UPT IME Intelligent, Yes; Safe, No “Smart” highways are welcomed for good and evil Autonomous vehicles, along with smart highway infrastructure, will infl uence the design of future vehicles. Th ese technologies promise to bring new benefi ts in mobility, safety and energy effi ciency. But along with intelligent transportation systems (ITS) comes the need for cybersecurity and resiliency. Essentially, ITS is an operational system of various technologies that, when combined and managed, improve the operating capabilities of the overall transportation system. With drivers more connected than ever, will there be a greater susceptibility to hacking that might threaten people’s lives and safety? ITS continues to evolve and introduce new technologies and capabilities, says Michael Bertram, senior ITS/tolls analyst, with Atkins (www.atkinsglobal.com). It also encompasses smartphone applications, roadside networks, toll collection kiosks, CCTV cameras, traffi c management centers and more. Atkins – one of the world’s leading design, engineering and project management consultancies 8 Fleet Maintenance | April 2017 – is at the forefront of smart highway infrastructure, working with federal, state and local government entities. Systemic Concern “Product vendors and technical experts are paying attention to the security of individual products, and that is a good start,” Atkins’ Bertram says. “However, security is a systemic concern involving what is seen, such as a ‘smart’ vehicle, and also what is not seen, as in people, processes and technology that permeate in and between organizations.” Vehicle security and vehicle-to-infrastructure (V2I) communications are a high priority, he says, because the combination of the basic physics of a moving object and a hacker with malicious intent is a dangerous one. Threats “Th e source of and motivations for threats to ITS infrastructure vary greatly – from researchers looking to make a name for themselves to hackers motivated by greed, malice or politics, to nation states looking to create instability or an advantage during times of tension and uncertainty,” Bertram of Atkins says. He notes that once hackers gain access to a network, they seek out where they can have the largest impact for their motives. Penetration of one piece of ITS equipment is a notable threat, but the ability to aff ect more than a single piece of equipment is much more signifi cant, and that has been demonstrated by researchers. 10-Step Fix Bertram likens cybersecurity to an arms race. “A robust cybersecurity program implements strong security practices to manage the risk of network compromise and data theft ,” he says. “Average adversaries are unable to achieve their aims and many sophisticated adversaries will give up or go elsewhere to easier targets.” Atkins’ Bertram collaborated with industry experts to develop a 10-step enterprise IT security control plan that can help vehicle manufacturers and governments work together to best address future security and safety threats. 1. Know your environment. Before building a comprehensive and holistic solution, organizations need to know what they have and its value, in order to prioritize available resources to protect critical infrastructure. 2. Start with the basics. Address basic steps, such as those in the Center for Internet Security (CIS) Critical Security Controls – a concise, prioritized set of cyber practices created to stop today’s most pervasive and dangerous. 3. Know and manage your information-system related risks. Entities which off er/use ITS systems must implement information security risk management programs to eff ectively secure their organization networks and ITS solutions. 4. Use independent validation paths for information. Keep humans in the loop. Independent validation of operational data allows staff to see confl icts between compromised system data and fi eld conditions. 5. Develop defense-in-depth and incident response as core capabilities. Employ designs, plans and capabilities to respond to and manage security incidents which will occur from timeto time. “Assume an ITS device is going to be hacked – not if, but when – whether by an outsider or a malicious insider,” Bertram says. “Force an attacker to conduct a new exploit when trying to move through the network, rather than fi nding one vulnerability and having unfettered access to everything.” 6. Employ detection technology. For higher risk deployments, detection systems – such as intrusion detection systems (IDS) and intrusion prevention systems (IPS) – can be expensive but are necessary. Th ese systems minimize the risk of a compromise due to an unknown vulnerability or method of attack. 7. Deploy physical security measures. Do not place only a $5 lock on $10,000 worth of equipment that anyone can walk up to on the roadside. Invest in high-tech locks, alarms, cameras and motion sensors that notify security/ management personnel immediately of suspicious activity. 8. Protect wireless features. Wireless access off ers tremendous convenience but also allows hackers to threaten a network from a distance. Ensure that strong encryption and access control is used. 9. Develop and maintain business continuity and disaster recovery plans. Th ese are vital to assets and systems. Review them regularly to address rapidly-changing threats, networks and ITS equipment. 10. Participate in information sharing with private groups, law enforcement and computer emergency response teams. By David A. Kolman Editor » While intelligent transportation systems advance safety, mobility and productivity by integrating advanced communications technologies into transportation infrastructure and vehicles, there comes with this a greater susceptibility to hacking. Photo from iStock Tune in to this exclusive bi-weekly newscast featuring Fleet Maintenance Editor David A. Kolman at: VehicleServicePros. com/mediacenter/ newscasts Be aware of vulnerabilities and work to mitigate risks.
FleetMaintenance_April_2017
To see the actual publication please follow the link above