The North American transportation grid enables our national and international commerce and supports literally all other critical infrastructures within the United States. However, increasing reliance on computer technology for improved communication and automation of traffic and transportation control networks has created vulnerabilities within those control systems that are similar to those seen in electric power control systems. Particularly vulnerable are (1) control center and dispatch communications, (2) computer controlled equipment for access, safety and monitoring, and (3) remotely accessible real-time actuators regulating transportation flow (e.g., bridges, tunnels, rail crossings, arterial routes, etc.). Especially vulnerable are IP-addressable and modem-accessible in-the-field devices used to monitor and regulate traffic flows in large urban environments.
Cyber attacks and electronic sabotage targeted against these vulnerabilities have the capability of inducing transportation disruptions over very large geographic areas. Loss of life, property, production, and service may result from those outages. With the financial support of the National Institute of Standards and Technology (NIST) we have undertaken a two year study of similar vulnerabilities with the electric power infrastructure. Our analyses of cascading failures within the electric power grid demonstrates that catastrophic failure is fraught with common mode faults. Post-mortem analyses show that these faults can be identified and modeled using methods we call Common Mode Failure Analysis (CMFA). In addition, we are currently defining/adapting methodology for Security and Survivability Systems Analysis (S/SSA). When used together CMFA and S/SSA provide effective tools to identify network vulnerabilities, and point the way toward mitigation strategies and design parameters that can be used to construct more robust and survivable control networks. In the proposed work we intend to further define and adapt our CMFA and S/SSA processes such that they are applicable to transportation control networks. Technological deliverables are described in the next two sections.