Growing Interconnectivity and Automation
Intelligent Transportation may be thought of as the integration of transportation control systems through communication networks to enable the automation of services related to the movement of goods or people. Intelligent systems are being adopted for efficiencies in transport. For example, when a vehicle arrives at a quiet intersection and the light changes, a ground loop within the pavement triggers the traffic light to change, thus allowing the vehicle faster access to proceed. Another example on a larger scale is the ability of a smart grid to modify traffic light patterns to accommodate evacuation routes in response to an impending hurricane. Such control is accomplished through the increased connectivity of previously disconnected signal systems. Having intelligent systems able to adapt to changing situations and synchronize across a geographic region can increase efficiencies of congestion control, emergency operations and maintenance.
"The first step to securing Intelligent Transportation Management systems is to create a detailed mapping of how and where transportation systems interact with a communications network"
Threats and Vulnerabilities
A convergence of communication networks and transportation control systems is occurring that has the ability to cause kinetic (physical) events such as traffic lights, rail control, and even aviation/maritime navigation. Cybersecurity and physical safety can no longer be treated as separate areas of concern. While local threats to transportation systems have long existed, threat actors from across the world now can cause damage in the form of kinetic effects.
Transportation control systems were designed prior to the consideration of cybersecurity. The engineering principles of control and safety drove design rather than security and were built for long-term use to last decades. Conversely, network communication systems such as modern workstation operating systems are designed with typical equipment lifecycles of five years. Many transportation control systems today are still managed through Windows XP, a deprecated operating system with unpatched vulnerabilities.
Similarly, Programmable Logic Controllers (PLCs) are often times employed to bridge communications networks with control systems. PLCs are often installed with default passwords which can be easily exploited by an attacker. It is believed that in 2009 hackers may have used default passwords to break into electronic road signs in Austin TX to display the words, “Zombies in Area–Run!” While this attack may seem humorous, it can cause serious problems on roadways. A more serious threat was exposed in 2014 by students at the University of Michigan. In a research study titled, “Green Lights Forever: Analyzing the Security of Traffic Infrastructure”, students successfully demonstrated how an adversary can control traffic infrastructure to cause disruption and safety issues through the manipulation of traffic lights. The key vulnerability findings included: a lack of encryption, default usernames and passwords and vulnerability to known exploits.
Roadways aren’t the only targets of interest to threat actors. In 2015, four cyberattacks on UK rail were discovered by the private security firm, Dark trace. While the attacks were reconnaissance in nature, the threat actors gained access to computer systems which control train systems, rail signaling and safety settings. This breach certainly exposed the potential for a catastrophic event. Similarly, the maritime is equally vulnerable to the increasing connectivity of intelligent transportation systems. Interconnected navigation systems aboard vessels receive updates while at sea. Compromising these systems can lead to both physical dangers from ships colliding with structures as well as environmental impacts from the spillage of hazardous cargo.
There is also the threat of increasing interconnectivity of transportation assets themselves. For example, an airplane is no longer simply a transportation vehicle but also an information dissemination point, mobile Wi-Fi hotspot, and a source of real-time information about airports, airline flight status, etc. To illustrate this, in 2016, a security hole was discovered in the Panasonic Avionics in-flight system is used in planes run by 13 major airlines. IOActive researcher Ruben Santamarta said hackers could “hijack” in-flight displays to change information such as altitude and location, control the cabin lighting and hack into the announcements system.
Solutions for Mitigation
The first step to securing Intelligent Transportation Management systems is to create a detailed mapping of how and where transportation systems interact with a communications network. If an organization cannot accurately represent these touch points, then it will be virtually impossible to conduct proper risk mitigation assessments. Once assets and interconnections are properly identified, proper security controls may be applied depending on the criticality of the system.
The first and most rapid countermeasure deals with device credentials. Default usernames and passwords are known and set by vendors when new industrial devices are shipped. Threat actors can find default configurations via publically available vendor websites and attempt to exploit assets with this information. Identifying and changing default credentials are an essential countermeasure to stop initial attacks.
Secondly, additional measures to segment off critical systems from the general IT network. Internal segmentation slows down and/or prevents attackers from breaching higher-security systems. It is recommended that transportation control systems be isolated on a secure network through a firewall or similar device. Securing the data communication with transportation control systems may also be achieved through the use of high-assurance guard appliances that perform data format white listing. Only specific command formats are allowed to pass through to the control systems, thus preventing the sending of non-standard commands that could hijack or damage the target system.
Finally, end-point protection software vendors are increasingly offering the ability to “lock-down” a system into a specific configuration, prohibiting the installation or modification of the host. For example, if an interface system is required to run Windows XP™, the system could be placed into a “frozen” state that only allows the least level of functionality needed to manipulate a target control system.
In closing, the following assumptions should be made. Intelligent Transportation Management systems will continue to rapidly expand into: traffic management, public safety and aviation/maritime sectors. Touch points with communication networks need to be identified and documented. Countermeasures such as changing default credentials, network segmentation and system lock-downs should be implemented. Security concerns must be taken into consideration in order to protect our nation’s transportation system as interconnectivity continues to expand.