Leaders urge tighter transportation security
As systems become more interdependent, it's more important than ever to protect them, officials say
The more travel requires hopping from one type of transportation system
to another, the more important it is to take security measures that include
protecting the information systems that control railways, airways and other
modes of transportation, security experts say.
Most transportation security programs focus on preventing contraband
smuggling, illegal immigration, hijacking and sabotage, but a looming problem
is the hijacking of the information network, or cyberterrorism, said Hal
Whiteman, director general of security and emergency planning at Transport
Canada.
Further complicating matters, transportation systems are becoming more
globally connected — more intermodal, which means they connect several types
of transportation to move people and goods from point to point. These systems
increasingly use information technology for communications, navigation and
surveillance, and a vulnerability in one piece could be a threat to all
transportation, he said.
"For security to be effective and cost-effective, it must address all
the modes of transportation," said Whiteman, who spoke on a panel of transportation
and information security experts Oct. 11 at the International Transportation
Symposium in Washington.
As countries look to connect their transportation systems across borders,
technology will be crucial for safety and economic success, said Bill Harris,
a senior consultant for the Critical Infrastructure Assurance Office who
served as a commissioner on the President's Commission on Critical Infrastructure
Protection. It would be a mistake for the United States to secure only its
own IT infrastructure when it connects with international systems in all
types of businesses, he said.
"As we look to critical infrastructure protection, we note that the
infrastructures are not independent infrastructures, they're interdependent
infrastructures," Harris said. "If we solve the cyberproblem in the United
States, that is no solution because we're linked."
If secure systems are connected to insecure systems, that renders the
whole transportation system weaker, he said. Air traffic control (ATC) systems
tend to be isolated from other information systems, which keeps them more
secure, but the Federal Aviation Administration plans to connect the air
traffic control telecommunications systems with other administrative systems
at the agency. ATC systems internationally also interface at some points.
"International cooperation is absolutely essential to take full advantage
of capabilities to solve problems," he said.
One way to help solve the information security problem in transportation
is to look at how past technological problems were solved, Harris said.
For instance, when heavier trains were introduced to carry more goods and
reduce costs, it was discovered that the tracks and land they were built
on collapsed under the burden in some areas of the country. By drawing on
the experiences of other countries, the United States was able to design
better rail systems, he said.
"The key is a database," Harris said. "You're guessing if you act to
a single event." Creating databases will provide a way for a community of
users of cybersystems that manage transportation systems to learn from each
other's experience.
The Transportation Department formed a partnership early this month
with the Association of American Railroads to create an Information Sharing
and Analysis Center for the railroad industry to share information about
IT security and railroads. Railroads are increasingly relying on satellite
technology for communications and navigation to improve safety and efficiency.
The DOT also is assessing the vulnerability of information systems like
the Global Positioning System, which is used by many modes of transportation
as a tool for navigation and surveillance and will be relied on as a primary
means of aircraft navigation in the future.
Laws that protect against high-tech crime must also have commonalities
across borders and be updated to address new threats, said Lou Tyska, chairman
of the National Cargo Security Council. About 33 percent of terrorist acts
are perpetrated against transportation, he said. The Commerce Department
also should be included in deciding security policies for transportation,
he said, particularly as transportation becomes a vital part of electronic
commerce.
NEXT STORY: GSA forges smart card spec