SRI Logo
About Us|R and D Divisions|Careers|Newsroom|Contact Us|SRI Home
     
  SRI Logo

Cyber State Requirements for Design and Validation of Trust in the Critical Transportation Infrastructure
 by David Balenson, Dr. Michael E. Locasto & Tim Ellis.

Abstract
The National Transportation Safety Board is charged with investigating transportation-related accidents and incidents in the aviation, railroad, highway, marine and pipeline infrastructure. The increasing integration of traditional information technology systems with operational technology systems increases the cyber vulnerabilities and risk. National Transportation Safety Board investigations require trustworthy data to determine accident and incident causes and remedies. This chapter explores the requirements for trust in the critical transportation infrastructure due to operational technology and information technology integration. The focus is on internal aircraft systems and their data in accident investigations. While commercial avionics systems employ very reliable serial bus architectures, these systems and their components were not designed with cyber security in mind. Cyber state mechanisms such as software attestation and data protection must be designed into systems and validated to support trust requirements for accident investigations. Additionally, it is important to ensure the secure collection of data used in investigations, employ anomaly detection techniques to detect potential cyber attacks and establish a vulnerability registry and risk assessment system as in the information technology domain to share information and address potential cyber security problems.
BibTEX Entry
@InProceedings{10.1007/978-3-030-62840-6_4,
author="Ellis, Tim
and Locasto, Michael
and Balenson, David",
editor="Staggs, Jason
and Shenoi, Sujeet",
title="Cyber State Requirements for Design and Validation of Trust in the Critical Transportation Infrastructure",
booktitle="Critical Infrastructure Protection XIV",
year="2020",
publisher="Springer International Publishing",
address="Cham",
pages="69--83",
abstract="The National Transportation Safety Board is charged with investigating transportation-related accidents and incidents in the aviation, railroad, highway, marine and pipeline infrastructure. The increasing integration of traditional information technology systems with operational technology systems increases the cyber vulnerabilities and risk. National Transportation Safety Board investigations require trustworthy data to determine accident and incident causes and remedies. This chapter explores the requirements for trust in the critical transportation infrastructure due to operational technology and information technology integration. The focus is on internal aircraft systems and their data in accident investigations. While commercial avionics systems employ very reliable serial bus architectures, these systems and their components were not designed with cyber security in mind. Cyber state mechanisms such as software attestation and data protection must be designed into systems and validated to support trust requirements for accident investigations. Additionally, it is important to ensure the secure collection of data used in investigations, employ anomaly detection techniques to detect potential cyber attacks and establish a vulnerability registry and risk assessment system as in the information technology domain to share information and address potential cyber security problems.",
isbn="978-3-030-62840-6"
}

 













 

About Us  |  R&D Divisions  |  Careers  |  Newsroom  |  Contact Us
© 2021 SRI International 333 Ravenswood Avenue, Menlo Park, CA 94025-3493
SRI International is an independent, nonprofit corporation. Privacy policy