Advertisement

Operation of Transport and Logistics in a Time of (Cyber)Insecurity

  • Chris BronkEmail author
Chapter
  • 52 Downloads
Part of the Computational Methods in Applied Sciences book series (COMPUTMETHODS, volume 54)

Abstract

All of transport is becoming increasingly automated and computerized. Consider the recent Boeing 737 Max 8 accidents in Indonesia and shortly thereafter. All indications point to a software error in code adopted following a redesign of the aircraft in which larger engines were installed than on previous Boeing 737 models as the likely culprit in both accidents. A computer software error likely overwhelmed both doomed flight crews as they fought the computerized instructions that were being given to the aircraft shortly after takeoff. A total of 346 persons died in the two accidents. Their loss should give stark warning about the safety of computer code emplaced in transportation systems: land, maritime, and air. There is little evidence of liability in commodity software. Since the infancy of modern operating systems, computer bugs, crashes, and hacks have plagued the Information Technology (IT) industry. While countless business plans, academic paper drafts, and personal correspondence have been lost to software bugs and crashes, the idea of filing suit on commodity productivity and operating system software manufacturers for damages has always been and remains a preposterous idea. What should concern us in transport is a new phenomenon—the merging of automation or process control software with network interconnectivity. Whether an aircraft autopilot, a shipboard navigation system, or a self-driving semi-truck, there remains a drive to interconnect these systems with others, often via the same technology and protocols that encompass the Internet. Unfortunately, the Internet remains a rickety ship with regard to security from unauthorized manipulation or subversion. Establishing the ideational footing for a risk and remediation strategy for this problem in the transport sector is the purpose of this paper.

Keywords

Cybersecurity Internet of Things (IoT) Supervisory Control and Data Acquisition (SCADA) Critical infrastructure 

References

  1. 1.
    Andreasson KJ (2011) Cybersecurity: public sector threats and responses. CRC PressGoogle Scholar
  2. 2.
    Barrett M (2018) Framework for improving critical infrastructure cybersecurity. Rep, National Institute of Standards and Technology, Gaithersburg, MD, USA, TechGoogle Scholar
  3. 3.
    Bishop M (2003) What is computer security? IEEE Secur Priv 1(1):67–69CrossRefGoogle Scholar
  4. 4.
    Boneh D, Sahai A, Waters B (2011) Functional encryption: definitions and challenges. In: Theory of cryptography conference Springer, pp 253–273CrossRefGoogle Scholar
  5. 5.
    Bonneau J, Preibusch S (2010) The password thicket: technical and market failures in human authentication on the web. In: WEISGoogle Scholar
  6. 6.
    Brynjolfsson E, Renshaw AA, Van Alstyne M (1997) The matrix of change. MIT Sloan Manag Rev 38(2):37Google Scholar
  7. 7.
    Burrows M, Abadi M, Needham RM (1989) A logic of authentication. Proc R Soc London A Math Phys Sci 426(1871):233–271Google Scholar
  8. 8.
    Carvalho M, DeMott J, Ford R, Wheeler DA (2014) Heartbleed 101. IEEE Secur Priv 12(4):63–67CrossRefGoogle Scholar
  9. 9.
    Chiappetta A, Cuozzo G (2017) Critical infrastructure protection: beyond the hybrid port and airport firmware security cybersecurity applications on transport. In: 2017 5th IEEE International Conference on Models and Technologies for Intelligent Transportation Systems (MT-ITS). IEEE, pp 206–211Google Scholar
  10. 10.
    Coffed J (2014) The threat of gps jamming: the risk to an information utility. Report of EXELIS, pp 6–10Google Scholar
  11. 11.
    Conklin WA (2009) Principles of computer security: Comptia security+ and beyond. Netw Secur 3:18Google Scholar
  12. 12.
    De Haes S, Van Grembergen W (2004) It governance and its mechanisms. Inf Syst Control J 1:27–33Google Scholar
  13. 13.
    Denning DE (1987) An intrusion-detection model. IEEE Trans Softw Eng 2:222–232CrossRefGoogle Scholar
  14. 14.
    Dolezilek D, Hussey L (2011) Requirements or recommendations? sorting out nerc cip, nist, and doe cybersecurity. In: 2011 64th annual conference for protective relay engineers. IEEE, pp. 328–333Google Scholar
  15. 15.
    Ellis R, Mohan V (2019) Rewired: Cybersecurity Governance. John Wiley & SonsGoogle Scholar
  16. 16.
    Furnell SM, Clarke N, Werlinger R, Hawkey K, Beznosov K (2009) An integrated view of human, organizational, and technological challenges of it security management. Information Management & Computer SecurityGoogle Scholar
  17. 17.
    Gal-Or E, Ghose, A. (2004) The economic consequences of sharing security information. In: Economics of information security. Springer, pp 95–104Google Scholar
  18. 18.
    Gikas C (2010) A general comparison of fisma, hipaa, iso 27000 and pci-dss standards. Inf Secur J: Glob Perspect 19(3):132–141Google Scholar
  19. 19.
    Gill R (2002) Change management-or change leadership? J Chang Manag 3(4):307–318CrossRefGoogle Scholar
  20. 20.
    Goldreich O et al (2005) Foundations of cryptography–a primer. Found Trends® Theor Comput Sci 1(1):1–116Google Scholar
  21. 21.
    Guerrero-Ibanez JA, Zeadally S, Contreras-Castillo J (2015) Integration challenges of intelligent transportation systems with connected vehicle, cloud computing, and internet of things technologies. IEEE Wirel Commun 22(6):122–128CrossRefGoogle Scholar
  22. 22.
    Guldenmund FW (2000) The nature of safety culture: a review of theory and research. Saf Sci 34(1–3):215–257CrossRefGoogle Scholar
  23. 23.
    Howard M (2004) Building more secure software with improved development processes. IEEE Secur Priv 2(6):63–65CrossRefGoogle Scholar
  24. 24.
    Jajodia S, Noel S, Kalapa P, Albanese M, Williams J (2011) Cauldron mission-centric cyber situational awareness with defense in depth. In: 2011-MILCOM 2011 military communications conference. IEEE, pp 1339–1344Google Scholar
  25. 25.
    Kim K, Günther H-O (2006) Container terminals and cargo systems, vol 140. SpringerGoogle Scholar
  26. 26.
    Langner R (2011) Stuxnet: Dissecting a cyberwarfare weapon. IEEE Secur Priv 9(3):49–51CrossRefGoogle Scholar
  27. 27.
    Liu S, Kuhn R (2010) Data loss prevention. IT Professional 12(2):10–13CrossRefGoogle Scholar
  28. 28.
    McQuade M (2018) The untold story of notpetya, the most devastating cyberattack in historyGoogle Scholar
  29. 29.
    Minnaar A (2017) Cybercrime, cyberattacks, and problems of implementing organizational cybersecurity. In: Global Issues in Contemporary Policing. CRC Press, pp 147–164Google Scholar
  30. 30.
    Olszewski B (2018) Advanced persistent threats as a manifestation of states’ military activity in cyber space. Sci J Mil Univ Land Forces 50Google Scholar
  31. 31.
    Rivest RL, Shamir A, Adleman L (1978) A method for obtaining digital signatures and public-key cryptosystems. Commun ACM 21(2):120–126MathSciNetCrossRefGoogle Scholar
  32. 32.
    Ross R, Katzke S, Johnson A, Swanson M, Stoneburner G, Rogers G (2003) Nist sp 800-53 recommended security controls for federal information systemsGoogle Scholar
  33. 33.
    Sandhu RS, Coyne EJ, Feinstein HL, Youman CE (1996) Role-based access control models. Computer 29(2):38–47CrossRefGoogle Scholar
  34. 34.
    Schneier B (2007) Schneier’s cryptography classics library: applied cryptography, secrets and lies, and practical cryptography. Wiley PublishingGoogle Scholar
  35. 35.
    Schneier B (2011) Secrets and lies: digital security in a networked world. John Wiley & SonsGoogle Scholar
  36. 36.
    Venkateswaran R (2001) Virtual private networks. IEEE Potentials 20(1):11–15CrossRefGoogle Scholar
  37. 37.
    Wang H, Lau N, Gerdes R (2017) Application of work domain analysis for cybersecurity. In: International conference on human aspects of information security, privacy, and trust. Springer, pp 384–395Google Scholar
  38. 38.
    Wang S-YK, McDaniel JJ (2019) Piracy and intellectual property theft in the internet era. In: Advanced methodologies and technologies in system security, information privacy, and forensics. IGI Global, pp 59–70Google Scholar
  39. 39.
    Wood BJ, Duggan RA (2000) Red teaming of advanced information assurance concepts. In: Proceedings DARPA information survivability conference and exposition. DISCEX’00, vol 2. IEEE, pp 112–118Google Scholar
  40. 40.
    Zerlang J (2017) Gdpr: a milestone in convergence for cyber-security and compliance. Netw Secur 2017(6):8–11CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.Information System Security Faculty, College of TechnologyUniversity of HoustonHoustonUSA

Personalised recommendations