This journal discusses cyber risks to transportation control systems, the Schedule Compliance Risk Assessment Methodology (SCRAM), and security for mobile network operators.
Articles In This Issue
Cyber Risk to Transportation Industrial Control Systems
This paper is a result of a cyber risk assessment undertaken with the goal of increasing the cyber awareness of operators of infrastructure, managers, and political leadership. The meaning of cyber has, in our opinion, been aggregated to a bumper sticker label so generic, it means very little of anything to anyone trying to understand cyber risk. Senior executives and political leaders have a very limited understanding of industrial control systems (ICS) and the crucial role ICS provide to public/private infrastructure, industry, and military systems. Therefore, to accomplish our purpose, we conducted a cyber-risk study focusing on a bridge tunnel ICS – a scenario of concern. In this paper we present the analytic approach, discuss our model, simulation, and analyze the results using a notational data and generic system description. As a result of this study we were able to discuss the importance of controls systems with senior leaders. We were able to demystify what we mean by “cyber” showing that it is possible through simulation to inject the effects of cyber scenarios of concern into simulations to assess impact. There was also an unintended benefit: During a system audit, ICS operators with decades of engineering experiences began to realize that the ICS is vulnerable to willful intrusion. More of these studies are needed to raise awareness.An Overview of the Schedule Compliance Risk Assessment Methodology (SCRAM)
Schedule slippage is an unfortunate reality for many large development programs. The Australian Defence Materiel Organisation Schedule Compliance Risk Assessment Methodology (SCRAM) provides a framework for identifying and communicating the root causes of schedule slippage and recommendations for going forward to Program and Executive-level management. It is based on a repeatable process that uses a root cause analysis of schedule slippage model to locate factors that impact program schedule along with a “health check” of the documented schedule, assessing its preparation and probability distribution of completion dates. SCRAM can be used at the commencement of a program to validate a proposed schedule and identify potential risks, during program execution as a “health check”, or as a diagnostic tool to identify root causes when schedule slippage occurs. To date, SCRAM has been applied to a number of major development acquisition programs in Australia and the United States. According to one documented report, seventy-eight percent of US Department of Defense Programs have experienced some form of schedule slippage [1]. Schedule slippage is a symptom of any number of problems or causes occurring on a project.4G LTE Security for Mobile Network Operators
Mobile network operators (MNOs) must grapple with complex security management in fourth generation Long Term Evolution (4G LTE) deployments. The security architecture of 4G LTE may lull MNOs into a sense of complacence that the technology intrinsically addresses security in LTE operations. 4G LTE has known security vulnerabilities. Besides inherent LTE vulnerabilities, 4G LTE includes long standing internet protocol (IP) based security weaknesses. The third generation partnership project (3GPP) has included security in their system architecture evolution (SAE) from inception, yet there are numerous security considerations deferred to the MNO. In terms of service delivery and operations MNOs are left to manage both LTE and IP based security vulnerabilities. This leads to complex security management requirements for MNOs. This paper covers a broad sweep of security issues that MNOs should consider when operating 4G LTE networks, and proposes directional preventative measures with the objective of highlighting the critical role MNOs have to play in securing 4G LTE operations.