L22 Aviation Transportation Roadmap

Loading...

From the course by University of Colorado System

Cybersecurity Policy for Aviation and Internet Infrastructures

52 ratings

University of Colorado System

Cybersecurity Policy for Aviation and Internet Infrastructures

52 ratings

Course 3 of 4 in the Specialization Homeland Security and Cybersecurity

In this course we will examine the aviation and Internet infrastructures, and various policies that have been developed to help guide and strengthen their cybersecurity programs. The aviation and Internet infrastructures are also considered "lifeline infrastructure" as part of the transportation and communications sectors. Both subsectors are overseen by the Department of Homeland Security National Protection and Programs Directorate which manages the DHS National Infrastructure Protection Program. SSA responsibility for the aviation subsector is shared between the Transportation Security Administration and Federal Aviation Administration under the auspices of the Department of Homeland Security and Department of Transportation respectively. The Department of Homeland Security retains sole responsibility as the Sector-Specific Agency for the Internet subsector. While TSA and FAA have regulatory over the aviation subsector, DHS has no regulatory authority whatsoever over the Internet. In response to Executive Order 13636 issued by President Obama in February 2013, both sets of SSAs recommended continuing with voluntary cybersecurity measures. TSA and FAA reported they were working to implement the Transportation Roadmap across all transportation subsectors, including aviation. DHS reported that it was working with Internet providers to implement the Cyber Assessment Risk Management Approach. Despite some differences, the Transportation Roadmap and CARMA are very similar to the NIST Cybersecrity Framework and ES-C2M2 examined previously. That is to say, they are predicated on a continuous improvement process that engages the whole organization in identifying and implementing incremental changes to enhance cybersecurity practices based on prevailing standards. This module will examine both the aviation and Internet lifeline infrastructure subsectors, and elements and application of the Transportation Roadmap and CARMA.

From the lesson

Module 9: Aviation Infrastructure & Transportation Roadmap

In this module will examine the aviation subsector and the Transportation Roadmap for strengthening this infrastructure's resistance to cyber attack.

L22 Aviation Transportation Roadmap5:25

Meet the Instructors

Richard White
Assistant Research Professor
Computer Science

Welcome to lesson 22.

In this lesson we will examine the roadmap to secure

control systems in the transportation sector.

As stated previously the transportation roadmap as we will call it,

was developed under the auspices of the Department of

Homeland Security's Control Systems Security Program and

released in August, 2012.

The Transportation Security Administration cited the transportation roadmap in

its 2014 reply to Executive Order 13636,

saying it provided the basis for improving cyber security

within the transportation sector in voluntary cooperation with industry.

The transportation roadmap is broad based, addressing all modes of transportation,

including aviation, highway, maritime, pipeline, and rail.

The transportation roadmap is roughly comprised of three parts.

One, transportation cyber security standards.

Two, transportation goals and three, roadmap process.

As with a NIST cyber security framework and the electricity subsector

cyber security capability material model, the transportation road map

is based upon existing standards, guidelines, and best practices.

The transportation cybersecurity standards specific to each

transportation mode are listed in appendix C of the transportation roadmap.

Unfortunately, they are not freely available over the internet.

Also, as with the previous models,

the transportation roadmap identifies target capabilities.

They're organized into four transportation goals.

One, build a culture of cyber security.

Two, assess and monitor risk.

Three, develop and implement risk reduction and mitigation measurements.

And four, manage incidents.

Unlike the previous models though, the transportation goals are classified by

implementation time frames, as one near term, two midterm, and three long term.

Finally, the roadmap process is also similar to previous models

in that it engages all stakeholders, inside and

outside the organization, in a continuous improvement program.

The four steps of the roadmap process are, 1 socialize roadmap and gain buy in.

2, Develop Action Plans.

3, Implement priority actions and 4, communicate results and sustain efforts.

While the roadmap process is similar to the previous models,

it is also subtly different.

Because the transportation goals are time phased,

the roadmap process does not include a step for identifying target capabilities.

It assumes all will be done within the given time phase,

it's just a matter of prioritizing which gets done first.

There is no tailoring of capabilities as there were in the previous models.

This one size fits all works primarily because the roadmap goals are not

mapped to specific standards, as was the case with the previous models.

It is the job of each implementor to match the standards to the goals.

Finally, the transportation roadmap does include

one thing not found in the NIST Cybersecurity Framework or ES-C2M2.

For each transportation goal, the roadmap also identifies corresponding metrics,

indicating when the goal has been achieved.

The transportation roadmap does provide a means for

aviation officials to gauge their progress towards uniform objectives.

Okay.

Let us review the main points of this lesson.

1, the Transportation Roadmap was designed to facilitate improved cybersecurity

across all transportation modes including aviation,

highway, maritime, pipeline, and rail.

2, in response to Executive Order 16636, TSA said it would implement

the Transportation Roadmap In voluntary cooperation with the industry.

3, the Transportation Roadmap is roughly comprised of three parts.

One.Transportation Cybersecurity Standards.two,Transportation Goals and

three, the Roadmap Process.

Four, the Transportation Cybersecurity Standards are not mapped to

Transportation Goals.

That work is left to each implementing agency.

5, there are four transportation goals,

each sorted into three sets classified by time-phased implementation.

Either they're near-term, mid-term or long-term.

6, the Roadmap Process is similar to previous models

in that it involves all stakeholders in a continuous improvement program.

It is different in that it doesn't allow tailoring of Transportation Goals,

though this is somewhat accommodated by the individual interpretation

of matching standards.

And 7, the Roadmap provides a means for

aviation officials to gauge their progress towards uniform objectives.

Please join me in the next lesson as we examine the difference of maintaining

cybersecurity for mobile versus fixed assets, thank you.

Explore our Catalog

Join for free and get personalized recommendations, updates and offers.

Coursera provides universal access to the world’s best education, partnering with top universities and organizations to offer courses online.

© 2018 Coursera Inc. All rights reserved.

Download on the App Store

Get it on Google Play