Abstract

Abstract The National Transportation Safety Board is charged with investigating transportation-related accidents and incidents in the aviation, railroad, highway, marine and pipeline infrastructure. The increasing integration of traditional information technology systems with operational technol-ogy systems increases the cyber vulnerabilities and risk. National Transportation Safety Board investigations require trustworthy data to determine accident and incident causes and remedies. This chapter explores the requirements for trust in the critical transportation infrastructure due to operational technology and information technology integration. The focus is on internal aircraft systems and their data in accident investigations. While commercial avionics systems employ very reliable serial bus architectures, these systems and their components were not designed with cyber security in mind. Cyber state mechanisms such as software attestation and data protection must be designed into sys-tems and validated to support trust requirements for accident investi-gations. Additionally, it is important to ensure the secure collection of data used in investigations, employ anomaly detection techniques to detect potential cyber attacks and establish a vulnerability registry and risk assessment system as in the information technology domain to share information and address potential cyber security problems.

Date

2020

Authors

Tim Ellis, Michael Locasto, David Balenson

Journal

Critical Infrastructure Protection XIV: 14th IFIP WG 11.10 International Conference, ICCIP 2020, Arlington, VA, USA, March 16–17, 2020, Revised Selected Papers

Pages

69

Publisher

Springer Nature