Welcome to lesson 22. In this lesson we will examine the roadmap to secure control systems in the transportation sector. As stated previously the transportation roadmap as we will call it, was developed under the auspices of the Department of Homeland Security's Control Systems Security Program and released in August, 2012. The Transportation Security Administration cited the transportation roadmap in its 2014 reply to Executive Order 13636, saying it provided the basis for improving cyber security within the transportation sector in voluntary cooperation with industry. The transportation roadmap is broad based, addressing all modes of transportation, including aviation, highway, maritime, pipeline, and rail. The transportation roadmap is roughly comprised of three parts. One, transportation cyber security standards. Two, transportation goals and three, roadmap process. As with a NIST cyber security framework and the electricity subsector cyber security capability material model, the transportation road map is based upon existing standards, guidelines, and best practices. The transportation cybersecurity standards specific to each transportation mode are listed in appendix C of the transportation roadmap. Unfortunately, they are not freely available over the internet. Also, as with the previous models, the transportation roadmap identifies target capabilities. They're organized into four transportation goals. One, build a culture of cyber security. Two, assess and monitor risk. Three, develop and implement risk reduction and mitigation measurements. And four, manage incidents. Unlike the previous models though, the transportation goals are classified by implementation time frames, as one near term, two midterm, and three long term. Finally, the roadmap process is also similar to previous models in that it engages all stakeholders, inside and outside the organization, in a continuous improvement program. The four steps of the roadmap process are, 1 socialize roadmap and gain buy in. 2, Develop Action Plans. 3, Implement priority actions and 4, communicate results and sustain efforts. While the roadmap process is similar to the previous models, it is also subtly different. Because the transportation goals are time phased, the roadmap process does not include a step for identifying target capabilities. It assumes all will be done within the given time phase, it's just a matter of prioritizing which gets done first. There is no tailoring of capabilities as there were in the previous models. This one size fits all works primarily because the roadmap goals are not mapped to specific standards, as was the case with the previous models. It is the job of each implementor to match the standards to the goals. Finally, the transportation roadmap does include one thing not found in the NIST Cybersecurity Framework or ES-C2M2. For each transportation goal, the roadmap also identifies corresponding metrics, indicating when the goal has been achieved. The transportation roadmap does provide a means for aviation officials to gauge their progress towards uniform objectives. Okay. Let us review the main points of this lesson. 1, the Transportation Roadmap was designed to facilitate improved cybersecurity across all transportation modes including aviation, highway, maritime, pipeline, and rail. 2, in response to Executive Order 16636, TSA said it would implement the Transportation Roadmap In voluntary cooperation with the industry. 3, the Transportation Roadmap is roughly comprised of three parts. One.Transportation Cybersecurity Standards.two,Transportation Goals and three, the Roadmap Process. Four, the Transportation Cybersecurity Standards are not mapped to Transportation Goals. That work is left to each implementing agency. 5, there are four transportation goals, each sorted into three sets classified by time-phased implementation. Either they're near-term, mid-term or long-term. 6, the Roadmap Process is similar to previous models in that it involves all stakeholders in a continuous improvement program. It is different in that it doesn't allow tailoring of Transportation Goals, though this is somewhat accommodated by the individual interpretation of matching standards. And 7, the Roadmap provides a means for aviation officials to gauge their progress towards uniform objectives. Please join me in the next lesson as we examine the difference of maintaining cybersecurity for mobile versus fixed assets, thank you.