Strengthening the Cybersecurity of Industrial Control Systems
Volpe’s multi-year initiative with the Department of Homeland Security (DHS) provides innovative solutions for reducing the threat and severity of transportation-related cyber-attacks against industrial control systems that are part of the nation’s critical infrastructure. These systems manage, command, direct, or regulate the behavior of other devices or systems used in industrial production, and play a key role in the production of goods and the provision of essential services.
DHS selected Volpe for this work with its Control System Security Program because of its extensive knowledge base, expertise in transportation and information systems, and over 40 years of experience in developing and implementing complex technology-based systems.
The Challenge
The Department of Homeland Security is responsible for creating a safe, secure, and resilient cyber ecosystem and for promoting cybersecurity knowledge and innovation. Homeland Security Presidential Directive-7 established national policy for federal agencies to protect the nation’s 18 critical infrastructure/key resource sectors from cyber-attacks. These sectors have physical or virtual assets, systems, and networks so vital to the United States that their breakdown or destruction would have a devastating effect on security, national economic security, public health, and safety.
Industrial control systems within each of these critical infrastructure/key resource sectors are becoming increasingly dependent on information technology. With this dependency comes an increased vulnerability to hacking and malware.
The Solution
Volpe is providing DHS with a comprehensive range of expertise addressing transportation control system cybersecurity across all transportation modes.
Volpe’s activities include the following:
- Identifying and assessing the vulnerabilities of major systems nationwide.
- Preparing a transportation control system security roadmap with information on how to enhance transportation control system security.
- Developing a national cyber incident response plan.
- Creating a prototype research and simulation cyber laboratory for testing and validating transportation control system cybersecurity measures.
- Developing transportation-based scenarios for cyber exercises at the national level.
- Providing stakeholder outreach, awareness, educational support, and enhanced professional capacity building.
- Expanding collaborative cybersecurity efforts to other U.S. and international members of the transportation community.
The Impact
Volpe’s collaboration with the Department of Homeland Security has contributed to reducing the success and severity of cyber attacks against critical infrastructure control systems.
Despite a steady increase in the risk and impact of cyber vulnerabilities affecting the nation’s critical infrastructure sectors, DHS reports that control system owners, operators, and manufacturers are successfully applying anti-malware, intrusion detection, and user authentication measures to their systems, based in part on the Control System Security Program research and outreach.