T3e Webinar Overview
Transportation Cyber-Physical Security: Things We Should Know
Date: Thursday, May 10, 2018
Time: 1:00 PM – 2:00 PM ET
Cost: All T3e webinars are free of charge
PDH: 1.0 View PDH Policy
T3e Webinars are brought to you by the Intelligent Transportation Systems (ITS) Professional Capacity Building Program (PCB) of the U.S. Department of Transportation’s (U.S. DOT) ITS Joint Program Office (JPO). The purpose of this webinar series is to provide a platform for students to share their research findings. References in this webinar to any specific commercial products, processes, or services, or the use of any trade, firm, or corporation name is for the information and convenience of the public, and does not constitute endorsement, recommendation, or favoring by the U.S. DOT.
Threats to cyber-physical systems are targeting institutions and infrastructures around the world, and the frequency and severity of attacks are on the rise. Industries considered the most lucrative targets for adversaries include healthcare manufacturing, financial services, education, government, and transportation. Hacking is about more than companies, organizations, and banks—it also affects transportation critical infrastructure (e.g., automotive systems and field devices).
The broadcast nature of communication protocols used in automobiles is the main root of vulnerability of cars being hacked. But how is it that advanced communication protocols are incapable of providing sufficient security to counter these attacks? A brief answer may be that the “backward compatibility requirement in automobile industries” hinders the possibility of using any advanced protocol layer (digital) solutions for enhancing their security. We target this problem using a strong alternative intrusion-detection method, which lies mainly in the analog domain. This method extracts the influence of manufacturing inconsistencies of devices on their output analog signal, so-called fingerprints, and identifies compromised devices in the car on the basis of these fingerprints.
In recent years, ITS field devices such as variable message signs (VMS) have been hacked with greater frequency. VMS hacks can include physical and remote breaches due to weak system protection. To better understand security attacks on VMS we undertake a risk-based approach to perform a qualitative vulnerability-oriented threat analysis, which aims to identify issues caused by adversaries exploiting ITS security vulnerabilities. One deliverable of the risk assessment will be the impact-likelihood matrix, which maps the adverse impacts of the threat events into a meaningful visual matrix. The result provides insights for system operators and decision makers to prioritize the risks of a VMS hacking event.
Upon completion of this webinar, the audience will have learned about:
- Current security threats to the transportation network.
- Security vulnerabilities that exist in ITS field devices.
- Security vulnerabilities and cyber-physical attacks in automotive physical systems.
- Possible impacts that ITS security vulnerabilities might impose on road users and system operators.
The target audience includes transportation engineers, researchers, planners, decision makers, and individuals concerned with the consequences of a vulnerable transportation system.
Dr. Kevin P. Heaslip, Associate Professor of Civil and Environmental Engineering, Virginia Tech University
Dr. Kevin Heaslip is Associate Professor of Civil and Environmental Engineering at Virginia Tech. Dr. Heaslip also serves as the Associate Director of the Information Systems Laboratory at the Hume Center for National Security and Technology. His research interests lie in the connections of transportation, smart cities, resilience, and cybersecurity. He is currently a member of the National Academy of Engineering’s Resilient America Roundtable. Dr. Heaslip earned a BS in Civil and Environmental Engineering from Virginia Tech (with a Public and Urban Affairs minor); an MS in Civil and Environmental Engineering (Transportation and Infrastructure Systems Engineering) from Virginia Tech; and a PhD in Civil and Environmental Engineering (Transportation Engineering) from the University of Massachusetts Amherst.
Mahsa Foruhandeh, Graduate Research Assistant, Virginia Tech University
Mahsa Foruhandeh is a PhD student in the Department of Electrical and Computer Engineering at the Cyber-Physical Systems Security Lab (CPSS Lab). She received her MSc in telecommunications from Ozyegin University, Turkey in 2014, and her BSc in Electrical Engineering from the University of Tehran, Iran in 2011. Her research interests include automotive cybersecurity, hardware security, and wireless communication systems.
Kaveh B. Kelarestaghi, Graduate Research Assistant, Virginia Tech University
Kaveh B. Kelarestaghi is a PhD student in the Department of Civil and Environmental Engineering under the Transportation Infrastructure and Systems Engineering (TISE) Program at Virginia Tech. He has worked with the Maryland State Highway Administration and Federal Highway Administration, Office of Safety R&D. He received his MSc in Civil and Environmental Engineering from the University of Tehran, Iran in 2013. His research interests include ITS security and resiliency, safety, travelers’ behavior, and sustainability.