Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
Cybersecurity for Tolling and Traffic Systems
The threat to roadside components
ICS Cybersecurity Threats Today
www.kapsch.net |
Security Hacks are Prolific…
July 6 2017 - Hackers Are Targeting Nuclear Facilities, Homeland Security Dept. and F.B.I. Say. Nicole Perlroth New York TimesJune 14, 2017 - Department of Homeland Security warned - North Korea using malicious software to set up networks of hijacked computer devices that can be used in large-scale cyberattacks on critical infrastructure. Bill Gertz - Washington Post October 19, 2016 - Trove of Stolen Data Is Said to Include Top-Secret U.S. Hacking Tools. Scott Shane, Matt Apuzzo and Jo Becker New York Times2016 SFG malware attacks. The Labs team at SentinelOne recently discovered a sophisticated malware dubbed Furtim specifically targeting at least one European energy company.2015 Ukrainian power outage. Experts speculated the involvement of the Russian Government. According to security experts, the BlackEnergy malware was a key element of the attack against Ukrainian power grid that caused the power outage.2013 New York dam attack. Iranian hackers penetrated the industrial control system of a dam near New York City in 2013, raising concerns about the security of US critical infrastructure.
9/21/2017 | 3
www.kapsch.net |
…and on the Rise…
9/21/2017 | 4
Hacking against infrastructure
components has jumped 110% from 2015 to 2016
“Security attacks on industrial control systems – How technology advances create risks for industrial organizations”. IBM X-Force; IBM Research Report, December 2016
The U.S. has highest incidents of attacks
against infrastructure
www.kapsch.net |
Cybersecurity Environment Today
9/21/2017 | 5
2016 survey of 500 security chiefs spread across
26 member countries in the Organization of American States (OAS).
www.kapsch.net |
Cybersecurity Environment Today
53% of respondents have seen an increase in cyberattacks against critical infrastructure over the past year.76% said cyberattacks were getting more sophisticated.44% of respondents reporting attempts to delete or destroy data.54% of respondents said attackers had tried to “manipulate equipment” through an industrial control system (ICS).40% had attempted to shut down computer networks altogether.
9/21/2017 | 6
www.kapsch.net |
Cybersecurity – SHODAN.IO
9/21/2017 | 7
www.kapsch.net |
Security Risks in Traffic and Tolling Systems
9/21/2017 | 8
Cybersecurity in Tolling & ITS
What to do?
Assess your Components
CamerasSwitchesWireless Access PointsControllersTraffic Sensors – All kindsRFID
Cybersecurity – Make a Plan
Assess your risk – What is the physical & digital impact?Select Security Controls - Protect confidentiality, availability, and integrity.Implement Security Controls – New as well as legacyMonitor Security Controls – Continuously track changes
www.kapsch.net |
Ensure Security across all Mobility Solutions From Highways to Cities.
12
HIGHWAY/MANAGED LANES
TRAFFICMANAGEMENT
HIGHWAY/MANAGED LANES
TOLLING
Trai
n
Bus
Traf
fic$
P
ALERT
URBAN TRAFFIC MANAGEMENT
PUBLICTRANSPORT
TUNNEL BRIDGE
PARKING
CORRIDOR MANAGEMENT
CONNECTED VEHICLES
CONGESTION CHARGING
DATA
SAFETY & SECURITY
Tolls
URBANACCESS
TRAFFIC LIGHT
CONTROL
Thank you for your attention
Mike Maitland
Product Manager, NA | Product & Solution ManagementTolling Solution Center
P +1 717-982-8549 | F +1 [email protected]
Kapsch TrafficCom North America 8201 Greensboro Drive | Suite 1002 | McLean, VA 22102 | USAwww.kapsch.net
http://www.125yearsofkapsch.net/
www.kapsch.net |
References
14
1. Green Lights Forever: Analyzing the Security of Traffic Infrastructure Branden Ghena, William Beyer, Allen Hillaker, Jonathan Pevarnek, and J. Alex Halderman Electrical Engineering and Computer Science Department University of Michigan {brghena, wbeyer, hillaker, jpevarne, jhalderm}@umich.edu
2. “Security attacks on industrial control systems – How technology advances create risks for industrial organizations”. IBM X-Force; IBM Research Report, December 2016
3. “Guide to Industrial Control Systems (ICS) Security” NIST Special Publication 800-2 Rev. 2; Keith Stouffer, Victoria Pillitteri, Suzanne Lightman, Marshall Abrams, Adam Hahn, May 2015
4. “10 Ominous State-Sponsored Hacker Groups” Listverse Web Site, listverse.com, Lance David Leclaire January 8, 2015
5. “More tthan 1,700 valid Telnet credentials for IoT devices leaked online” Securityaffairs.co, Pierluigi Paganini, August 26, 2017