Cybersecurity in Transport Systems (Transportation)

Contents
About the Editor
Introduction
1 Modernisation in transport
	1.1 Introduction
	1.2 Drivers of change in the transport sector
		1.2.1 Introduction
		1.2.2 Growth as a driver for change
		1.2.3 Performance drivers
		1.2.4 Network effects
		1.2.5 Regulatory drivers
		1.2.6 Trends in regulation
			1.2.6.1 Performance-based regulation
			1.2.6.2 Regulatory resources
			1.2.6.3 Privacy
	1.3 Convergence of OT and IT
		1.3.1 Operational technology
		1.3.2 Integration of IT into operations
		1.3.3 Mobility as a service
		1.3.4 IoT devices
		1.3.5 AI - attack and defence
		1.3.6 Growing hazards
	1.4 Cross sector examples of modernisation
		1.4.1 Introduction
		1.4.2 Global navigation satellite systems
		1.4.3 Passenger information systems
		1.4.4 On-board infotainment systems
		1.4.5 Retail systems
	1.5 Aviation modernisation
		1.5.1 Overview
		1.5.2 The connected aircraft
			1.5.2.1 Control of the aircraft
			1.5.2.2 Airline information services
			1.5.2.3 Passenger cabin entertainment
		1.5.3 Modernisation of communications networks
		1.5.4 Digital towers
		1.5.5 Surveillance in aviation
			1.5.5.1 Flight tracking applications
			1.5.5.2 ADS-B vulnerabilities
	1.6 Maritime modernisation
		1.6.1 Overview
		1.6.2 Automatic identification system
			1.6.2.1 Ship tracking applications
			1.6.2.2 AIS vulnerabilities
	1.7 Rail modernisation
		1.7.1 Overview
		1.7.2 The European rail traffic management system
		1.7.3 GNSS in rail
	1.8 Road modernisation
		1.8.1 Overview
		1.8.2 Highly automated vehicles
		1.8.3 Threats and vulnerabilities
		1.8.4 Data protection and privacy
		1.8.5 The Vienna convention
	1.9 Conclusions
	References
2 Navigating the transport system security landscape: threats, responses and governance
	2.1 Introduction
	2.2 Context
	2.3 Transport system evolution
	2.4 What are we trying to protect?
		2.4.1 Self-protection and collaborative support
		2.4.2 Assets
			2.4.2.1 Physical assets
			2.4.2.2 Human assets
			2.4.2.3 Information assets
			2.4.2.4 Organisational assets
			2.4.2.5 Service provision
	2.5 Threats and vulnerabilities
		2.5.1 Threats
		2.5.2 Threat agents
		2.5.3 Vulnerabilities
	2.6 Impacts
	2.7 Cyber-security incidents in transport
		2.7.1 Introduction
		2.7.2 Malware
			2.7.2.1 Rail signalling systems immobilized
			2.7.2.2 Flight-planning computer immobilized
			2.7.2.3 Air traffic control system loss of integrity
			2.7.2.4 Airport-targeted phishing scam
			2.7.2.5 Railway reservation systems made inaccessible
			2.7.2.6 Exposure of airport employee personal details
		2.7.3 System breaches
			2.7.3.1 Tram derailment
			2.7.3.2 Databases compromised
			2.7.3.3 Breach of cargo handling systems to enable drug smuggling
			2.7.3.4 Breach of airline booking system
		2.7.4 Remote monitoring, maintenance and control
			2.7.4.1 Loss of airport communications including ATC
			2.7.4.2 Remote access to control car systems
			2.7.4.3 Eavesdropping
			2.7.4.4 GNSS spoofing
		2.7.5 Unintentional acts
			2.7.5.1 Unintentional denial of GNSS service
	2.8 Responding to the challenge
		2.8.1 Introduction
		2.8.2 Cyber-security strategies
		2.8.3 Cyber resilience
		2.8.4 System-wide approach
		2.8.5 Holistic view
		2.8.6 System life cycle
		2.8.7 Common level of security
		2.8.8 Secure information sharing
		2.8.9 Handling security incidents
		2.8.10 Security culture
	2.9 Regulations, standards and guidance material
		2.9.1 Introduction
		2.9.2 Cross modal
			2.9.2.1 International standards and guidance
			2.9.2.2 Regional regulations
			2.9.2.3 National standards and guidance
		2.9.3 Aviation
			2.9.3.1 Global regulations, standards and guidance
			2.9.3.2 Regional regulations, standards and guidance
			2.9.3.3 National regulations, standards and guidance
			2.9.3.4 Observations
		2.9.4 Maritime
			2.9.4.1 Global standards
			2.9.4.2 Regional regulations and standards
			2.9.4.3 National regulations and standards
			2.9.4.4 Observations
		2.9.5 Rail
			2.9.5.1 Global standards and guidance
			2.9.5.2 Regional regulations and standards
			2.9.5.3 National regulations, standards and guidance
			2.9.5.4 Observations
		2.9.6 Road
			2.9.6.1 Guidance material
			2.9.6.2 Standards
			2.9.6.3 Regulations
			2.9.6.4 Observations
	2.10 Conclusions
	2.11 Forthcoming Developments
	References
3 Introduction to risk management
	3.1 Introduction
		3.1.1 Overview
		3.1.2 Risk management
		3.1.3 Risk and decision-making
			3.1.3.1 What is risk?
			3.1.3.2 Risk embodies knowledge
		3.1.4 Dealing with the extremes of impact and probability
		3.1.5 Taking decisions from risk assessment
		3.1.6 The language of risk
			3.1.6.1 Probability
			3.1.6.2 Likelihood
			3.1.6.3 Frequency
			3.1.6.4 Uncertainty
		3.1.7 Approaches to risk management
			3.1.7.1 Generalised approach to risk management
			3.1.7.2 Technical approach to risk management
	3.2 Cybersecurity risk management
		3.2.1 Introduction
		3.2.2 Cybersecurity risk concepts
			3.2.2.1 Assets
			3.2.2.2 Risk
			3.2.2.3 Threat
			3.2.2.4 Threat actor
			3.2.2.5 Attack method
			3.2.2.6 Vulnerability
			3.2.2.7 Impact
			3.2.2.8 Risk evaluation
			3.2.2.9 Security control
		3.2.3 Cybersecurity risk management standards
			3.2.3.1 Introduction
			3.2.3.2 ISO 27005
			3.2.3.3 Other risk frameworks
			3.2.3.4 Comparing risk frameworks
			3.2.3.5 Supply chain risk
		3.2.4 Analysing cybersecurity risk
		3.2.5 Resourcing cybersecurity risk management
	3.3 Walk-through of risk management
		3.3.1 Introduction
		3.3.2 Establishing the context
			3.3.2.1 Security criteria/objectives
			3.3.2.2 Estimating the impact of loss of CIA on each primary asset
			3.3.2.3 Impact categorization
		3.3.3 Risk assessment
			3.3.3.1 Risk identification
			3.3.3.2 Risk analysis
			3.3.3.3 Determining risk
			3.3.3.4 Risk evaluation
		3.3.4 Risk treatment
			3.3.4.1 Implementing controls
			3.3.4.2 Control specifications
		3.3.5 Communicating and consulting
		3.3.6 Risk monitoring and review
		3.3.7 System level risk management
	3.4 Conclusion
	References
4 Security management systems
	4.1 Introduction
	4.2 Security and operational continuity - organisational resilience
		4.2.1 Security
		4.2.2 Organisational security
		4.2.3 Resilience spectrum - beyond defending the fortress
		4.2.4 Critical infrastructure thinking
	4.3 Management systems
	4.4 Aspects of security management system implementation
		4.4.1 Introduction
		4.4.2 Implementing a security management system
		4.4.3 Human factors
			4.4.3.1 Security risk perception
			4.4.3.2 Incident situational awareness
		4.4.4 Organisational and security culture
		4.4.5 Reinventing the wheel - what can we learn from safety?
		4.4.6 Technological support for security management
	4.5 Collaborative security management
		4.5.1 Introduction
		4.5.2 Information Sharing and Analysis Centres
		4.5.3 Information exchange
		4.5.4 Information sharing methods
		4.5.5 Developing a collaborative approach
		4.5.6 Collaborative support
	4.6 Conclusions
	References
5 Security and safety
	5.1 Introduction
		5.1.1 Safety management and assurance
		5.1.2 Differences in risk management approaches
	5.2 Safety management
	5.3 Safety risk management
		5.3.1 Safety management without failure
		5.3.2 Safety management in failure conditions
	5.4 Safety assurance
	5.5 The safety case
		5.5.1 Safety case structure
	5.6 The security case
		5.6.1 Introduction
		5.6.2 Structure of a security case
		5.6.3 Security claim
		5.6.4 Argument 1: security policy
		5.6.5 Argument 2: security concept
		5.6.6 Argument 3: collaborative support
		5.6.7 Argument 4: incident preparedness and operational continuity management
		5.6.8 Argument 5: security interaction with outside systems
		5.6.9 Argument 6: credibility of the security case
		5.6.10 Argument 7: relationship between security and other KPIs
	5.7 Linking cybersecurity with safety
		5.7.1 Introduction
			5.7.1.1 Resilience
			5.7.1.2 Challenges in creating a resilience case
		5.7.2 Improve transport industry awareness and supporting guidance
		5.7.3 Agree a common cyber and safety taxonomy
		5.7.4 The extent that cyber and safety should be integrated
		5.7.5 Methodologies for integrating safety and security processes
			5.7.5.1 Cyber-physical systems safety and security alignment approach
			5.7.5.2 HAZOP-based security analysis
			5.7.5.3 System-theoretic process analysis applied to security
		5.7.6 Operational challenges in linking cybersecurity with safety
		5.7.7 Professional development
		5.7.8 Regulation and guidance
	5.8 Conclusions
	References
6 Prevention security controls
	6.1 Introduction
		6.1.1 Post-event controls
		6.1.2 Defence in depth and breadth
		6.1.3 Organisation of the chapter
	6.2 Designing in security through better software
		6.2.1 Introduction
		6.2.2 A hardware primer
		6.2.3 Introducing software
		6.2.4 Creating software
		6.2.5 How does software become vulnerable?
			6.2.5.1 What is a vulnerability?
			6.2.5.2 How do bugs arise?
		6.2.6 Summary
	6.3 Patch management
	6.4 Encryption
	6.5 Internet security
		6.5.1 Transmission of data
		6.5.2 IPSec
		6.5.3 Transport layer security
	6.6 Passwords
		6.6.1 Offline password cracking
		6.6.2 Rainbow tables
		6.6.3 Key derivation functions
		6.6.4 Password policies
		6.6.5 Multifactor authentication
	6.7 Malware protection
	6.8 Firewalls
		6.8.1 Packet filter firewalls
		6.8.2 Deep packet inspection
		6.8.3 Application-layer firewalls
		6.8.4 Implementation considerations
	6.9 Email security
		6.9.1 The email problem
			6.9.1.1 Introduction
			6.9.1.2 Email as a common point of entry
		6.9.2 Key components of email communication
		6.9.3 Securing email
		6.9.4 DMARC, SPF and DKIM
			6.9.4.1 Sender policy framework
			6.9.4.2 Domain keys identified mail
			6.9.4.3 DMARC
		6.9.5 Email security awareness
	6.10 Conclusion
	References
7 Threat identification, monitoring and detection
	7.1 Introduction
		7.1.1 Overview
		7.1.2 Why securing the perimeter is not enough
			7.1.2.1 The permeable organisation in the current threat landscape
			7.1.2.2 Cyber resilience
			7.1.2.3 The increasing capability of threat actors
			7.1.2.4 Chapter contents
	7.2 What are threats and how do we detect them?
		7.2.1 Threats and Threat Intelligence
		7.2.2 Types of threat intelligence
		7.2.3 Indicators of compromise
		7.2.4 Threat hunting
		7.2.5 Threat actors
		7.2.6 Threat analysis methods and frameworks
			7.2.6.1 Threat modelling
			7.2.6.2 STRIDE
			7.2.6.3 Adversary models
			7.2.6.4 The Cyber Kill Chain® as a framework for understanding cyber attacks
			7.2.6.5 MITRE ATT&CK Framework
	7.3 Monitoring and detection technologies
		7.3.1 Introduction
			7.3.1.1 Associated standards and regulation
		7.3.2 Log management
		7.3.3 Security information and event manager (SIEM)
		7.3.4 Network monitoring and intrusion detection systems (IDS)
			7.3.4.1 IDS Implementation considerations
			7.3.4.2 IDS limitations
			7.3.4.3 Summary
		7.3.5 Intrusion prevention
		7.3.6 Anomaly detection
			7.3.6.1 Baselining the network
			7.3.6.2 Anomaly detection algorithms and machine learning
			7.3.6.3 Monitoring decentralised networks
		7.3.7 End point detection and response
			7.3.7.1 Practical considerations with EDR
			7.3.7.2 Adding threat intelligence feeds into EDR
	7.4 Services
		7.4.1 Managed detection and response
		7.4.2 Security operations centre
			7.4.2.1 Implementing a SOC
		7.4.3 Computer emergency response teams
	7.5 Conclusions
	References
8 Technical response and correction
	8.1 Introduction
		8.1.1 Context
		8.1.2 What is an incident?
		8.1.3 Types of incidents
			8.1.3.1 Actor
			8.1.3.2 Actions
			8.1.3.3 Attributes
		8.1.4 Incident response
			8.1.4.1 Phases of an effective incident response
	8.2 Preparation
		8.2.1 Incident handling policy
		8.2.2 Definition of an incident
		8.2.3 Incident categorisation
		8.2.4 Responsibility for reporting an incident
		8.2.5 Roles and responsibilities
		8.2.6 Incident response plan
		8.2.7 Incident response team
		8.2.8 Extended incident response team
		8.2.9 Playbooks
		8.2.10 Supporting documentation
		8.2.11 Technology
		8.2.12 Workflow technology
		8.2.13 Investigative technology
		8.2.14 Remediation technology
		8.2.15 Training
		8.2.16 Reputation
	8.3 Incident analysis and investigation
		8.3.1 Event triage
			8.3.1.1 Effective triage
			8.3.1.2 The importance of visibility and automation in triage
		8.3.2 Scope of an investigation
			8.3.2.1 Analysis
			8.3.2.2 What to collect
			8.3.2.3 Methods of collection
			8.3.2.4 Inference
			8.3.2.5 Action
	8.4 Incident remediation
		8.4.1 Creating a remediation team
			8.4.1.1 Finding the right remediation owner
			8.4.1.2 Empowering security teams
			8.4.1.3 Securing incident communications from actors
		8.4.2 Creating a remediation plan
			8.4.2.1 Enabling the investigation and future remediation actions
			8.4.2.2 Logging and monitoring
			8.4.2.3 Configurations
			8.4.2.4 Software vulnerabilities
			8.4.2.5 Limiting disruption to compromised assets
			8.4.2.6 Internal and external communications
		8.4.3 Containment
			8.4.3.1 When to initiate containment
			8.4.3.2 Automated or human
			8.4.3.3 Sophistication
			8.4.3.4 Scope
			8.4.3.5 Timeframe
			8.4.3.6 Impact to critical business functions
			8.4.3.7 Examples of containment
			8.4.3.8 Company A
			8.4.3.9 Company B
		8.4.4 Eradication and recovery
			8.4.4.1 Eliminate attacker entry vector/s and persistence
			8.4.4.2 Execute recovery and prevent recurrence
			8.4.4.3 Eliminate attacker connectivity
		8.4.5 Post-mortem and continuous improvement
			8.4.5.1 Common lessons learned
	8.5 Closing remarks
	8.6 Case Study - Surviving the extinction event - The 2017 NotPetya attack
		8.6.1 What is an extinction event?
			8.6.1.1 What is the relevance to the transport sector?
		8.6.2 What are the causes of an extinction event?
			8.6.2.1 Technical sophistication
			8.6.2.2 Collateral damage
		8.6.3 Anticipating an extinction event
			8.6.3.1 The extinction event scenario
		8.6.4 Being ready
			8.6.4.1 Do the basics really, really well
			8.6.4.2 Have an answer to the \'what ifs\'
			8.6.4.3 Practice makes perfect
		8.6.5 Managing the event
			8.6.5.1 Reset your risk appetite
			8.6.5.2 Value your people
			8.6.5.3 Communicate, communicate, communicate
			8.6.5.4 Assume that help is not coming
			8.6.5.5 Keep your eye on the horizon
		8.6.6 Concluding an extinction event
			8.6.6.1 Celebrating success
			8.6.6.2 Closure
			8.6.6.3 Post-event
		8.6.7 Learning from the event
			8.6.7.1 Resilience
			8.6.7.2 Recovery
			8.6.7.3 Continuity
		8.6.8 Conclusion
	References
9 Autonomous vehicles - cybersecurity and privacy challenges and opportunities
	9.1 Introduction
	9.2 Cybersecurity of autonomous vehicles
		9.2.1 Vehicle networks and communications
			9.2.1.1 In-vehicle communications
			9.2.1.2 Extra-vehicle communications
		9.2.2 Cyber threats to CAVs
		9.2.3 Attacks on CAVs
			9.2.3.1 Global Positioning System
			9.2.3.2 Inertial Measurement Unit
			9.2.3.3 Monoscopic and stereoscopic cameras
			9.2.3.4 Passcode and key attacks
			9.2.3.5 V2X network attacks
			9.2.3.6 On-board diagnostics: port-based attacks
			9.2.3.7 ECU firmware tampering attacks
			9.2.3.8 Attacking machine learning models
		9.2.4 AI as a cybersecurity mechanism
			9.2.4.1 ML/DL in CAVs
		9.2.5 Open challenges
	9.3 Privacy in CAVs
		9.3.1 Privacy issues of CAVs
		9.3.2 Data generated by autonomous vehicles
		9.3.3 Who wants these data?
		9.3.4 Compliance with GDPR
		9.3.5 Privacy by design for CAVs
	9.4 Autonomous vehicle security: economics and wider landscape
		9.4.1 Investment in automotive vehicles
		9.4.2 Innovation in security and safety
		9.4.3 The autonomous vehicles landscape
	9.5 Maritime case study
		9.5.1 Autonomy and data: what it means to the maritime industry
		9.5.2 IMO approaching to autonomy
		9.5.3 Challenges of autonomy in maritime
		9.5.4 The future of autonomous shipping
	9.6 Conclusions
	Appendix: IoT communication protocols
	References
10 Continued transport modernisation and the implications for security
	10.1 The changing environment
	10.2 Research themes
	10.3 Theme 1: cyber and data solutions can help with physical security issues
		10.3.1 Crowd analysis and monitoring/crowd resilience
		10.3.2 Prediction for preventative security
		10.3.3 Theme 2: securing the decision-making process in autonomous systems
	10.4 Theme 3: securing the inputs
	10.5 Theme 4: securing the communications
	10.6 Theme 5: building trust between the human and the autonomous machine
		10.6.1 How do we gain trust in machine intelligence?
		10.6.2 Moving forward with assurance and accountability
	References
Appendix 1: Assuring the cybersecurity of rail systems
	Introduction
		Formal verification of protocols
		Cryptographic analysis
		Considering the future
	References
Index