APTA 2006 RAIL CONFERENCE - PowerPoint PPT Presentation

1 / 10
About This Presentation
Title:

APTA 2006 RAIL CONFERENCE

Description:

Control System for Rail. Controls the system process ... from National Laboratories and National Institute of Standards and Technology ... – PowerPoint PPT presentation

Number of Views:50
Avg rating:3.0/5.0
Slides: 11
Provided by: robert702
Category:
Tags: apta | conference | rail

less

Transcript and Presenter's Notes

Title: APTA 2006 RAIL CONFERENCE


1
APTA 2006 RAIL CONFERENCE
Cyber Security for Railway Control An Overview
  • Robert P. Evans
  • Idaho National Laboratory
  • Engineer

Investing Today for a Brighter Tomorrow
2
Outline
  • Introduce Rail Control System Cyber Security
  • Describe Government Support for this Area
  • Describe APTA Communications Subcommittee Control
    System Cyber Security Working Group and its Goals
  • Status Report on these Efforts

2006 APTA RAIL CONFERENCE Investing Today for a
Brighter Tomorrow
3
Control System for Rail
  • Controls the system process
  • Provides the control logic and safety functions
  • Provides for the transport and storage of
    information
  • Includes all the hardware and software including
    sensors, controllers, actuators, wiring, HMIs,
    etc.

2006 APTA RAIL CONFERENCE Investing Today for a
Brighter Tomorrow
4
Attack Targets
  • Petroleum 28
  • Power and utilities 19
  • Transportation 16
  • Chemical 14
  • Other 23


  • Eric Byres

2006 APTA RAIL CONFERENCE Investing Today for a
Brighter Tomorrow
5
Methods of Cyber Attacks on Control Systems
  • Using malware or directed attacks
  • Disruption of control system operation by
    delaying or blocking information flow
  • Sending of false information
  • Modification of control system software
  • Interfere with operation of safety systems
  • Making unauthorized changes to program
    instructions or set points

2006 APTA RAIL CONFERENCE Investing Today for a
Brighter Tomorrow
6
Government Support
  • February, 2003 the National Strategy to Secure
    Cyberspace called for DHS . . . to work in
    partnership with industry to . . . develop best
    practices . . . to increase security of DCS/SCADA
    . . .
  • DHS identified 13 critical infrastructure
    sectors, including transportation
  • Support for Transportation Security is coming
    from National Laboratories and National Institute
    of Standards and Technology
  • Two National Laboratories (Idaho National
    Laboratory and Sandia National Laboratories) are
    supporting APTA by co-chairing the Control
    Systems Security Working Group of the
    Communications subcommittee.

2006 APTA RAIL CONFERENCE Investing Today for a
Brighter Tomorrow
7
Idaho National Laboratory
  • Member of the Standards Awareness Team
  • Multi-Laboratory Team
  • Develop General Requirements for Control System
    Cyber Security
  • Control System Security Program
  • Assess Vulnerabilities and Risks
  • Enhance Security Awareness
  • Support Standards Bodies
  • National SCADA Test Bed Program
  • Test Commercial Control Systems for
    Vulnerabilities

2006 APTA RAIL CONFERENCE Investing Today for a
Brighter Tomorrow
8
Control System Security Working Group
  • Members represent transit agencies, equipment
    vendors, engineers, and consultants
  • Goal produce recommended practices for transit
    agencies to secure control and communications
    networks
  • Method leverage technical documents and
    standards from other sectors using control
    systems

2006 APTA RAIL CONFERENCE Investing Today for a
Brighter Tomorrow
9
Resources Available
  • Control system cyber security standards such as
  • ISA-99
  • NIST 800-82
  • NERC CIP
  • AGA 12

2006 APTA RAIL CONFERENCE Investing Today for a
Brighter Tomorrow
10
Recommended Practice - Preliminary
  • Title Recommended practice for a Communication
    and Control System Security Program within a
    Transit Agency
  • Part 1 Evaluation and Decision Making Relates
    Control System Security to existing physical,
    personnel and cyber security efforts and risk
    assessment/risk management
  • Part 2 Segmentation of Communication and
    Control System Networks A step-by-step method
    to segment control and communication networks by
    risk level and apply countermeasures.

2006 APTA RAIL CONFERENCE Investing Today for a
Brighter Tomorrow
Write a Comment
User Comments (0)
About PowerShow.com