Leaders urge tighter transportation security

[InfoSec News <isn () C4I ORG>]

http://www.fcw.com/fcw/articles/2000/1016/web-travel-10-17-00.asp

BY Paula Shaki Trimble
10/17/2000

The more travel requires hopping from one type of transportation
system to another, the more important it is to take security measures
that include protecting the information systems that control railways,
airways and other modes of transportation, security experts say.

Most transportation security programs focus on preventing contraband
smuggling, illegal immigration, hijacking and sabotage, but a looming
problem is the hijacking of the information network, or
cyberterrorism, said Hal Whiteman, director general of security and
emergency planning at Transport Canada.

Further complicating matters, transportation systems are becoming more
globally connected more intermodal, which means they connect several
types of transportation to move people and goods from point to point.
These systems increasingly use information technology for
communications, navigation and surveillance, and a vulnerability in
one piece could be a threat to all transportation, he said.

"For security to be effective and cost-effective, it must address all
the modes of transportation," said Whiteman, who spoke on a panel of
transportation and information security experts Oct. 11 at the
International Transportation Symposium in Washington.

As countries look to connect their transportation systems across
borders, technology will be crucial for safety and economic success,
said Bill Harris, a senior consultant for the Critical Infrastructure
Assurance Office who served as a commissioner on the Presidents
Commission on Critical Infrastructure Protection. It would be a
mistake for the United States to secure only its own IT infrastructure
when it connects with international systems in all types of
businesses, he said.

"As we look to critical infrastructure protection, we note that the
infrastructures are not independent infrastructures, theyre
interdependent infrastructures," Harris said. "If we solve the
cyberproblem in the United States, that is no solution because were
linked."

If secure systems are connected to insecure systems, that renders the
whole transportation system weaker, he said. Air traffic control (ATC)
systems tend to be isolated from other information systems, which
keeps them more secure, but the Federal Aviation Administration plans
to connect the air traffic control telecommunications systems with
other administrative systems at the agency. ATC systems
internationally also interface at some points.

"International cooperation is absolutely essential to take full
advantage of capabilities to solve problems," he said.

One way to help solve the information security problem in
transportation is to look at how past technological problems were
solved, Harris said. For instance, when heavier trains were introduced
to carry more goods and reduce costs, it was discovered that the
tracks and land they were built on collapsed under the burden in some
areas of the country. By drawing on the experiences of other
countries, the United States was able to design better rail systems,
he said.

"The key is a database," Harris said. "Youre guessing if you act to a
single event." Creating databases will provide a way for a community
of users of cybersystems that manage transportation systems to learn
from each others experience.

The Transportation Department formed a partnership early this month
with the Association of American Railroads to create an Information
Sharing and Analysis Center for the railroad industry to share
information about IT security and railroads. Railroads are
increasingly relying on satellite technology for communications and
navigation to improve safety and efficiency.

The DOT also is assessing the vulnerability of information systems
like the Global Positioning System, which is used by many modes of
transportation as a tool for navigation and surveillance and will be
relied on as a primary means of aircraft navigation in the future.

Laws that protect against high-tech crime must also have commonalities
across borders and be updated to address new threats, said Lou Tyska,
chairman of the National Cargo Security Council. About 33 percent of
terrorist acts are perpetrated against transportation, he said. The
Commerce Department also should be included in deciding security
policies for transportation, he said, particularly as transportation
becomes a vital part of electronic commerce.

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".