ROAD INFRASTRUCTURE SECURITY
Transcript of ROAD INFRASTRUCTURE SECURITY
Saverio Palchetti
ROAD INFRASTRUCTURE SECURITY
• ANAS S.p.A – Direction Institutional Affairs – Inter national Relations Office – Rome (ITALY)
• Chairman Task Force PIARC “Infrastructure Security ”
“Seguridad de infraestructura estratégica”
DR. SAVERIO PALCHETTI - CHAIRMAN TF C.1 INFRASTRUCTURE SECURITY
“Exchange knowledges and techniques on roads and road transportation”
2
Italy, September 28th2003, black-out : the fallof a tree in Switzerlandput Italy in the dark,disconnected from theEU network, missingover 6000 MW, ¼ Italiandemand, damageestimated at 640M €
COMPLEXITY AND
INTERCONNECTION
COMPLEXITY AND
INTERCONNECTION
December 2015, Ukraine : black-out due
to cyber attack, one million people
interested
3
THERE ARE INDUCED PROBLEMS BETWEEN DIFFERENT CI
� energyinfrastructure,
� telco infrastructure, � transportation
infrastructure, etc.,
MOREOVER CYBERSEC AFFECTS ALL, WHEREVER THERE IS AN IP CONNECTION,
THE MORE AT RISK IF A PERIPHERAL DEVICE
RIPPLE EFFECT
““““safety ”””” - ““““security ””””
““““sécurité ”””” - ““““sureté ““““
sicurezza … ac / at““““anticrimine-antiterrorismo ””””
seguridad
A MODERN VISION
AGENDA
01 Understanding the issue
02 The security-minded approach
03
04
05
06
07
Security risk management of road infrastructure
Resilience
Developing security risk mitigation measures
Case studies
Recommendations for Road Administrations
AGENDA
01 Understanding the issue
02 The security-minded approach
03
04
05
06
07
Security risk management of road infrastructure
Resilience
Developing security risk mitigation measures
Case studies
Recommendations for Road Administrations
01 Understanding the issue
1.1 UNDERSTANDING THE SECURITY CONTEX
i. protection of important persons
ii. protection of important buildings and public spaces ,
where significant numbers of people and infrastructure
assets congregate
iii. protection of third-party assets providing vital services for
the functioning of modern societies – energy,
communication and water (13 categories ) , and
iv. provision of secure transport of cargo and passengers
on all modes of transport (road, railway, maritime and air)
... UNDERSTANDING THE SECURITY CONTEXT
13 categories affected by physical security :- Chemical- Civil Nuclear- Communication- Defence- Emergency services- Energy- Finance- Food- Government- Health- Space- Transport- Water
1.1 UNDERSTANDING THE SECURITY CONTEXT
Bologna, Italy, August 6, 2018
Puente el Carrizo, Mexico, January 13, 2018
Brescia, Italy, January 3, 2018
Valle Susa, Italy, last week
A4 – BRENTA Bridge criticalities
COORDINATION
- Intelligence vs Authorities &
Operators ?
- Inside a structure : business
organization for silos?
1.2 SAFETY v SECURITY
Automated car
The resilience cycleSource: Edwards 2009, author’s own illustration
1.3 RESILIENCE vs SECURITY
RESILIENCE CYCLE
RESILIENCE vs SECURITY (safety)
Resilience cycle
Genoa, Polcevera bridge, August 14, 2018
RESILIENCE vs SECURITY (safety)
If I lose the bridge (it did not have to happen!), what happens? How do I manage the rescue? … the traffic for a period?
… rescue plan, emergency plan
Risk analysis, at one point, …. Resilience at one point, in a network,
To deal with the "unexpected", the change in cultural approach is the most complicated step because in a company that has the feeling of not governing, puts fear, and sometimes is refused.
The work of the Security Managers, Risk managers, Business Continuity Managers starts here >>> a new profession :
BUILT ASSET SECURITY MANAGER : STRUCTURE AND OPERATION
«Managing the inexpected »by Karl E. Weick and Katleen M. Sutcliffe (2007)
“Cultural change is hard, slow and subject tofrequent relapse … unexpected events can get youinto trouble unless you create a mindfulinfrastructure that continually tracks smallfailures, resists oversimplification, is sensitive tooperations, maintains capabilities for resilience … ”
Video Monitoring, Traffic–cam and Webcam
Wireless data trasmission aerial tomonitoring centre
Traffic Detection Sensors
Variable message sign about userinformation
1.4 DIGITAL ENGINEERING
ANAS’ project for smart roads
AGENDA
01 Understanding the issue
02 The security-minded approach
03
04
05
06
07
Security risk assessment of road infrastructure
Resilience
Developing security risk mitigation measures
Case studies
Recommendations for Road Administrations
02 The security-minded approach
2. THE SECURITY MINDED-APPROACH
The securityThe securityThe securityThe security----minded minded minded minded management of a project management of a project management of a project management of a project require steps to cultivate an require steps to cultivate an require steps to cultivate an require steps to cultivate an appropriate safety and appropriate safety and appropriate safety and appropriate safety and security mindset and security mindset and security mindset and security mindset and culture.culture.culture.culture.
Evolve from a "reactive" approach to a Evolve from a "reactive" approach to a Evolve from a "reactive" approach to a Evolve from a "reactive" approach to a
"proactive" approach, involving the entire "proactive" approach, involving the entire "proactive" approach, involving the entire "proactive" approach, involving the entire
organization: each component must be an organization: each component must be an organization: each component must be an organization: each component must be an
active, accountable, responsible and aware active, accountable, responsible and aware active, accountable, responsible and aware active, accountable, responsible and aware
part of the security process.part of the security process.part of the security process.part of the security process.
THE SECURITY MINDED-APPROACH
AREAS OF CONCERN:
i. governance, accountability andresponsibility
ii. personnel
iii. physical and cyber dimension
iv. managing data and information
THE SECURITY MINDED-APPROACH
two essential elements :two essential elements :two essential elements :two essential elements :
- governancegovernancegovernancegovernance >>> >>> >>> >>>
awareness at the level of top managementawareness at the level of top managementawareness at the level of top managementawareness at the level of top management
- accountability and responsibility accountability and responsibility accountability and responsibility accountability and responsibility >>> >>> >>> >>>
the asset owner should develop a risk the asset owner should develop a risk the asset owner should develop a risk the asset owner should develop a risk
management strategy management strategy management strategy management strategy for the for the for the for the builtbuiltbuiltbuilt assetassetassetasset
implementingimplementingimplementingimplementing new new new new organizationalorganizationalorganizationalorganizational functionsfunctionsfunctionsfunctions
THE SECURITY MINDED-APPROACH
AGENDA
01 Understanding the issue
02 The security-minded approach
03
04
05
06
07
Security risk management of road infrastructure
Resilience
Developing security risk mitigation measures
Case studies
Recommendations for Road Administrations
03 Security risk management of road infrastructure
BUILT ASSET
identified as sensitive (in
whole or in part)
Assess
IMPACT OF LOSS
THE BUILT ASSET RISK MANAGEMENT STRATEGY
Assess
THREATS
Assess
VULNERABILITIES
(Re) assess likelihood of threats
being able to cause
undesiderable impacts by
exploiting vulnerabilities
RISK from
miti
gatio
n m
easu
res
Portfolio of
mitigation
measures
Assess mitigation
measures
Identify possible
mitigation
measures
RISK
Are risks acceptable?
Yes No
Risk mitigation process
Accept
residual risks
to li
kelih
ood
REVIEW
if security relevant parameter
change or review period
elapses
SECURITY THREATS can be divided into those which:
� have the capability to cause damage or disruption to the
construction, operation or maintenance of the infrastructure
(the physical infrastructure);
� could damage or disrupt the infrastructure operating
systems and associated information (the ITS infrastructure)
Threats can also be UNINTENTIONAL, non-
directed or unpredicted, for example:
�pandemics pandemics pandemics pandemics �incidents involving hazardous materials incidents involving hazardous materials incidents involving hazardous materials incidents involving hazardous materials �road traffic collisionsroad traffic collisionsroad traffic collisionsroad traffic collisions�fallfallfallfall----out from disruption to other out from disruption to other out from disruption to other out from disruption to other transport modes transport modes transport modes transport modes �the jamming or interference with the jamming or interference with the jamming or interference with the jamming or interference with navigation signals caused by natural navigation signals caused by natural navigation signals caused by natural navigation signals caused by natural factors malware infection on an IT system.factors malware infection on an IT system.factors malware infection on an IT system.factors malware infection on an IT system.
THEREFORE severe weather events ARE NOT
COMPRISED here.
only man-made hazards
�Man-made physical threats (e.g. terrorist
attacks with explosions, fire, mechanical impacts,
contamination, very large accidents with or
without involvement of dangerous goods),
�Cyber and cyber-physical threads (e.g. tunnel
and traffic control centers).
PIARC T.F. C.1
BUILT
ASSETS
MAN-MADE PHISICAL THREATS
Damage or disruption to the construction, operation or maintenance of the road infrastructure may originate from:
�civil protests and strikes;�malicious attacks;�theft of equipment;�hazardous materials;�fall-out disruption to other transport modes; and�disruption to global navigation systems.
and… third party assets
THIRD PARTY UTILITY ASSETS
HOSTILE VEHICLE
The threats range from vandalism to sophisticated or aggressive attack by determinedcriminals or terrorists, in two cases:
�vehicle that delivers a bomb, known as a vehicle borne improvised explosive device(VBIED)
�vehicle that is used as a weapon to ram and damage infrastructure or to injure or kill people(VAAW)
CYBER AND CYBER-PHISICAL THREATS
Cyber security, computer security or IT security is the protection of computer systems from the theft and damage to their hardware, software or information, as well as from disruption or misdirection of the services they provide. Two large macro-groups:
� threats to the system operators� threats to the infrastructure.
Potential perpetrators :� hacker and cyber-vandalism;� attacker from inside;� cyber-sabotage;� cyber-terrorism;� cyber-crime; and� cyber phisical attacks by nation, states/secret services.
• ANAS’ network : 28.000 km national roads and motorways, 1.400 tunnels, 850 km, 21 control centers
• Control Centers– 24/7 surveillance– Systems grown over decades– Increasing use and complexity
of IT systems– Operators with varying
qualifications
• Safety relevant subsystems– Traffic control– Fire alarm system– Ventilation– Lighting– Loudspeaker systems– Environmental parameters
In 2015, the Carmel Tunnel, located in Haifa in Isr ael and leading through the mountains of Carmel, had to be
closed for an eight-hour period due to a physical c yber attack, resulting in severe traffic congestion
(The Associated Press, 2015)
Potential consequences of cyber attacks to a tunnelcontrol center :
• intended tunnel blockage
• damage to tunnel equipment
• disruption of monitoring and control systems and safety devices
• data theft and manipulation
>> SAFE AND SECURE OPERATIONS CAN NOT BE MAINTAINED
BUILT ASSET
identified as sensitive (in
whole or in part)
Assess
IMPACT OF LOSS
THE BUILT ASSET RISK MANAGEMENT STRATEGY
Assess
THREATS
Assess
VULNERABILITIES
(Re) assess likelihood of threats
being able to cause
undesiderable impacts by
exploiting vulnerabilities
RISK from
miti
gatio
n m
easu
res
VULNERABILITY : in the context of road network security is defined as a weakness in the road infrastructure or operating
systems that can be exploited by one or more threats.
IMPACT : possible consequences of threats; they could be direct and indirect.
LIKELIHOOD : the chance of something happening.
RISK : is understood as the product of the likelihood (that a threat occurs) and the IMPACT/consequences (expected/calculated) if the threat occurs .
For risk can be also the result of possible accidents or concatenations of unfavorable events.
Then risk may be represented by a complex function of vulnerability + impacts + likelihood.
Prof. W. Hubbard, in The Failure of Risk Management , expresses a severe judgment on the ways in which organizations today, despite the best intentions, apply Risk Management.
The author says that :"some organizations believe they
have adopted an effective risk management method and do not know that they have not improved
their situation by a comma."
we will see why
AGENDA
01 Understanding the issue
02 The security-minded approach
03
05
06
07
Security risk assessment of road infrastructure
Resilience
Developing security risk mitigation measures
Case studies
Recommendations for Road Administrations
0404 Developing risk mitigation measures
HOSTILE VEHICLE
two cases:
� vehicle that delivers a bomb, known as a vehicle borneimprovised explosive device
� vehicle that is used as a weapon to ram and damageinfrastructure or to injure or kill people
THREATS TO SYSTEM OPERATORS
THREATS TO THE INFRASTRUCTURE
GENERAL CONTROL LAYOUT
AUTOMATED VEHICLES AND SMART ROADS
automated vehicle smartphones-on-wheels
smart roads simultaneous communication among cars and station, collect and analyse data
AUTOMATED VEHICLES AND SMART ROADS
AGENDA
01 Understanding the issue
02 The security-minded approach
03
05
06
07
Security risk management of road infrastructure
Resilience
Developing security risk mitigation measures
Case studies
Recommendations for Road Administrations
04
05 Resilience
RESILIENCE
IN ADDITION TO THE TRADITIONAL RISK MANAGEMENT APPROACH DESCRIBED ABOVE, THE CONCEPTS OF RESILIENCE
AND RESILIENCE MANAGEMENT ARE OFTEN USED IN THE CASE OF
UNPLANNED AND UNFORESEEN EVENTS WITH HIGH UNCERTAINTIES.
RESILIENCE
IN ADDITION TO CONSIDERING SYSTEM DECLINE AFTER AN EVENT, RESILIENCE ADDS
FULL CONSIDERATION OF PREPARATION, RECOVERY AND POST-EVENT RESPONSE. THE
CONSIDERATION OF THESE ASPECTS IS ESPECIALLY IMPORTANT FOR MANAGING THE
RESILIENCE OF ROAD INFRASTRUCTURE/ROAD NETWORKS IN THE
FACE OF COMPLEX THREATS WITH HIGH UNCERTAINTIES.
RESILIENCE definition
Resilience is the ability to repel, prepare for, take into account, absorb, recover from and adapt ever more successfully to actual or potential adverse events.
Those events are either catastrophes or processes of change with catastrophic outcome which can have human, technical or natural causes.
The resilience cycleSource: Edwards 2009, author’s own illustration
The resilience cycleSource: Edwards 2009, author’s own illustration
AGENDA
01 Understanding the issue
02 The security-minded approach
03
05
06
07
Security risk management of road infrastructure
Resilience
Developing security risk mitigation measures
Case studies
Recommendations for Road Administrations
04
06 Case studies
The scenario of a dirty bomb in an urban area
The problems raised by an inadequate prevention - in themselves not complex or expensive - must be highlighted, because very serious consequences could happen that go well beyond the limit of the private infrastructure.
The moral is: the police forces and fire brigades are not enough and the awareness of a widespread security minded-approach involving also private entities (and if necessary even citizenship) is necessary.
The slogan is "if you see something, say it" (campaign born on the recommendation of the US Department of Security in 2010).
In the resilience levels, some weaknesses and deficiencies were identified in technical,organizational and personneldomains.
Preparation:
� the lack of a security project by the property / administration of the intermodal center
� the lack of a security project by road and motorway companies prevents the definition of adequate procedures for the control centers
Prevention:
� no control of the accesses / exits of about 4000 vehicles daily
� no control on sensitive areas by the R.A.� video surveillance systems provide images that are not
post-processed for security reason� no specific sensors;� no trained personnel to intervene � no control of the railway station docks� no contact list (focal points) in the case of urgent
communications� lack of checks and verification of routes, relationships with
private companies that produce and transport, especially for more critical transport eg. cyanide and vinyl chloride
Protection:� lack of normal communication from the public authorities
Respond:� prevention and protection can not hinder the attack � the first 3-4 hours were lost due to unpreparedness;� a big issue is handling correct communication for
population management� the system of coordination of the traffic function works but
on a totally unprepared network, it is necessary to decide blocks and gates that require approximately 500 people and 100 vehicles that need time to activate themselves;
� in the meantime the means destined to the amount arrive at its entrance and contribute to the paralysis of the traffic
� a red zone is defined in the intermodal center which is an unplanned measure
Recovery:� there is no business continuity plan that mitigates the
effects of the attack
� the need to use cleaning equipment currently not supplied
AGENDA
01 Understanding the issue
02 The security-minded approach
03
05
06
07
Security risk assessment of road infrastructure
Resilience
Developing security risk mitigation measures
Case studies
Recommendations for Road Administrations
04
07 Recommendations for Road Administrations
the recommendations are the recommendations are the recommendations are the recommendations are contained in the mitigation contained in the mitigation contained in the mitigation contained in the mitigation measures mentioned above measures mentioned above measures mentioned above measures mentioned above …………
CYBER SECURTY : a path for steps CYBER SECURTY : a path for steps CYBER SECURTY : a path for steps CYBER SECURTY : a path for steps ….….….….
Early detection introduces the opportunity to address the issues before the attackers can exploit the weakness, which may cause serious damage to the Road Administration/company assets and to its reputation
4 STEPS :4 STEPS :4 STEPS :4 STEPS :
1.1.1.1. VulnerabilityVulnerabilityVulnerabilityVulnerability assessmentassessmentassessmentassessment
2.2.2.2. PenetrationPenetrationPenetrationPenetration teststeststeststests
3.3.3.3. RiskRiskRiskRisk assessmentassessmentassessmentassessment processprocessprocessprocess
4.4.4.4. QuestionnairesQuestionnairesQuestionnairesQuestionnaires / / / / CheckCheckCheckCheck listslistslistslists
Questionnaire to evaluate the state of art in cyber security in a RA (1/2)
YES NO Partial Specifications & Comments Answers
1 Security Infrastructure
1.1Do you have a Data Center internal or external to
your company network?
1.2If external, is the connection safe? Through which
channels and protocols (SSH, SSL, IPSec)?
1.3Have you ever undergone computer security
attacks/accidents? What was the time lapse for
resumption? Was there data loss?
1.4Have you prepared access safety measures to the
network and the computer systems?
1.5 Has a System Administrator been nominated?
2 Security Governance
2.1Do you have a document on the Company Policies
for computer security?
2.2
Have you prepared procedures for the management
of computer security accidents? Was a Business
Continuity Plan and/or a Disaster Recovery Plan
drawn up?
2.3Have you ever carried out drills that simulate
accidents or computer emergency situations?
2.4Are Auditing activities carried out periodically in
order to verify the effective status of security and
control compliance?
2.5Do you have training programs, awareness and
lessons in the field of network security and
computer systems?
Questionnaire to evaluate the state of art in cyber security in a RA (2/2)
3 Legislative Compliance
3.1Is your Company adapting to the General
Regulations concerning EU Data Protection
2016/679?
3.2Has the figure of DPO (Data Protection Oficer) been
identified?
3.3Have Security Assessment and/or Evaluation Risk
Plans been performed?
3.4Have the new Directives NIS (EU) 2016/1148 been
implmented (or are being implemeted)?
3.5Do you directly manage Intelligent Transport
Systems (ITS)?
4 Cyber Security
4.1 Do you have a Cyber Security strategy?
4.2
Have Vulnerability Assessment and/or Penetration
Test activity ever been carried out to evalutate the
level of security of the networks and computer
systems?
4.3Do you use outsourcing services and in particular
cloud services (cloud computing)?
4.4Are you equipped with an IDS System (Intrusion
Detection System)?
4.5Are you equipped with a SOC (Security Operation
Center)?
CHECK LIST FOR INFORMATION SECURITY OF CONTROL CENTERS
In the scenario that investigates the IT security of traffic control centers and road infrastructures, a check list has been developed that should provide an initial overview of the level of individual security.
1. CONTROL TECHNIQUES
1.1 Is access to all information systems via a user-password combination?
1.2. Passwords must contain at least 8 characters and include uppercase and lowercase letters, special characters and numbers.
1.3 Are passwords changed regularly (at least every 6 months)?
1.4. Are passwords entered and / or registered in writing?
1.5. Is the communication between the level of control and the objects at the field level encrypted and authenticated?
1.6 Do contractors have to comply with a basic level of IT security?
1.7. Are all IT systems with remote access constantly monitored by the control center and can be blocked at any time?
1.8. Have all remote access IT systems updated antivirus programs?
1.9 Is the control center system connected to the Internet?
2. INTERNAL COMMUNICATIONS
2.1. Is there a physical separation between the control center system and the center's internal communications?
2.2 Is the exchange of data between the control center system and internal communications in accordance with the security rules?
2.3 Are private devices (laptops, smartphones (even recharging), USB sticks, etc.) connected to the service computers?
2.4. Is there a WLAN?
2.5. Service computers are also used for private purposes.
3. CONTROL OF ACCESS TO THE CENTER
3.1 Is access to the control center and the premises guaranteed by video surveillance and burglar alarm systems?
3.2 Are all accesses to the buildings indicated above documented?
3.3 Are access control systems regularly checked to verify their effectiveness (at least every 6 months)?
3.4 Are even vulnerable rooms (eg server room, business premises) monitored internally?
4. ORGANIZATION AND PERSONNEL
4.1 In the event of an IT attack or IT failure, are appropriate contingency plans available?
4.2 Is the basic IT security catalog already fully implemented?
4.3 Is there an IT security manager?
4.4 Are employees regularly trained on IT security?
4.5 Is employee training appropriate?
4.6 Do employees know the dangers of social networks?
5. PERSONAL ASSESSMENTS
5.1 In your opinion, is the IT security of the control center overall high?
6. FEEDBACK ON CHECKLIST
We would be delighted if you could give us suggestions for this checklist.
� A security-minded approach andmitigation/resilience capability must become avital part of organizational structure of modernRoad Administration.
� It must be considered that the fact that incidents will occur is inescapable and in some cases unpredictable.
FINAL CONSIDERATIONS
� Their successful handling and the speed at which recovery take place will be dependent on the plans that are put in place in advance, their execution at the time of the incident and the honesty with which reviews are conducted subsequent to it.