National Academies Press: OpenBook
« Previous: Chapter 7 - Homeland Security Laws, Directives, and Guidance
Page 187
Suggested Citation:"References." National Academies of Sciences, Engineering, and Medicine. 2020. Update of Security 101: A Physical Security and Cybersecurity Primer for Transportation Agencies. Washington, DC: The National Academies Press. doi: 10.17226/25554.
×
Page 187
Page 188
Suggested Citation:"References." National Academies of Sciences, Engineering, and Medicine. 2020. Update of Security 101: A Physical Security and Cybersecurity Primer for Transportation Agencies. Washington, DC: The National Academies Press. doi: 10.17226/25554.
×
Page 188
Page 189
Suggested Citation:"References." National Academies of Sciences, Engineering, and Medicine. 2020. Update of Security 101: A Physical Security and Cybersecurity Primer for Transportation Agencies. Washington, DC: The National Academies Press. doi: 10.17226/25554.
×
Page 189
Page 190
Suggested Citation:"References." National Academies of Sciences, Engineering, and Medicine. 2020. Update of Security 101: A Physical Security and Cybersecurity Primer for Transportation Agencies. Washington, DC: The National Academies Press. doi: 10.17226/25554.
×
Page 190
Page 191
Suggested Citation:"References." National Academies of Sciences, Engineering, and Medicine. 2020. Update of Security 101: A Physical Security and Cybersecurity Primer for Transportation Agencies. Washington, DC: The National Academies Press. doi: 10.17226/25554.
×
Page 191

Below is the uncorrected machine-read text of this chapter, intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text of each book. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

187 AASHTO. (2002). Guide to Highway Vulnerability Assessment for Critical Asset Identification and Protection. AASHTO. (2015a). Fundamental Capabilities of Effective All-Hazards Infrastructure Protection, Resilience, and Emergency Management for State Departments of Transportation. AASHTO. (2015b). Managing Catastrophic Transportation Emergencies: A Guide for Transportation Executives. AASHTO. (2016). Understanding Transportation Resilience: A 2016–2018 Roadmap. AASHTO Blue Ribbon Panel on Bridge and Tunnel Security. (2003). Recommendations for Bridge and Tunnel Security. AASHTO SCOTSEM. (2016). Active Shooter Exercise. AASHTO/TRB. (2016). NCHRP 20-07/Task 408: Transportation System Management and Operations (TSMO) Workforce: Skills, Positions, Recruitment, Retention, and Career Development. APTA. (2007). Selection of Cameras, Digital Recording Systems, Digital High-Speed Networks and Trainlines for Use in Transit-Related CCTV Systems. APTA. (2012). SS-SRM-RP-005-12: Recommended Practice: Security Awareness Training for Transit Employees. APTA. (2013a). SS-SIS-RP-011-13: Recommended Practice: Securing Planning for Public Transit. APTA. (2013b). SS-SEM-S-004-09: Transit Incident Drills and Exercises. APTA. (2014). Cybersecurity Considerations for Public Transit. SS-ECS-RP-001-13. APTA. (2019). SS-CSS-WP-005-19: Recommended Practice: Securing Control and Communications Systems in Rail Transit Environments. APTA, DHS/TSA, and MARTA. (2013). Control Systems Security: A Conversation. Presentation at MARTA headquarters. Booz | Allen | Hamilton. (2011). Maturity Model for Cyber Operations. Brookings Institution. (2015). How State Governments Are Addressing Cybersecurity. Cisco Systems, Inc. (2014). Annual Security Report. COBIT 5 for Risk, the Information Systems Audit and Control Association. (2013). http://isaca.org/COBIT/ Pages/Risk-product-page.aspx Countermeasures Assessment & Security Experts LLC. (2008). Data Privacy Day Campaign Material. (2018). https://staysafeonline.org/data-privacy-day/ DHS. (n.d.a). National Cybersecurity Division Common Vulnerabilities and Exposures (CVEs). DHS. (2000). Cybersecurity Procurement Language for Control Systems. DHS. (2001). Common Cybersecurity Vulnerabilities in Industrial Control Systems. DHS. (2004). FEMA 426: Reference Manual to Mitigate Potential Terrorist Attacks Against Buildings. DHS. (2007). FEMA 430: Site and Urban Design for Security: Guidance Against Potential Terrorist Attacks. DHS. (2011). FEMA 426/BIPS 06 Second Edition: Reference Manual to Mitigate Potential Terrorist Attacks Against Buildings. DHS. (2013). National Infrastructure Protection Plan (NIPP): Partnering for Critical Infrastructure Security and Resilience. DHS. (2014). Workforce White Paper Version 2.0: Best Practices for Planning a Cybersecurity Workforce. DHS. (2015a). National Infrastructure Protection Plan (NIPP) Transportation Systems Sector-Specific Plan (TSSSP). DHS. (2015b). Transportation Systems Sector Cybersecurity Framework Implementation Guidance. DHS. (2016a). Cybersecurity Workforce Development Toolkit. DHS. (2016b). Risk Management Process for Federal Facilities: An Interagency Committee Standard. DHS. (n.d.b). Cybersecurity STOP. THINK. CONNECT.™. https://www.dhs.gov/stopthinkconnect DHS Cybersecurity and Infrastructure Security Agency (CISA). (n.d.). National Cybersecurity and Communica- tions Integration Center (NCCIC) Industrial Control System (ICS) Evaluation Tool. DHS/NCSD/CSSP. (2012). Roadmap to Secure Control Systems in the Transportation Sector. References

188 Update of Security 101: A Physical Security and Cybersecurity Primer for Transportation Agencies DHS Science and Technology Directorate. (2012). Building and Infrastructure Protection Series: Designing Buildings to Withstand Almost Anything. Energy Sector Control Systems Working Group. (2014). Cybersecurity Procurement Language for Energy Delivery Systems. FEMA. (2013a). Continuity Guidance Circular 1: Continuity Guidance for Non-Federal Governments (States, Territories, Tribes, and Local Government Jurisdictions). FEMA. (2013b). Emergency Support Function #1. FEMA. (2013c). Homeland Security Exercise and Evaluation Program (HSEEP). FEMA. (2015). National Preparedness Goal, Second Edition. FEMA. (2016a). National Disaster Recovery Framework, Second Edition. FEMA. (2016b). National Mitigation Framework, Second Edition. FEMA. (2016c). National Prevention Framework, Second Edition. FEMA. (2016d). National Response Framework, Third Edition. FHWA. (2012). Risk-Based Transportation Asset Management: Evaluating Threats, Capitalizing on Opportunities. Report 1: Overview of Risk Management. No. FHWA-HIF-12-035. G. Proctor and S. Varma. FHWA. (2015). Specifications for National Tunnel Inventory, FHWA-HIF-15-006. FHWA. (2016). FHWA-HIF-17-06. Fok, E. (February 2015). Cyber Security Challenges: Protecting Your Transportation Management Center. ITE Journal. FTA. (2003). Public Transportation System Security and Emergency Preparedness Planning Guide (SSEPP). FTA. (2004a). Security Design Considerations, Security Countermeasures by Type of Adversary. FTA. (2004b). Transit Security Design Considerations Final Report. FTA. (2014). Security and Emergency Preparedness Action Items for Transit Agencies: A Resource Document for Transit Agencies. Garcia, M. L. (2001). Design and Evaluation of Physical Protection Systems. Greenberg, A. (2017). Hackers Remotely Kill Jeep on Highway, With Me in It. WIRED.com Information Systems Audit and Control Association. (2013). Critical Controls for Effective Cyber Defense. Interagency Security Committee. (2015). Planning and Response to an Active Shooter. Interagency Security Committee. (2016). The Risk Management Process for Federal Facilities: An Interagency Security Committee Standard, Second Edition. International Risk Management Institute. (2017). The Betterley Report: Employment Practices Liability Insurance Market Survey. International Society of Automation/International Electrotechnical Commission. (2017). 62443 (formerly ISA-99). ITSA. (2015). Connected Vehicle Assessment—Cybersecurity and Dependable Transportation, Connected Vehicle Technology Scan Series. Lebanidze, E., and Ramsbrock, D. (2011). Guide to Developing a Cyber Security and Risk Mitigation Plan. National Rural Electric Cooperative Association. Michael Van Vandenburgh and Associates. (2001). Proposal for the Re-Design of the Washington Monument Grounds. Minnesota Department of Transportation. (2014). MnDOT Asset Management Plan Technical Guide. MITRE. (2011). Cyber Resiliency Engineering Framework. MTI. (2010). Exploring the Effectiveness of Transit Security Awareness Campaigns in the San Francisco Bay Area. MTI. (2014). Exercise Handbook: What Transportation Security and Emergency Preparedness Leaders Need to Know to Improve Emergency Preparedness. National Academy of Sciences. (2004a). Chemical Attack: Warfare Agents, Industrial Chemicals and Toxins. National Academy of Sciences. (2004b). Radiological Attack: Dirty Bombs and Other Devices. National Academy of Sciences. (2005a). Biological Attack: Human Pathogens, Biotoxins, and Agricultural Threats. National Academy of Sciences. (2005b). Nuclear Attack Fact Sheet. National Fire Protection Association. (2006). NFPA 730: Guide for Premises Security. National Fire Protection Association. (2011). NFPA 502: Standards for Road Tunnels, Bridges, and Other Limited Access Highways. National Ground Intelligence Center, U.S. Army Unclassified. (2005). Improvised Explosive Device (IED) Safe Standoff Distance Cheat Sheet. National Institute for Advanced Transportation Technology. (2005). Assessing the Security and Survivability of Transportation Control Networks. P. Oman. National Research Council. (2002). Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. National Research Council. (2010). Review of the Department of Homeland Security’s Approach to Risk Analysis. National Research Council. (2012). Disaster Resilience: A National Imperative. New Buildings Institute, Inc. (2003). Advanced Lighting Guidelines.

References 189 NHTSA. (2014). A Summary of Cybersecurity Best Practices. NICCS. (n.d.). National Initiative for Cybersecurity Careers and Studies (NICCS). http://niccs.us-cert.gov NIST. (2003). National Institute of Standards and Technology (NIST) Special Publication 800-50: Building an Information Technology Security Awareness and Training Program. NIST. (2006). National Institute of Standards and Technology (NIST) Special Publication 800-84: Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities. NIST. (2012). National Institute of Standards and Technology (NIST) Special Publication 800-30: Guide for Conducting Risk Assessments. NIST. (2013a). National Institute of Standards and Technology (NIST) Special Publication 800-53: Recommended Security Controls for Federal Information Systems and Organizations. NIST. (2013b). National Institute of Standards and Technology (NIST) Special Publication 800-82: Guide to Industrial Control Systems (ICS) Security. NIST. (2014a). National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity. NIST. (2014b). National Institute of Standards and Technology (NIST) Special Publication 800-16 Revision 1 Third Draft: A Role-Based Model for Federal Information Technology/Cyber Security Training. NIST. (2017). National Institute of Standards and Technology (NIST) Special Publication 800-171: Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations. NIST. (2018). Framework for Improving Critical Infrastructure Cybersecurity. M. P. Barrett. NIST. (2019). National Institute of Standards and Technology (NIST) National Vulnerability Database. https://nvd.nist.gov North American Electric Reliability Corporation. (2017). CIP-002-3. NSTC Subcommitee on Biometric Technologies. (n.d.). Including Iris Recognition, Fingerprint Identification, Voice Recognition and Palm Print Identification. NSTS. (2014). Report to Congress: National Strategy for Transportation Security. Ratcliffe, J. (2006). Center for Problem-Oriented Policing: Video Surveillance of Public Places Response Guide No. 4. SANS Institute. (2014). Industrial Control System (ICS) Cybersecurity Response to Physical Breaches of Unmanned Critical Infrastructure Sites, A SANS Analyst Whitepaper. SECured URban Transportation—European Demonstration (SECUR-ED). (2014). Cybersecurity Roadmap for Public Transportation Operators (PTOs). Security Signs http://www.safetysign.com Sheehan, R. J. (2014). Connected Vehicle Research Program. Presentation at U.S.DOT AASHTO Subcommittee on Systems Operation and Management Connected Vehicle Roundtable. System Assessment and Validation for Emergency Responders (SAVER). (2004). Intrusion Detection Sensors Handbook. System Assessment and Validation for Emergency Responders (SAVER). (2005). Closed Circuit Television Technology Highlight. Texas State University and FBI. (2014). A Study of Active Shooter Incidents, 2000–2013. Transportation Emergency Response Application (TERA) www.tera.train-emst.com TRB. (2003). TCRP Report 86, Volume 4: Intrusion Detection for Public Transportation Facilities Handbook. TRB. (2006a). NCHRP Report 525: Surface Transportation Security/TCRP Report 86: Continuity of Operations (COOP) Planning Guidelines for Transportation Agencies. TRB. (2006b). NCHRP Report 525: Surface Transportation Security, Volume 7: System Security Awareness for Transportation Employees. TRB. (2006c). NCHRP Report 525, Volume 12/TCRP Report 86: Making Transportation Tunnels Safe and Secure. TRB. (2006d). TCRP Report 86, Volume 9: Guidelines for Transportation Emergency Training Exercises. TRB. (2006e). TCRP Report 86, Volume 10: Hazard and Security Plan Workshop. TRB. (2009). NCHRP Report 525, Volume 14: Security 101: A Physical Security Primer for Transportation Agencies. TRB. (2010a). NCHRP Report 20-59(51)B: A Guide to Emergency Management at State Transportation Agencies, Second Edition. TRB. (2010b). TCRP Synthesis 80: Transit Security Update. TRB. (2011). TCRP Synthesis 93: Practices to Protect Bus Operators from Passenger Assault. TRB. (2013a). NCHRP Report 753: A Pre-Event Recovery Planning Guide for Transportation. TRB. (2013b). TCRP Report 162: Building a Sustainable Workforce in the Public Transportation Industry— A Systems Approach. TRB. (2013c). TCRP Web-Only Document 60/NCHRP Web-Only Document 200: Command-Level Decision- Making for Transit Emergency Managers. TRB. (2014a). NCHRP Report 20-59(43): Incorporating Transportation Security Awareness into Routine State DOT Operations and Training.

190 Update of Security 101: A Physical Security and Cybersecurity Primer for Transportation Agencies TRB. (2014b). NCHRP Report 793: Incorporating Transportation Security Awareness into Routine State DOT Operations and Training. TRB. (2014c). NCHRP Web-Only Document 203: Curriculum for New State DOT Transit Grant Managers in Administering Federal and State Transit Grants. TRB. (2015a). ACRP Report 140: Guidebook on Best Practices for Airport Cybersecurity. TRB. (2015b). NCHRP Report 816: Guide for the Preservation of Highway Tunnel Systems. TRB. (2015c). NCHRP Synthesis 468: Interactive Training for All-Hazards Emergency Planning, Preparation, and Response for Maintenance and Operations Field Personnel. TRB. (2015d). NCRRP Report 2: A Guide to Building and Retaining Workforce Capacity for the Railroad Industry. TRB. (2015e). TCRP Report 180: Policing and Security Practices for Small- and Medium-Sized Public Transit Systems. TRB. (2015; modified 2016). NCHRP Web-Only Document 221/TCRP Web-Only Document 67: Protection of Transportation Infrastructure from Cyber Attacks: A Primer. TRB. (2016). Effective Practices for the Protection of Transit Infrastructure from Cyber Incidents. Webinar. TRB. (2017a). NCHRP Web-Only Document 233: Mainstreaming Transportation Hazards and Security Risk Management: CAPTA Update and Implementation. TRB. (2017b). TCRP Research Report 193: Tools and Strategies for Eliminating Assaults Against Transit Operators. TRB. (2018). NCHRP 20-59(53): FLOODCAST—A Framework for Enhanced Flood Event Decision-Making for Transportation Resilience. TRB. (2019). NCHRP Research Report 931: A Guide to Emergency Management at State Transportation Agencies, Second Edition. TSA. (2017). Organization Chart. https://www.tsa.gov/about/tsa-leadership TSA. (n.d.). Stakeholder Best Practices Quick Reference Guide for Sensitive Security Information (SSI). https:// www.tsa.gov/for-industry/sensitive-security-information United States Army. (2001). Field Manual 3-19.30 (formerly FM 19-30). U.S. Army Corps of Engineers. (2006). Sign Standards Manual EP 310-1-6a. U.S. Congress. (2001). Aviation and Transportation Security Act (ATSA), Pub.L. 107-71. U.S. Department of Commerce. (2017). National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, Special Publication 800-181. U.S. Department of Justice. (1995). Vulnerability Assessment of Federal Facilities. U.S. Department of Labor, Employment and Training Administration. (2016). Training and Employment Notice on Release and Availability of a Final Report, Exploring the Role and Adoption of Technology-Based Training and Employment Services. U.S. DOD. (1999). Department of Defense Handbook: Selection and Application of Vehicle Barriers. U.S. DOD. (2017). Safeguarding Covered Defense Information and Cyber Incident Reporting. U.S. DOD/DOD UFC. (2006). Security Engineering Facilities Planning Manual Draft UFC 4-020-01. U.S.DOT. (2001). Surface Transportation Vulnerability Assessment, General Distribution Version. U.S.DOT. (2013). Security Credential Management System (SCMS). U.S.DOT. (2018). Transportation Safety Institute, Transit System Security Course FT00432. U.S.DOT. (2019). Connected Vehicle Pilot Deployment Program, Intelligent Transportation Systems Joint Program Office. U.S.DOT/FHWA. (2015). Improving Transportation Systems Management and Operations Capability Maturity Model Workshop White Paper—Organization and Staffing. U.S. Government. (1988). Pub. L. 100–707: Robert T. Stafford Disaster Relief and Emergency Assistance Act. U.S. Government. (1996). Emergency Management Assistance Compact. Pub.L. 104-321. U.S. Government. (2001). USA Patriot Act of 2001 (42 U.S.C. 5195c(e)). U.S. Government. (2002a). Homeland Security Act. 6 U.S.C. Ch. 1 § 101. U.S. Government. (2002b). Maritime Transportation Security Act (MTSA), Pub.L. 107-295. U.S. Government. (2004). Transportation Security Directive (SD) RAILPAX-04-02, 49 U.S.C. § 114. U.S. Government. (2006a). Post-Katrina Emergency Management Reform Act (PKEMRA), Pub.L. 109-295. U.S. Government. (2006b). Security and Accountability for Every (SAFE) Port Act. 6 U.S.C. Ch. 3 § 901 et seq. U.S. Government. (2007). Implementing Recommendations of the 9/11 Commission Act of 2007 (9/11 Commission Act), Public Law 110-53; 121 Stat. 266. U.S. Government. (2012). Moving Ahead for Progress in the 21st Century Act (MAP-21). U.S. Government. (2013). Pub. L. 113-2: Sandy Recovery Improvement Act (SRIA). U.S. Government. (2015). Fixing America’s Surface Transportation (FAST), Pub.L. 114-94. U.S. Government. (2016). Security Training for Surface Transportation Employees (81 FR 91336), Federal Register Volume 81, Issue 242. U.S. Government. (n.d.). Presidential Directives and Executive Orders—Affecting Transportation. https:// www.hsdl.org/c/section/executive-orders-and-presidential-directives/

References 191 U.S. Government. (n.d.). Protection of Sensitive Information, 49 C.F.R. Part 15. U.S. Government. Confidentiality of Investigation Reports and Security Plans, 49 C.F.R § 659.11 U.S. Office of Personnel Management. (2011). Training Evaluation Field Guide: Demonstrating the Value of Training at Every Level. Van Duren, D./FHWA. (2014). Presentation Slides on Cybersecurity Transportation Research Board (TRB): Connected Vehicles Security. The White House. (1998). Presidential Decision Directive (PDD-63): Protecting America’s Critical Infrastructure. The White House. (2011). Presidential Policy Directive 8 (PPD-8): National Preparedness. The White House. (2013a). Executive Order 13636: Improving Critical Infrastructure Cybersecurity. The White House. (2013b). Executive Order 13653: Preparing the United States for the Impacts of Climate Change. The White House. (2013c). Presidential Policy Directive 21 (PPD-21): Critical Infrastructure Security and Resilience. The White House. (2017a). Executive Order 13807: Establishing Discipline and Accountability in the Environmental Review and Permitting Process for Infrastructure Projects. The White House. (2017b). Executive Order 13766: Expediting Environmental Reviews and Approvals for High- Priority Infrastructure Projects. The White House. (2019). Executive Order 13800: Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.

Next: Appendix - Information Resources »
Update of Security 101: A Physical Security and Cybersecurity Primer for Transportation Agencies Get This Book
×
MyNAP members save 10% online.
Login or Register to save!
Download Free PDF

Since 2009, when NCHRP's last Security 101 report was released, there have been significant advances in transportation security approaches, including new strategies, programs, and ways of doing business that have increased the security of transportation systems as well as ensured their resiliency.

Hazards and threats to the system have also continued to evolve since 2009. While the incidence of large-scale terrorist attacks has remained small, transportation agencies are at increasingly greater risk from system-disrupting events due to natural causes, unintentional human intervention, and intentional criminal acts, such as active-shooter incidents. Cyber risks also are increasing and can impact not only data, but the control systems—like tunnel-ventilation systems—operated by transportation agencies.>

The TRB National Cooperative Highway Research Program's NCHRP Research Report 930: Update of Security 101: A Physical Security and Cybersecurity Primer for Transportation Agencies provides valuable information about current and accepted practices associated with both physical and cyber security and its applicability to surface transportation.

The report is accompanied by a PowerPoint for the project and NCHRP Web-Only Document 266: Developing a Physical and Cyber Security Primer for Transportation Agencies.

  1. ×

    Welcome to OpenBook!

    You're looking at OpenBook, NAP.edu's online reading room since 1999. Based on feedback from you, our users, we've made some improvements that make it easier than ever to read thousands of publications on our website.

    Do you want to take a quick tour of the OpenBook's features?

    No Thanks Take a Tour »
  2. ×

    Show this book's table of contents, where you can jump to any chapter by name.

    « Back Next »
  3. ×

    ...or use these buttons to go back to the previous chapter or skip to the next one.

    « Back Next »
  4. ×

    Jump up to the previous page or down to the next one. Also, you can type in a page number and press Enter to go directly to that page in the book.

    « Back Next »
  5. ×

    To search the entire text of this book, type in your search term here and press Enter.

    « Back Next »
  6. ×

    Share a link to this book page on your preferred social network or via email.

    « Back Next »
  7. ×

    View our suggested citation for this chapter.

    « Back Next »
  8. ×

    Ready to take your reading offline? Click here to buy this book in print or download it as a free PDF, if available.

    « Back Next »
Stay Connected!