The
Control and Communications Security Working Group applies
the field of industrial network security, as it has evolved
over the last five years in industry sectors such as
electric power, chemical production, and factory automation,
to the unique requirements of rail transit and buses.
Systems
for transit control and operations such as SCADA for traction
power, train control, fare collection, communications,
and passenger information are increasingly becoming automated
and networked together using COTS (commercial-off-the-shelf)
hardware, software and networking components from the IT
world. With the use of COTS in these systems comes cost
savings and efficiency. But the need to protect these mission
critical systems from attack by viruses, worms, and hackers
has become apparent.
One
only has to look to newspaper headlines for instances of
cyberattack on critical infrastructure. For example, in
2003 the Slammer worm infiltrated a nuclear plant in Ohio
and crashed a safety parameter display system. Also in
2003 the Blaster virus infected a Class 1 railroad’s
dispatch and signaling system, causing long delays for
freight and passenger trains on the East Coast.
To
address these vulnerabilities, this Working Group will
take solutions currently in use by transit agencies combined
with information from other industry sectors to produce
recommended practices that ensure the cyber and physical
security of transit control and operations systems. Through
networking, sharing good practices, and member education
we will raise awareness and set a minimum bar in this important
area for transit agencies and their vendors.
If
security of mission critical data is a concern for your
organization or this topic interests you, please stop by
one of our meetings or send me an email. We would love
to hear from you.
--Dave
Teumim, Vice Chair |
Control and Communications Security
