Lesson

Assess security risks, threats, vulnerabilities, and identify countermeasures to ensure operations of transportation management centers.

Experience from iFlorida Model Deployment


01/30/2009
Florida,United States


Background (Show)

Lesson Learned

As part of the iFlorida Model Deployment, the FDOT conducted a vulnerability assessment for the District 5 (D5) Regional Traffic Management Center (RTMC). The purpose of the assessment was to identify potential weaknesses at the FDOT D5 RTMC and to suggest measures that would eliminate or lessen the impact of vulnerabilities. An effort was also made to identify the vulnerabilities that might be common to TMCs so that the results could potentially be applicable to other TMCs as well. Key lessons learned from the FDOT experience are presented below.
  • Assess security risks at TMC by conducting an assessment of threat, consequence, and vulnerability. The vulnerability assessment approach was centered on estimating the three risk factors shown in the following risk estimation equation: [Risk] = [Threat] * [Consequence] * [Vulnerability].

    The following four-step process was used to conduct the vulnerability assessment.

    Step 1 – Threat Characterization. The threat characterization determined the Threat value of the above equation. This step also provided an inventory of generalized threats/scenarios most likely to affect a TMC, such as use of explosives or a cyber-attack. The Threat value was obtained by determining the target attractiveness and the threat condition of the nation. The Threat value is a static value, meaning that a countermeasure will not reduce the value. Seven types of threat scenarios were considered: car bomb; large vehicle bomb; chemical, biological, or radiological attack; package bomb; armed attack; collateral damage; and cyber attack.

    Step 2 – Consequence Assessment. Based on the threat scenarios that were developed in step 1, potential consequences were estimated based on current conditions. These potential consequences were used to estimate the Consequence factor in the above formula. Five types of potential consequences were considered: fatalities and casualties, mission downtime or degradation, economic impact, downstream effects, and emergency management.

    Step 3 – Vulnerability Analysis. For each threat scenario, a set of predetermined vulnerability factors were used to generate the Vulnerability value of the equation.

    Step 4 – Countermeasure Analysis. This step involved the development of countermeasure packages and an assessment of the impact on the risk if a package were deployed. Each countermeasure package was considered and the Consequence and Vulnerability factors re-estimated, assuming that the countermeasure package was implemented.

The vulnerability assessment process led to the identification of a list of vulnerabilities; a list of countermeasures that could be used to reduce those vulnerabilities; estimated costs of these countermeasures; and estimates of the impact on risk if each countermeasure were implemented. The results allowed FDOT to identify for implementation those countermeasures that could decrease risk most cost effectively. Key countermeasures, which are likely to apply to many other TMCs, are:
  • Include standoff distances that help maintain a clear space around the TMC building. The main vulnerabilities observed during the vulnerability assessment were related to the inability to maintain a clear space around the building. Parking was adjacent to the building, including having spaces adjacent to the external walls of the RTMC. Private property was close to the building on one side and separated from the facility by only a chain link fence. These factors are difficult to correct at an existing facility, and it was not feasible to correct them at the D5 RTMC.
  • Develop and enforce security check procedures for persons entering the TMC. Vulnerabilities related to the failure for some staff to follow security procedures must not be overlooked. For example, people sometimes entered the TMC by tailgating authorized personnel and people without an appropriate badge displayed were seldom challenged. The vulnerability assessment suggested that staff be trained in the security procedures for the facility and that FDOT take steps to emphasize the importance of following these procedures.
  • Verify and ensure that security patches are applied to TMC servers and password protection is used. Three common problems were discovered during the cyber-security review of the D5 TMC. First, a number of servers were identified that did not have the most recent security patches installed. Second, several servers were identified as running unnecessary services. Since each service running on a server provides a potential entry point for cyber-attack, the fewer services running the better. Third, some software systems were installed using the default password, and the password had not been updated. Since default passwords are well known, they should be changed to prevent unauthorized users from accessing a system. A second cyber-security review indicated that FDOT had corrected most of the vulnerabilities discovered during the initial cyber-security review.
The Florida Highway Patrol (FHP) dispatch center is located at the D5 RTMC. The act of performing the vulnerability assessment at the RTMC also increased awareness of safety and security issues among the FDOT and the FHP staff.


Lesson Comments

No comments posted to date

Comment on this Lesson

To comment on this lesson, fill in the information below and click on submit. An asterisk (*) indicates a required field. Your name and email address, if provided, will not be posted, but are to contact you, if needed to clarify your comments.



Source

iFlorida Model Deployment Final Evaluation Report

Author: Robert Haas (SAC); Mark Carter (SAIC); Eric Perry (SAIC); Jeff Trombly (SAIC); Elisabeth Bedsole (SAIC): Rich Margiotta (Cambridge Systematics)

Published By: United States Department of Transportation Federal Highway Administration 1200 New Jersey Avenue, SE Washington, DC 20590

Source Date: 01/30/2009

EDL Number: 14480

URL: http://ntl.bts.gov/lib/31000/31000/31051/14480.htm

Other Lessons From this Source

Lesson Contacts

Lesson Analyst:

Firoz Kabir
Noblis
202-863-2987
firoz.kabir@noblis.org


Rating

Average User Rating

0 ( ratings)

Rate this Lesson

(click stars to rate)


Lessons From This Source

Assess security risks, threats, vulnerabilities, and identify countermeasures to ensure operations of transportation management centers.

Be flexible to use data from various sources, such as the highway police patrol’s incident data, user feedback, and monitoring stations, to develop a statewide traveler information system.

Beware of challenges involved in developing an integrated statewide operations system for traffic monitoring, incident data capture, weather information, and traveler information—all seamlessly controlled by a central software system.

Beware of costs, utility, reliability, and maintenance issues in deploying a statewide transportation network monitoring system.

Beware of the limitations of using toll tags in order to calculate travel time on limited access roadways and arterials.

Beware that software development for ITS projects can be utterly complex, which demands avoiding pitfalls by following a rigorous systems engineering process.

Define a vision for software operations upfront and follow sound systems engineering practices for successfully deploying a complex software system.

Deploy a variable speed limit system only after the software systems required to support it are mature and reliable.

Design traffic video transmission systems around the constraints of bandwidth limitations and provide provisions for remote configuration of video compression hardware.

Develop an accurate, map-based fiber network inventory and engage ITS team in the construction approval process.

Develop an effective evacuation plan for special event that gathers a large audience and consider co-locating the responding agencies in a joint command center.

Ensure compatibility of data format of the field-weather monitoring sensors with the central software in the transportation management center.

Ensure that experienced staff oversee the development of a complex software system and thoroughly follow systems engineering process.

Ensure that Highway Patrol's CAD system operators enter key information needed by the transportation management center operators.

Establish a well defined process for monitoring and maintenance before expanding the base of field equipment.

Estimate life-cycle cost of ITS technologies as part of procurement estimates in order to assess the range of yearly maintenance costs.

In developing software for automated posting of messages on dynamic message signs, focus on the types of messages that are used often and changed frequently, and also include manual methods for posting.

Incorporate diagnostic tools to identify and verify problems in the transmission of video in a transit bus security system.

Perform adequate analyses and tests to design, calibrate and validate the capabilities of a bridge security monitoring system in order to reduce false alarms.

To support statewide traveler information services, design and implement reliable interface software processes to capture incident data from the local and highway patrol police’s computer aided dispatch systems.

Use simple menu choices for 511 traveler information and realize that the majority of callers are seeking en route information while already encountering congestion.

States

Florida

Countries

United States

Systems Engineering

Show the V

Concept of Operations

Focus Areas

None defined

Goal Areas

Safety

Keywords

None defined

Lesson ID: 2010-00517