Enhancing Transportation System Cybersecurity

Research Lead: Brian Peterson

UC Campus(es): UC Berkeley

Problem Statement: The transportation system depends on a variety of information technology systems that control road infrastructure and traffic management, trains, maritime operations, freight, public transit, toll/fare collection, and air traffic. These critical systems support organizational functions operating including payroll, scheduling, and billing. Transportation is also increasingly dependent upon the security of systems in other industries, including the petroleum industry, the electrical grid, financial systems, and others. It takes a vast network of systems, many invisible to those using them, to move goods and people efficiently and effectively. As a result, the transportation system is increasingly vulnerable to cyber-attacks, often in ways we can’t imagine. The transportation system itself is insufficiently hardened from attacks. The most recent example of this is the ransomware attack on Colonial Pipeline’s operations, resulting in fuel shortages and damages to the economy yet to be fully quantified. An actor with a motive other than mere financial gain could have caused significantly more disruption and damage. As a consequence, there is an urgent need to examine the transportation system and its dependencies, to identify threats, vulnerabilities, attack vectors, and impacts of security events in order to prioritize where resources should best be spent.

Project Description: This research project will conduct a high-level review of the threats and vulnerabilities within the different sectors of the transportation system in California, including: air, freight, public transit; rail, maritime, micromobility, personal vehicles, road Infrastructure, and local, regional, state, and federal management. The project will review the current state of cybersecurity in each sector, including recent incidents, their causes, impacts, and potential mitigation actions. The project will create a dependency tree diagram illustrating the interconnected security threats to each of these and related systems and services in other sectors of our economy. This will include potential factors that could disrupt or damage elements of the transportation system, the risks they pose, attack vectors utilized in the past, possible future attack vectors that arise as transportation technology advances, as well as the potential impacts from cyberattacks. The research will also provide an analysis of the different issues faced by organizations and individuals in attempting to address the cybersecurity of the transportation system. Topics will include organizational management, funding, technology, human capital and skills, and supporting services and systems. In addition, the research will look at the potential of cybersecurity lapses to slow advancements in transportation. For instance, public perception of the impacts of cybersecurity events on the safety of connected and automated vehicles could affect the adoption of these new technologies.

Status: In Progress

Budget: $50,000

Project Partner(s): Caltrans Division of Traffic Operations