Moderator – John Himmel, WSDOT – Neal Murphy, …...Ernest “Ron” Frazier, Sr., Esq,...
Transcript of Moderator – John Himmel, WSDOT – Neal Murphy, …...Ernest “Ron” Frazier, Sr., Esq,...
Panel Session on SecurityModerator – John Himmel, WSDOT
Presenters:– Neal Murphy, Idaho DOT– David Cooper, TSA– TBD, FHWA– David Fletcher, GPC, Inc.
Active Threat
https://www.gunviolencearchive.org/query/0484b316-f676-44bc-97ed-ecefeabae077/map?year=2019
Terrorism
Cybersecurity
Security 101 - David Fletcher, GPC, Inc.Security 101: A Physical Security Primer for Transportation Agencies provides transportation managers and employees with an introductory-level reference document to enhance their working knowledge of security concepts, guidelines, definitions, and standards.
By Stephen Parker
Threat Environment to Employees – David Cooper, TSA
Employee Safety/Security/THIRA– Neal Murphy (Murph)
Connected Vehicles / Cybersecurity – FHWA
1
Emergency ManagementNeal “Murph” Murphy
Preparedness
9-11 to Sleepy Hollow • Prepared not Paranoid
– Threat Hazard Identification Risk Analysis– Standard procedures for every
Building/Section• Open but secure
– Facility Management
– Security Plan• Development/Strengthen• Implementation
2
Team Work
• Communication– HSIN/Fusion Center– EMR-ISAC
• Shortened Checklist– Easy for quick reaction
• Employee teams– Security, Emergency
• Security Incident Tracking• Cyber
– Team with Emergency Manager
3
Partners
• DHS• Active Assailant Training Exercise• Facility Security review
– Local and State Agencies• Coordination with
– Office of Emergency Management– National Guard– Health and Welfare– LE/FIRE– Idaho State Police
4
Questions?
5
AASHTO Committee on Transportation Systems Security and Resilience
Annual Meeting
August 28, 2019Jackson, WY
David Fletcher, GPC, Inc.
Physical and Cyber Security inSurface Transportation
28/28/2019
Background
38/28/2019
Security 101 Update
• Aimed at transportation personnel who lack a security background and are responsible for security or infrastructure protection activities
• Presents security topics within a systems resilience and sustainability framework
• Contains state-of-the-practice guidance• Focused on highway and transit modes• Developed from non-classified sources• Suitable for adoption by the AASHTO
8/28/2019 4
5
Table of Contents
• Executive Summary• Chapter 1 – Risk Management and Risk Assessment• Chapter 2 – Plans and Strategies• Chapter 3 – Security Countermeasures• Chapter 4 – Cyber Security • Chapter 5 – Workforce Planning and Training/Exercises• Chapter 6 – Infrastructure Protection and Resilience• Chapter 7 – Homeland Security Laws, Directives, and
Guidance• Appendices
– Annotated Bibliography
8/28/2019
1: Risk Management and Risk Assessment
• Risk Management• Cybersecurity Risk Management• Risk Assessment• Vulnerability Assessment• Consequence Assessment
68/28/2019
7
Active Threats
• Active shooter• “Hit and run” assault• Assault using edged weapons• Assault using other weapons• Vehicle ramming
8/28/2019
8
Cyber Threats
• Cyber breach (malware, DDOS, ransomware)• Construction/maintenance damage• Natural disasters• Space weather• Spoofing/jamming• Theft (phishing)
8/28/2019
Confidentiality
Integrity
Availability
2: Plans and Strategies
• Security Plan Objectives & Benefits• Security Plan Elements
– Establishing Priorities – Roles & Responsibilities– Selecting Countermeasures & Strategies– Plan Maintenance
• Security Design Processes• Cybersecurity Risk-Based Framework• Asset Management Plans• Response and Recovery Plans
98/28/2019
3: Security Countermeasures
• Physical security countermeasure selection process
• Physical security countermeasures– Signs, fencing, barriers, lighting, alarms, etc.
• Cybersecurity countermeasures– Defense-in-depth, access control, monitoring,– Configuration Mgmt, update/patching, etc.
108/28/2019
4: Cybersecurity
• Cybersecurity Myths• Cyber-Physical Systems• Procurement Guidance• Cyber Resilience• Emerging Trends
11
5: Workforce Planning and Training
• Building a culture of physical & cyber security• Physical & cyber security workforce• Physical & cyber security awareness &
training, content, delivery, and evaluation• Exercises (discussion-based & operations-
based)
128/28/2019
6: Infrastructure Protection and Resilience
• Infrastructure Protection & Resilience Concepts• Criticality Analysis• Critical Transportation Assets• Critical Transit Assets• Transportation Operations Systems• IT and Industrial Control Systems• Highway and Transit Operations Systems• Building Security
138/28/2019
7: Homeland Security Laws, Directives, and Guidance
• Homeland Security Laws, Statutes, & Regulations
• Homeland Security Directives & Executive Orders
• National Guidance Documents
148/28/2019
Future Action Plan
• NCHRP Project 20-124 “Deploying Transportation Security Practices in State DOTs”
• Develop and support implementation of a comprehensive deployment and change management strategy for deploying transportation security practices in state DOTs
• Measurement of success will be the acceptance and implementation of the developed strategy in increasing security practices at the state DOTs
8/28/2019 15
Thank you“Today we were unlucky, but remember we only have to
be lucky once. You will have to be lucky always.”
Irish Republican Army Communiqué, 1984
8/28/2019 16
Security 101 Primer Update
8/28/2019 17
Countermeasures Assessment & Security Experts, LLCErnest “Ron” Frazier, Sr., Esq, Co-Principal Investigator
Western Management & Consulting, LLCJeffrey Western, Co-Principal Investigator
Pat Bye
Nakanishi Research and Consulting, LLC Yuko Nakanishi
Pierre Auza
Geographic Paradigm Computing, Inc.David Fletcher
Visit the NCHRP Project 20-59(51A) webpage http://apps.trb.org/cmsfeed/TRBNetProjectDisplay.asp?ProjectID=4070
TRB Program Officer: Stephan Parker