National Academies Press: OpenBook
« Previous: Chapter 3 Agency Practices
Page 15
Suggested Citation:"Chapter 4 Updated Guide." National Academies of Sciences, Engineering, and Medicine. 2020. Developing a Physical and Cyber Security Primer for Transportation Agencies. Washington, DC: The National Academies Press. doi: 10.17226/25869.
×
Page 15
Page 16
Suggested Citation:"Chapter 4 Updated Guide." National Academies of Sciences, Engineering, and Medicine. 2020. Developing a Physical and Cyber Security Primer for Transportation Agencies. Washington, DC: The National Academies Press. doi: 10.17226/25869.
×
Page 16

Below is the uncorrected machine-read text of this chapter, intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text of each book. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

14 Chapter 4 Updated Guide NCHRP REPORT 525, VOLUME 14: SECURITY 101: A PHYSICAL SECURITY PRIMER FOR TRANSPORTATION AGENCIES (2009) provided transportation managers and employees with an introductory-level reference document containing essential security concepts, guidelines, definitions, and standards. NCHRP WEB-ONLY DOCUMENT 221/TCRP WEB-ONLY DOCUMENT 67: PROTECTION OF TRANSPORTATION INFRASTRUCTURE FROM CYBER ATTACKS: A PRIMER (2015) provided transportation organizations basic reference material concerning cyber security concepts, guidelines, definitions and standards and identified effective practices that can be used to protect transportation systems from cyber events and to mitigate damage should an incident or breach occur. NCHRP RESEARCH REPORT 930: UPDATE OF SECURITY 101: A PHYSICAL AND CYBER SECURITY PRIMER FOR TRANSPORTATION AGENCIES provides valuable information about current and accepted practices associated with both physical and cyber security and its applicability to surface transportation. The main audience for this document is transportation personnel without a security background whose work requires them to address, perform, or supervise security activities as part of their overall job responsibilities. Although the document is designed for those with minimal or no formal security training or experience, the guide is also a handy reference guide sufficiently detailed to be of use to security professionals as well. Each chapter addresses fundamental aspects of security strategy, management, or planning. Chapter summaries follow. 1. Risk Management and Risk Assessment As noted in the first edition of Security 101, risk management is the appropriate starting point for any decision making about security, infrastructure protection and resilience. This chapter provides background on risk management and information on risk assessment and how it can be used to improve decision making in managing transportation physical and cyber assets. The information contained in the chapter defines risks to transportation systems, explains risk management and associated processes and provides agencies with an understanding of risk and its relationship to security, infrastructure protection and resilience. The chapter includes discussion on enterprise risk management and use of a risk register, risk assessment frameworks, and the application of risk in asset management programs. 2. Plans and Strategies This chapter addresses security planning and strategies including developing enterprise-wide approaches to cyber security enhancement and governance strategies. The chapter highlights the core components of a comprehensive security plan, current national frameworks, strategies and guidance related to cyber security planning. 3. Physical and Cyber Security Countermeasures This chapter discusses the many tools and countermeasures used to improve the security of critical infrastructure and facilities, and other areas. Physical security countermeasures include signs; emergency telephones, duress alarms, and assistance stations; key controls and locks; protective barriers; protective lighting; alarm and intrusion detection systems; electronic access

15 control systems; and surveillance systems and monitoring. For nonpublic spaces, access control, perimeter security, intrusion detection systems, and other similar types of technology are deployed to protect facilities from external losses. Cyber security tools and countermeasures available to address transportation systems are based on NCHRP WEB-ONLY DOCUMENT 221 AND TCRP WEB-ONLY DOCUMENT 67: PROTECTION OF TRANSPORTATION INFRASTRUCTURE FROM CYBER ATTACKS: A PRIMER (2015), a basic reference material concerning cyber security concepts, guidelines, definitions and standards, and on ACRP REPORT 140: GUIDEBOOK ON BEST PRACTICES FOR AIRPORT CYBERSECURITY (2015) that provides resources for airport managers and IT staff to reduce or mitigate inherent risks of cyberattacks on technology-based systems. This information is supplemented with guidance and practices from other sources such as NIST Information Security guides and DHS or FHWA cyber security recommendations. 4. Cyber Security This chapter provides an overview of cyber security and why it is important for transportation systems. It highlights common myths about cyber security and transportation systems to dispel misunderstandings and to enable transportation agencies to more efficiently and effectively improve the cyber security and resilience of critical transportation infrastructure. The chapter also contains a summary of issues of particular relevance to transportation system cyber security such as Control Systems and Information Technology, data security, cyber-physical systems and emerging trends. 5. Workforce Planning and Training/Exercises This chapter emphasizes the role of the workforce by highlighting its contribution to security and cyber security culture. It contains information on developing and maintaining an effective security-aware and focused transportation agency workforce and then focuses on workforce planning and awareness and training programs for physical security and cyber security personnel of state DOTs and transit agencies. Training delivery and evaluation issues, and exercises, exercise types, and the Homeland Security Exercise and Evaluation Program (HSEEP) are also discussed. A comprehensive checklist for a full-scale exercise is provided. 6. Infrastructure Protection and Resilience This chapter provides an overview of the significant role transportation agencies have in infrastructure protection such as controlling access to critical components, establishing coordination with law enforcement to ensure quick response to incidents, conducting risk and vulnerability assessments, and taking action to mitigate the effects of those risks and vulnerabilities. It also includes information to assist transportation agencies in understanding the impact of a shift in focus from protection of assets to resilience of systems. 7. Homeland Security Laws, Directives, and Guidance This section contains an overview of public laws, presidential directives, national frameworks and strategies that establish the legal authorities related to physical and cyber security.

Next: Chapter 5 Future Research Needs »
Developing a Physical and Cyber Security Primer for Transportation Agencies Get This Book
×
MyNAP members save 10% online.
Login or Register to save!
Download Free PDF

Small events pose threats of great consequences since the impact of any incident is magnified when a transportation network is operating at or past its capacity—as is the case in portions of many states as travel demand on their transportation networks grows.

The TRB National Cooperative Highway Research Program's NCHRP Web-Only Document 266: Developing a Physical and Cyber Security Primer for Transportation Agencies is a supplemental document to NCHRP Research Report 930: Update of Security 101: A Physical Security and Cybersecurity Primer for Transportation Agencies.

  1. ×

    Welcome to OpenBook!

    You're looking at OpenBook, NAP.edu's online reading room since 1999. Based on feedback from you, our users, we've made some improvements that make it easier than ever to read thousands of publications on our website.

    Do you want to take a quick tour of the OpenBook's features?

    No Thanks Take a Tour »
  2. ×

    Show this book's table of contents, where you can jump to any chapter by name.

    « Back Next »
  3. ×

    ...or use these buttons to go back to the previous chapter or skip to the next one.

    « Back Next »
  4. ×

    Jump up to the previous page or down to the next one. Also, you can type in a page number and press Enter to go directly to that page in the book.

    « Back Next »
  5. ×

    To search the entire text of this book, type in your search term here and press Enter.

    « Back Next »
  6. ×

    Share a link to this book page on your preferred social network or via email.

    « Back Next »
  7. ×

    View our suggested citation for this chapter.

    « Back Next »
  8. ×

    Ready to take your reading offline? Click here to buy this book in print or download it as a free PDF, if available.

    « Back Next »
Stay Connected!