On March 10, 2016, the Federal Highway Research Institute (BASt) in Germany held a workshop on “Increasing IT Security for Traffic and Tunnel Control Centres” in Bergisch Gladbach within the framework of the Cyber-Safe research programme. 40 experts from traffic and tunnel monitoring attended this workshop. The participants involved were tunnel operators, tunnel managers, IT specialists as well as security and safety officers.
Transportation infrastructures assure the basic provision of the economy and society. As these infrastructures are increasingly monitored and controlled by IT systems, their protection against cyber attacks has become an ever greater challenge. The aim of the Cyber-Safe project is to enable operators of traffic, tunnel and public transport control centres to more easily identify hazards posed by cyber attacks and resort to suitable protective measures and counteractions.
In this connection, measures already undertaken are scrutinized regarding their efficacy. Subsequently a holistic security concept with the corresponding management tool is incorporated in a guideline and made available for practical application.
The Cyber-Safe project will run for a three-year period. It commenced in February 2015 and is funded by the Federal Ministry for Education and Research (BMBF) within the auspices of “IT Security for Critical Infrastructures” and supervised by the VDI/VDE Innovation + Forschung GmbH. All told, five partners stemming from industry and research are involved: BASt, STUVA, Dürr Group GmbH, Ruhr University Bochum and Straßen.NRW. Further details are available by accessing: cybersafe.stuva.de
The first workshop dealt with application on roads. In the open discussion with tunnel and traffic control centre operators, emphasis was placed on IT security. Against this background, the need as well as the demands posed on procedural guidelines was determined – on the one hand, to assess IT security currently available and on the other, to increase resistance against cyber attacks. In a series of lectures between the rounds of discussion – also involving the Federal Office for Information Security (BSI) – participants were familiarized with the subject matter and the legal framework. Furthermore the participants gained an insight into other operators’ experiences with the implementation of IT security procedures.
The project partners as well provided an insight of the project results that had been already accrued. Thus for example, the current level of the IT infrastructure reached by control centres was presented, which had been established based on a large number of interviews in control centres. These initial results that were available enabled conclusions to be arrived at in conjunction with the following aspects:
• Existing parallels between traffic, tunnel and public transport control centres
• Potentials for optimizing protection against cyber attacks
• Efficacy of protective measures already in use
• Current value of IT security
The participants addressed critical aspects and issues of relevance for them during intensive rounds of discussion. This culminated in a productive debate, during which findings relating to current, conceivable and future necessary measures designed to improve cyber security were obtained.
Further Course of Action
Within the scope of the workshop it was possible to gather invaluable recognitions relating to the need and the demands of users regarding the required procedural guidelines. These guidelines by and large consist of a manual and a software management tool. They are intended to enable the operators of control centres to identify the existing need for action relating to IT security and apply suitable measures in addition to the BSI IT basic protection catalogue and the ISO-27000 series. The applicability of the procedural guidelines will be substantiated during the course of the project by a demonstration at a control centre and a second workshop.
The procedural guidelines will be published at the end of the research project in early 2018 and will then be available to all interested operators free-of-charge thanks to support provided by the BMFB.
Dr.-Ing. Christian Thienert, STUVA e. V., Köln/Cologne, Deutschland/Germany
Dipl.-Ing. Selcuk Nisancioglu, BASt – Bundesanstalt für Straßenwessen, Bergisch Gladbach, Deutschland/Germany