Digital Worlds Collide: on Land, at Sea, and in the Air
October 19th, 2018The transportation sector is undergoing a profound change, marked by digital technology adoption, mass connectivity, and Information Technology (IT) and Operational Technology (OT) convergence. Stakeholders are embracing modernization across the board: on land and sea, and in the air.
Transportation companies are increasingly dependent on cyber systems for business and operational functions, not to mention safety and security. These systems are being leveraged for navigation, positioning, tracking, routing, and signaling, as well as for the more traditional communications, data, and business management systems. These newly digitized functions are being connected to networks and remote access terminals using wireless connectivity (from Bluetooth, Wi-Fi, cellular), Ethernet Internet Protocol (IP)-enabled networks, and satellite technologies like Global Positioning System (GPS).
Across all transportation sectors, operators are harnessing new information technologies to improve efficiency, optimize operations, and drive cost savings for the industry as well as for passengers.
For example, aircraft Original Equipment Manufacturers (OEMs) have been developing and implementing internet-enabled technologies (such as electronic flight bags, gatelink, aviation sensors, etc.). Today, internet-enabled aircraft are defined by highly integrated avionics architectures, IP-based networks, and Commercial Off-the-Shelf (COTS) components.
Similarly, the railway infrastructure is increasingly integrating automated IT systems. The latest generation of trains is completely automated and operates without drivers. In addition, the introduction of IT systems allows for the expansion of onboard train applications, train-to-track applications, as well as passenger infotainment systems.
Maritime operations are also undergoing significant change, with IT systems progressively underpinning port management and ship communications. Cargo management systems, for example, are being upgraded digitally, enabling interface with a variety of systems such as shipment tracking tools, but also bridge systems on board ships, notably ship navigation systems including GPS, Automatic Identification System (AIS), Electronic Chart Display and Information System (ECDIS), Global Navigation Satellite System (GNSS), Voyage Data Recorder (VDR), and radar/Automatic Radar Plotting Aid (ARPA).
The roadway infrastructure is one of the least developed in terms of IT implementation. The focus of much of the connectivity is around the vehicles themselves, rather than the infrastructure. However, field devices (such as traffic signals, roadside sensors, etc.) are gradually being connected to central monitoring systems for better traffic management. Further Intelligent Transportation Systems (ITS) and traffic management on highways and dense urban axes are emerging, as are connected vehicle technologies (V2V, V2X).
At the port and station levels, ground operations engage a variety of IT and OT systems, from journey and traffic management, instrument landing/docking/arrival system infrastructure, baggage transport and cargo management, to reservation and ticketing, check-in, and passenger control systems. Modern smart airports, stations, and ports are increasingly integrating into carrier systems (air and ship lines, railway companies, public transport authorities) in order to accommodate more passengers, cargo, and journeys while achieving ever-greater efficiency.
Wireless communications and smart device integration in aircrafts, vehicles, trains, and ships mean that these no longer function as closed systems. Today, they are often remotely linked and managed through open platforms and standardized equipment via public and private networks. While new technology provides inexpensive, readily available equipment that is easy to use and maintain, the security through obscurity of legacy devices is gone. IP-enabled connectivity means these systems are vulnerable to IP-based threats, and present a potential risk to transportation operators and users.
While physical security and safety have more developed standards across the modes, the cybersecurity of operational technologies is a fledgling discipline, with most stakeholders failing to address it currently. Cybersecurity is therefore a primary concern for the intelligent transportation infrastructure.
A critical area of concern is in ensuring safe, secure, and reliable communications aboard crafts and vessels, between them, and back to stations, ports, and other connected infrastructure elements (i.e., roadside units, air traffic control towers, maritime lighthouses). The security of communication between new smart devices and connected systems is vital, but also between vessels/crafts and ports/stations, whether these are wired or wireless, short or long-range communications.
The imperative is that security be applied in a comprehensive manner across all channels and protocols, from Bluetooth all the way to satellite. This is important especially in that many crafts and vessels will travel long distances and with the emergence of new services, such as mobility-as-a-service and freight-as-a-service. These will require consistent, secure and resilient connectivity from communication service providers.
Certainly, implementing appropriate cybersecurity requires a number of tools, processes, and people. The traditional information security framework can be applied, with some adaptations to the specific requirements of connected operational technologies. Assessing and understanding risks will provide the foundation for a comprehensive cybersecurity strategy. Deploying and maintaining appropriate cybersecurity mechanisms is the next step. This includes securing hardware, devices, software, systems, networks, and services. While not every element may need a dedicated security profile, a layered defense mechanism with security applied at critical points can provide proportionate cyber resiliency.
Collaboration, information sharing, personnel training, and education are all aspects that need to be considered and implemented for a comprehensive cybersecurity strategy — and not just for operators, but all stakeholders. This includes transport operators, Industrial Control System (ICS) manufacturers, service providers, and public authorities. Without a collaborative approach, the safety and security of a smart and connected transportation infrastructures cannot be effectively assured. VS