodology. This report provides a set of recommendations that, if followed, would be the start of a process for selecting, implementing, and managing measures for countering potential terrorist cyberattacks.

The study suggested here is intended to provide a strategy for approaching these issues. It might be necessary to involve several entities in the conduct of the study. The National Academies could do some of the work, but this is not a proposal for an Academies study. Industry consultants might collect data. One or more federally funded research and development centers could do the detailed analysis. Various academic research programs also could be involved.

In all these tasks, it will be necessary to impose strict conditions on the information collected and on the way it is processed. Not only is company confidentiality a major concern, but so is the possibility that the information might

Page 43
Suggested Citation:"3 Planning a Full Study." Transportation Research Board and National Research Council. 2003. Cybersecurity of Freight Information Systems: A Scoping Study -- Special Report 274. Washington, DC: The National Academies Press. doi: 10.17226/10730.
×

be compromised by the terrorists that the study is intended to combat. Also, for all these tasks, it will be important to study not only private freight information systems, but also those government information systems that interface with the freight transportation sector (e.g., the various information systems operated by Customs and Border Protection).

STUDY PLAN

Task 1. Determine the chief vulnerabilities of freight transportation information systems. No complete system description exists of the use of IT in the transportation sector. The first step of this task is to identify at least the major components that can affect cybersecurity and their interconnections. Part of this task would be to understand the role that these IT components play in normal operations so that the consequences of their loss to cyberattacks can be understood. Information on backup systems should also be sought.

This information might be obtained with a survey (if consistent with current administration requirements) and then a series of interviews. A variety of companies in each mode must cooperate to ensure adequate coverage and mask company-specific data. In many cases, the information will be already available. It will not be necessary to have great detail as to which company uses which technology. Rather, information concerning the general prevalence of different types of systems in each mode and their interconnections is desired.

Then the systems—and the intermodal, interconnected system—can be examined for vulnerabilities and the potential consequences if those vulnerabilities should be exploited. Much of this work would reflect generic IT vulnerability studies, but the specific use of the technologies in the freight industry would have to be reviewed. A variety of plausible attack scenarios would then be tested on the different modes to assess the systems as they exist now and as they are evolving in order to understand the likelihood of success and the extent of the consequences. The purpose would be to develop a preliminary list of the vulnerabilities that should be considered in the tasks below. As shown in Figure 3-1, priority should be a function of the plausibility of the type of threat that could exploit the vulnerability, the ease of exploiting the vulnerability, and the consequences. Of particular interest would be the ease of shutting down large parts of the system and the possibility of malicious use of the system.

This task might identify or develop a methodology to determine the prioritization analytically on the basis of these factors. The great diversity of transportation modes and company characteristics suggests that a large

Page 44
Suggested Citation:"3 Planning a Full Study." Transportation Research Board and National Research Council. 2003. Cybersecurity of Freight Information Systems: A Scoping Study -- Special Report 274. Washington, DC: The National Academies Press. doi: 10.17226/10730.
×

number of cases must be considered and that potential remedial measures could differ widely. However prioritization is determined, it will be important to maintain a system-level perspective to identify, assess, and compare the security issues at the level of components, subsystems, and the overall system.

Task 2. Review current industry and government practices addressing IT security. Security practices will be difficult to obtain in detail. Most companies will be understandably reluctant to discuss their practices and protective hardware and software because of concern that any revelations could compromise security. It may be possible, as in Task 1, to obtain this information by interviews conducted under stringent departmental assurances of nondisclosure. As in Task 1, an exhaustive list of which companies use which measures is not necessary, just a general sense of the level of security in each mode.

Representative companies and government agencies might be presented with a menu of security options and asked what they use. This information could then be compiled without identifying the source.

One concern, however, is that the effectiveness of these options often lies in the stringency with which they are implemented. For example, if an employee forgets his smart token but can log on anyway through a back door, security will be compromised to some degree. That information will be even more difficult to procure and may even be unknown to most company officials. Interviewers must be well versed in the technology and its use and prepared to probe for details. Another possibility might be for the government to fund a series of pilot studies of various technologies and processes to see how well they work in specific contexts.

Task 3. Determine the potential for IT-related security enhancements in the sector. This task is, in part, a follow-up to Tasks 1 and 2 and could lead to a prioritization of possible measures to reduce vulnerability. The purpose would not be to identify which measures specific companies should take, but to provide a general sense of the important identified cybervulnerabilities that could be addressed and the approximate costs of doing so.

Possible measures to address the vulnerabilities identified in Tasks 1 and 2 should be identified for each mode and for the overall freight transportation system, because of its pervasive intermodal nature, as well as for technologies and processes as they are now and as they may evolve. Analyses should be made of the expected costs (including potential interference with normal operations) in countering these vulnerabilities.

Page 45
Suggested Citation:"3 Planning a Full Study." Transportation Research Board and National Research Council. 2003. Cybersecurity of Freight Information Systems: A Scoping Study -- Special Report 274. Washington, DC: The National Academies Press. doi: 10.17226/10730.
×

Then an additional factor can be added to the prioritization of Task 1: the costs of reducing vulnerability. This refinement may change the list of priorities. For example, a vulnerability that might result in only a moderate-consequence incident could rise on the list if the cost of remedying it were small and could actually involve significant improvements in operational efficiency. Alternatively, a vulnerability subject to a high-consequence attack that can only be addressed with very expensive fixes might drop in priority.

In connection with this task, emerging technologies and practices should be examined to determine what role, if any, they could play in addressing identified cybersecurity gaps and deficiencies. Integral to such an assessment should be both an analysis of various modes of the industry and an analysis of the overall, intermodal freight transportation system, along with an assessment of how realistic and attractive these technologies and practices would appear to decision makers—that is, their economic and operational incentives and disincentives. Companies must believe that the benefits of their investments are commensurate with the costs. If a measure improves both security and efficiency at a reasonable cost, it may be implemented as a matter of course (although these measures must compete for a place above the cutoff point on the list of potential investments that all companies consider). Other concepts might require government support because the benefits to the company are insufficient. In addition, IT may decline in cost with increasing scale of deployment. This pattern may or may not apply to cybersecurity technology. Therefore, this task should examine potential cost changes and the possibility that targeted deployment strategies might make prioritized cybersecurity measures more attractive. What might now be impractical could become cost-effective within a few years.

In addition, there should be study of “upstream” scientific and technological developments that may result in new opportunities for IT application in the future.

Task 4. Analyze policies to reduce cybervulnerability. The U.S. government could play a useful role in disseminating information on new security options and best practices. For example, the pilot studies listed in Appendix B may identify promising measures to enhance cybersecurity, but unless they are recognized by companies that can use them, they will not be implemented. The study could identify likely means, such as an annual symposium to discuss innovations or a series of training sessions.

The study also might identify follow-up studies to determine the extent to which these options were being implemented. For example, it might suggest

Page 46
Suggested Citation:"3 Planning a Full Study." Transportation Research Board and National Research Council. 2003. Cybersecurity of Freight Information Systems: A Scoping Study -- Special Report 274. Washington, DC: The National Academies Press. doi: 10.17226/10730.
×

government–industry cooperation in performing cybersecurity validations, perhaps including “red teaming” to test security. It should apply the same tests to government’s connections to the private-sector IT systems.

Finally, this task might develop a set of cybersecurity guidelines and recommendations, or at least suggest a methodology to determine how much security is enough. It could analyze how to promote the use of such guidelines most effectively.

Task 5. Assess the economic impacts of cost increases in the freight transportation industry. Some cybersecurity measures may bring with them corresponding economic benefits. For example, the use of digital signatures might reduce costs related to errors and fraud detection and management. The resulting improved service could also increase customer confidence. However, certain measures might protect against low-likelihood but very high-consequence events, such as those that may help enable the transport of weapons of mass destruction. Such measures are less likely to have ancillary benefits but could result in significant additional costs. The public might benefit from a reduction in the risk of a catastrophe, but the companies making the investment may not. Even cost-effective measures may be problematical for companies that are making no profit. The costs of increased cybersecurity could ultimately affect all companies that rely on the transport industry. This task should deal with the following issues:

  1. At what levels and distribution of costs for security does the economic impact become a concern, for the freight industry itself, its users, and the U.S. economy?

  2. On the basis of existing models for relating economic inputs and outputs, what changes in economic outputs might result from varying levels of investment in security?

  3. Given the tight margins associated with the freight industry, is there a significant possibility of economic damage to the companies that constitute this industry?

  4. For investments that may be needed for national security purposes but that provide little or no advantage to the company implementing the measures, what form of government participation (e.g., tax credits) would be most effective?

Results should be quantitative and be developed for a wide set of assumptions in order to permit consideration of a significant range of possible outputs.

Page 39
Suggested Citation:"3 Planning a Full Study." Transportation Research Board and National Research Council. 2003. Cybersecurity of Freight Information Systems: A Scoping Study -- Special Report 274. Washington, DC: The National Academies Press. doi: 10.17226/10730.
×
Page 39
Page 40
Suggested Citation:"3 Planning a Full Study." Transportation Research Board and National Research Council. 2003. Cybersecurity of Freight Information Systems: A Scoping Study -- Special Report 274. Washington, DC: The National Academies Press. doi: 10.17226/10730.
×
Page 40
Page 41
Suggested Citation:"3 Planning a Full Study." Transportation Research Board and National Research Council. 2003. Cybersecurity of Freight Information Systems: A Scoping Study -- Special Report 274. Washington, DC: The National Academies Press. doi: 10.17226/10730.
×
Page 41
Page 42
Suggested Citation:"3 Planning a Full Study." Transportation Research Board and National Research Council. 2003. Cybersecurity of Freight Information Systems: A Scoping Study -- Special Report 274. Washington, DC: The National Academies Press. doi: 10.17226/10730.
×
Page 42
Page 43
Suggested Citation:"3 Planning a Full Study." Transportation Research Board and National Research Council. 2003. Cybersecurity of Freight Information Systems: A Scoping Study -- Special Report 274. Washington, DC: The National Academies Press. doi: 10.17226/10730.
×
Page 43
Page 44
Suggested Citation:"3 Planning a Full Study." Transportation Research Board and National Research Council. 2003. Cybersecurity of Freight Information Systems: A Scoping Study -- Special Report 274. Washington, DC: The National Academies Press. doi: 10.17226/10730.
×
Page 44
Page 45
Suggested Citation:"3 Planning a Full Study." Transportation Research Board and National Research Council. 2003. Cybersecurity of Freight Information Systems: A Scoping Study -- Special Report 274. Washington, DC: The National Academies Press. doi: 10.17226/10730.
×
Page 45
Page 46
Suggested Citation:"3 Planning a Full Study." Transportation Research Board and National Research Council. 2003. Cybersecurity of Freight Information Systems: A Scoping Study -- Special Report 274. Washington, DC: The National Academies Press. doi: 10.17226/10730.
×
Page 46
Next: A Information Management Systems in the International Liner Shipping Industry »
Cybersecurity of Freight Information Systems: A Scoping Study -- Special Report 274 Get This Book
×
MyNAP members save 10% online.
Login or Register to save!
Download Free PDF

TRB Special Report 274 - Cybersecurity of Freight Information Systems: A Scoping Study reviews trends in the use of information technology in the freight transportation industry and assesses potential vulnerabilities to a cyberattack. Special Report 274 Summary

  1. ×

    Welcome to OpenBook!

    You're looking at OpenBook, NAP.edu's online reading room since 1999. Based on feedback from you, our users, we've made some improvements that make it easier than ever to read thousands of publications on our website.

    Do you want to take a quick tour of the OpenBook's features?

    No Thanks Take a Tour »
  2. ×

    Show this book's table of contents, where you can jump to any chapter by name.

    « Back Next »
  3. ×

    ...or use these buttons to go back to the previous chapter or skip to the next one.

    « Back Next »
  4. ×

    Jump up to the previous page or down to the next one. Also, you can type in a page number and press Enter to go directly to that page in the book.

    « Back Next »
  5. ×

    Switch between the Original Pages, where you can read the report as it appeared in print, and Text Pages for the web version, where you can highlight and search the text.

    « Back Next »
  6. ×

    To search the entire text of this book, type in your search term here and press Enter.

    « Back Next »
  7. ×

    Share a link to this book page on your preferred social network or via email.

    « Back Next »
  8. ×

    View our suggested citation for this chapter.

    « Back Next »
  9. ×

    Ready to take your reading offline? Click here to buy this book in print or download it as a free PDF, if available.

    « Back Next »
Stay Connected!