National Academies Press: OpenBook
« Previous: Front Matter
Page 2
Suggested Citation:"Contents." National Academies of Sciences, Engineering, and Medicine. 2019. Security 101: A Physical and Cybersecurity Primer for Transportation Agencies. Washington, DC: The National Academies Press. doi: 10.17226/25554.
×
Page 2
Page 3
Suggested Citation:"Contents." National Academies of Sciences, Engineering, and Medicine. 2019. Security 101: A Physical and Cybersecurity Primer for Transportation Agencies. Washington, DC: The National Academies Press. doi: 10.17226/25554.
×
Page 3
Page 4
Suggested Citation:"Contents." National Academies of Sciences, Engineering, and Medicine. 2019. Security 101: A Physical and Cybersecurity Primer for Transportation Agencies. Washington, DC: The National Academies Press. doi: 10.17226/25554.
×
Page 4
Page 5
Suggested Citation:"Contents." National Academies of Sciences, Engineering, and Medicine. 2019. Security 101: A Physical and Cybersecurity Primer for Transportation Agencies. Washington, DC: The National Academies Press. doi: 10.17226/25554.
×
Page 5

Below is the uncorrected machine-read text of this chapter, intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text of each book. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

2 Contents Summary ..................................................................................................................................... 6 Chapter 1 Risk Management, Risk Assessment and Asset Evaluation ...................................... 9 Chapter 2 Plans and Strategies ................................................................................................. 48 Chapter 3 Security Countermeasures ....................................................................................... 62 Chapter 4 Cybersecurity ........................................................................................................... 98 Chapter 5 Workforce Planning and Training/Exercises ......................................................... 113 Chapter 6 Infrastructure Protection and Resilience ................................................................ 166 Chapter 7 Homeland Security Laws, Directives, and Guidance ............................................ 184 

3 Table of Figures Figure 1: Risk Management/Risk Mitigation Strategies. . ............................................................ 10 Figure 2: Risk Equation. ............................................................................................................... 11 Figure 3: Risk Scenario Based Process. ........................................................................................ 14 Figure 4: MnDOT Integrated Risk Management & Business Planning Process ........................... 15 Figure 5: MnDOT ERM Framework ............................................................................................. 15 Figure 6: MnDOT Risk Register Report ....................................................................................... 18 Figure 7: National Infrastructure Protection Plan (2013) .............................................................. 18 Figure 8: Security Countermeasures by Type of Adversary. ........................................................ 34 Figure 9: Transportation Sector Profile – Transportation Systems Sector-Specific Plan .............. 38 Figure 10: Analytical Risk Management (ARM) at a Glance ....................................................... 39 Figure 11: DHS TRAM Vulnerability Assessment - Decision Tree Analysis .............................. 39 Figure 12: Critical Asset Evaluation Step ..................................................................................... 40 Figure 13: Vulnerability Communications Access Paths to Control Systems .............................. 42 Figure 14: “Pair Wise” Consequence Assessment ........................................................................ 43 Figure 15: FTA Threat and Vulnerability Resolution Matrix ....................................................... 44 Figure 16: APTA SS-ECS-RP-001-13 | Cybersecurity Considerations for Public Transit ........... 45 Figure 17: APTA SS-ECS-RP-001-13 | Cybersecurity Considerations for Public Transit ........... 45 Figure 18: Hazard and Security Plan Development. ..................................................................... 50 Figure 19: Cybersecurity Risk-Based Framework. ....................................................................... 55 Figure 20: Security Countermeasures Cost Scale .......................................................................... 59 Figure 21: Countermeasures Scale by Protection, Cost, Effect. .................................................... 62 Figure 22: Layers of Security. ....................................................................................................... 65 Figure 23: Security Signs .............................................................................................................. 66 Figure 24: Use of Fencing as a Security Countermeasure with Defensive Layers. ....................... 69 Figure 25: Truck Striking Barrier. ................................................................................................. 70 Figure 26: Crash-rated Fence. ....................................................................................................... 70 Figure 27: Cable Barrier Deployable as a Means for Fencing Reinforcement.. ............................ 71 Figure 28: Barriers as Countermeasures ........................................................................................ 72 Figure 29: Retractable Bollards, Crash Beams. ............................................................................. 72 Figure 30: Mobile Wedge Barrier ................................................................................................. 73 Figure 31: Rising Barricade........................................................................................................... 73 Figure 32: Proposal for the Re-Design of the Washington Monument Grounds. ......................... 74 Figure 33: Interior Intrusion Sensors – Applications Index. ......................................................... 76 Figure 34: Exterior Intrusion Sensors – Applications Index. ........................................................ 77 Figure 35: Cipher Access Control Barrier: .................................................................................... 79 Figure 36: Token-based Drop Arm Barrier System ...................................................................... 79 Figure 37: Biometric Technologies Including Iris Recognition, Fingerprint Identification, Voice Recognition and Palm Print Identification. ................................................................................... 80 Figure 38: Saver Highlight CCTV. ............................................................................................... 82 Figure 39: Overt CCTV Camera. .................................................................................................. 83 Figure 40: Overt CCTV Camera. .................................................................................................. 83 Figure 41: Thermal Imaging Camera and Photo. .......................................................................... 84 Figure 42: Screen Size Image Projections. .................................................................................... 85 Figure 43 Closed-circuit Television Image. .................................................................................. 87

4 Figure 44: Summary of Critical Controls Best Practices. ............................................................. 89 Figure 45: Typical Transportation System Network with Countermeasures ................................ 93 Figure 46: Typical Transportation System Network without Countermeasures ........................... 93 Figure 47: CSET Four Step Process .............................................................................................. 96 Figure 48: MARTA Cybersecurity High-Level Timeline ............................................................. 97 Figure 49: Security Credential Management System (SCMS) Functionality. ............................ 108 Figure 50: Transportation Security Force Planning Flow Chart ................................................. 118 Figure 51: FBI Advisory. Source: Federal Bureau of Investigation ............................................ 130 Figure 52: "If You See Something, Say Something™" Campaign Materials. ............................ 130 Figure 53: First Observer Plus™ Video Training. ...................................................................... 131 Figure 54: Cybersecurity STOP. THINK. CONNECT.™ Awareness Material ......................... 143 Figure 55: Data Privacy Day Campaign Material. ...................................................................... 144 Figure 56: Security Exercise Types by Planning/Training Requirements. .................................. 152 Figure 57: Relationship between Security and Resilience. ......................................................... 167 Figure 58: Transit Assets and Cyber Systems ............................................................................. 169 Figure 59: Transportation Tunnel Types. .................................................................................... 180 Figure 60: Transportation Security Administration Organization Chart. .................................... 185 Figure 61: Department of Homeland Security Top-Level Organization Chart. .......................... 186 Figure 62: Core Capabilities by Mission Area.. .......................................................................... 193 Figure 63: ESF #1 Annex sections “Scope” and “Relationship to Whole Community”. ............ 199 Figure 64: Sector-Specific Agencies and Critical Infrastructure Sectors . .................................. 202 Figure 65: Activities included in NIPP Critical Infrastructure Risk Management Framework. . 203 Figure 66: Transportation Systems Sector Goals and Priorities. ................................................. 204 Figure 67: Alignment of Transportation Sector Priorities to the Joint National Priorities and the NIPP 2013 Goals.. ....................................................................................................................... 205 Figure 68: Contribution of Transportation Sector Priorities to the NIPP 2013 Calls to Action.. 208 Table 1: Evacuation Distance by Threat and Explosive Mass ...................................................... 19 Table 2: Effects and Treatment of Some Chemical Weapons Developed for Military Use .......... 21 Table 3: Varying Toxicity of Chemicals: ...................................................................................... 22 Table 4: Disease, Incubation Period and Symptoms for Selected Category A and Category B Biological Agents .......................................................................................................................... 23 Table 5: Criminals by Levels of Sophistication ............................................................................ 35 Table 6: Protesters ......................................................................................................................... 35 Table 7: Terrorists by Areas of Operation and Levels of Sophistication ...................................... 36 Table 8: Levels of Security............................................................................................................ 63 Table 9: Countermeasures Rating Scale ........................................................................................ 64 Table 10: Vehicle and Crash Ratings ............................................................................................ 69 Table 11: Lamp Type, Life and Efficiency. .................................................................................. 75 Table 12: Checklist For Sizing or Engineering an Access Control System .................................. 81 Table 13 Operational Context and Applicability ........................................................................... 86 Table 14: Cyber Resilience Capabilities ..................................................................................... 111 Table 15 Staffing Level for Trespass Incidents: .......................................................................... 119 Table 16: Staffing Level for Patrol Activity ................................................................................ 120

5 Table 17: Staffing Level for Tunnel Checks ............................................................................... 120 Table 18: Staffing Level for Vulnerability Reduction Activity .................................................. 120 Table 19: Cybersecurity Career Path Template ........................................................................... 122 Table 20: Training Delivery Methods – Advantages and Disadvantages ................................... 147 Table 21: 2010 MTI Study on Effectiveness of Transit Security Awareness Campaigns in the San Francisco Bay Area Metrics ........................................................................................................ 151 Table 22: Security Exercise Description of Purpose ................................................................... 153 Table 23: Advantages/Disadvantages of Discussion-based and Operations-Based Exercises .... 153 Table 24: Critical Transportation Assets and Cyber Systems ..................................................... 168 Table 25: Critical Asset Value .................................................................................................... 172 Table 26: Bridge and Tunnel Critical Asset Prioritization .......................................................... 173 Table 27: Facility Security Level Matrix .................................................................................... 175 Table 28: Purpose of Transportation-Related HSPDs, PPDs, and Executive Orders ................. 189    

Next: Summary »
Security 101: A Physical and Cybersecurity Primer for Transportation Agencies Get This Book
×
MyNAP members save 10% online.
Login or Register to save!
Download Free PDF

Since 2009, when NCHRP's last Security 101 report was released, there have been significant advances in transportation security approaches, including new strategies, programs, and ways of doing business that have increased the security of transportation systems as well as ensured their resiliency.

Hazards and threats to the system have also continued to evolve since 2009. While the incidence of large-scale terrorist attacks has remained small, transportation agencies are at increasingly greater risk from system-disrupting events due to natural causes, unintentional human intervention, and intentional criminal acts, such as active-shooter incidents. Cyber risks also are increasing, and can impact not only data, but the control systems - like tunnel-ventilation systems - operated by transportation agencies.

This update, a pre-publication draft of NCHRP Research Report 930: Security 101: A Physical and Cybersecurity Primer for Transportation Agencies, provides valuable information about current and accepted practices associated with both physical and cyber security and its applicability to surface transportation.

  1. ×

    Welcome to OpenBook!

    You're looking at OpenBook, NAP.edu's online reading room since 1999. Based on feedback from you, our users, we've made some improvements that make it easier than ever to read thousands of publications on our website.

    Do you want to take a quick tour of the OpenBook's features?

    No Thanks Take a Tour »
  2. ×

    Show this book's table of contents, where you can jump to any chapter by name.

    « Back Next »
  3. ×

    ...or use these buttons to go back to the previous chapter or skip to the next one.

    « Back Next »
  4. ×

    Jump up to the previous page or down to the next one. Also, you can type in a page number and press Enter to go directly to that page in the book.

    « Back Next »
  5. ×

    To search the entire text of this book, type in your search term here and press Enter.

    « Back Next »
  6. ×

    Share a link to this book page on your preferred social network or via email.

    « Back Next »
  7. ×

    View our suggested citation for this chapter.

    « Back Next »
  8. ×

    Ready to take your reading offline? Click here to buy this book in print or download it as a free PDF, if available.

    « Back Next »
Stay Connected!