Description of a Hypothetical Threat
A hypothetical threat of physical attack in the transportation systems sector is an unauthorized interference in transport and logistics processes that leads to a malfunction of the transport system, and can threaten man-made disasters.
Brief Background on the Critical Infrastructure
The critical infrastructure of physical attacks primarily includes vehicles: first of all, these are objects related to the transport infrastructure (Shapiro et al., 2018). For example, these are railway, tram and inland waterways, highways, tunnels, overpasses, bridges, train stations, railway and bus stations, as well as subways.
Risks, Threats, Hazards & Vulnerabilities
Among the risks of physical attack are explosions of transport facilities, blocking of transport communications, seizure of vehicles, buildings and hostages. Special attention should be paid to the risk of acts of terrorism in transport. This creates a high threat of public danger and violations of the operational situation at the facilities of the transport complex (Moulahi et al., 2022). A threat of seizure is created, which consists in establishing control over the transport complex by force, or by the threat of the use of force, or by any other form of intimidation. The hazards that can be caused by this are the possibility of committing theft of elements of the transport complex, which can lead them into an unusable condition that threatens the life or health of personnel, passengers and others. Vulnerable in this case are primarily the lives or health of personnel, passengers and other persons, as well as tangible property, such as cargo.
Impact of Damage on Dependencies & Interdependencies
The impact of damage on dependencies is damage to transport and technical means or disruption of the logistics chain. The impact of damage on independencies poses a threat to national security in general, growing from a local level into a large-scale terrorist operation.
Existing Resiliency
The existing resilience to the threat of physical attack is to protect transport infrastructure facilities throughout the entire transport system (Guzman et al., 2019). There is a tendency to protect each of the individual infrastructure facilities, which allows reducing the damage from threats in the field of transport security.
Minimizing Disruption
With the aim of minimizing disruption from the threat of physical attack is the timely collection of a set of information about the number of violators, their equipment, preparedness, awareness, as well as potential actions.
Technical Requirements
Technical requirements for protection against the threat of physical attack include special equipment that protects the control systems of engineering and technical systems for ensuring transport security from third-party influence (Guzman et al., 2019).
Cyber Event
Description of a Hypothetical Threat
Hypothetical threat of cyber event is a threat to computer systems and technologies that may affect operations related to the transportation of goods or passengers.
Brief Background on the Critical Infrastructure
Critical infrastructure includes customers, suppliers, and passengers, such as contact details: full name, phone numbers, e-mails and personal addresses. Thus, cyber events primarily negatively affect the corporate data infrastructure.
Risks, Threats, Hazards & Vulnerabilities
The risks of a cyber event are the encryption of various systems by hackers and the subsequent demand for ransom to restore operations. Moreover, the risk of cyber events is cyber espionage with the motive of stealing confidential information, or installing malicious software to disrupt the operation of computer systems of ships. The threat of cyber events to the transportation sector is represented by phishing attacks aimed at obtaining confidential information and hackers gaining access to passenger lists in order to allow unauthorized persons to buy them (Deka et al., 2018). The hazards of cyber events are the compromise of confidential data and the loss of material assets. The most vulnerable to cyber events are confidential data of passengers and carriers: full name and surname, addresses, insurance numbers, bank cards and driver’s licenses. Moreover, vulnerable are the management systems of the transport and logistics sector, for example, electronic control units, navigation and other information systems.
Impact of Damage on Dependencies & Interdependencies
The impact of damage on dependencies is the sale of personal user profiles collected by scammers during cyber events to the black market for rental on the shadow Internet, for example, for the purpose of mining. The impact of damage on independencies is the loss of funds by the partner company due to the encryption of company data by hackers who set auto-deletion and demand a ransom from organizations for unblocking access to the system (Stellios et al., 2021).
Existing Resiliency
Existing cyber event resilience is a means of protection against external and internal cyber attacks. To ensure security in the transport sector, as a rule, such security methods as access control, creation of firewalls, logging, authentication and cryptography are used.
Minimizing Disruption
In order to minimize disruption from cyber events, the transportation sector actively uses software for detecting, monitoring, analyzing and responding to potential cyber threats.
Technical Requirements
Technical requirements for the prevention of cyber events in the transport sector include SIEM systems aimed at monitoring and analyzing IT systems and detecting incidents in information security.
Natural Disaster
Description of a Hypothetical Threat
A hypothetical threat of natural disaster are earthquakes, floods, landslides and other cataclysms that lead to the destruction of the transport and logistics chain.
Brief Background on the Critical Infrastructure
The critical infrastructure includes transport communications that ensure the movement of goods and passengers within cities, in intercity, inter-district and international communications (Ganin et al., 2019). Natural disaster affects the infrastructure of various types of road transport complex: land, water and air.
Risks, Threats, Hazards & Vulnerabilities
The risks of natural disaster for transportation sector consist in a significant impact on the condition of highways and railways, up to the point of rendering them unusable. Risks are possible violations of the structural integrity of roads, bridges, drainage systems and tunnels, which may require more frequent repair and restoration work (Gunes et al., 2021). The threats of natural disasters are the creation of danger to the lives of workers and passengers, as well as threats to the integrity of the transported goods. Hazards of natural disease consist in the safety and continuity of traffic on roads in difficult climatic conditions. The most vulnerable to the effects of natural diseases are the condition of roads, as well as the technical condition of vehicles. The infrastructures of control and loading centers are vulnerable.
Impact of Damage on Dependencies & Interdependencies
The impact of damage on dependencies is to significantly extend the transportation time, and on the other hand, reduce the period and the possibility of delivering goods to hard-to-reach areas. There will be a tangible impact of natural disasters on such dependencies as the cost of construction and maintenance of ports (Das & Gündüz, 2019). The impact of damage on independencies is an increase in fuel and electricity costs.
Existing Resiliency
Existing resilience consists in the application of adaptation measures in the transport sector, which are aimed at reducing vulnerability and increasing the resilience of systems to the effects of climatic factors and the effects of natural disasters (Broo et al., 2021). This involves working not only on the physical strength and durability of the infrastructure, allowing it to withstand adverse impacts, but on the possibility of rapid recovery with minimal costs.
Minimizing Disruption
Minimizing disruption of natural disaster in the transport sector is to take into account the potential impact of a changing climate in the planning, design, construction and operation of transport infrastructure.
Technical Requirements
Technical requirements for countering natural disasters consist in the installation of climate control software along the entire length of highways.
Critical Infrastructure
The critical infrastructure of the transport system covers all methods of transportation, such as aviation, sea routes, highways, railways and pipelines. It is a vast, open, interdependent network system that moves millions of passengers and millions of goods every year. Critical transport infrastructure facilities should receive special attention due to numerous threats. It is necessary to have plans to protect critical infrastructure. These plans should identify critical objects, both tangible and intangible assets of the transport and logistics chain, the destruction or disruption of which will seriously undermine public safety, order and disrupt the supply of goods and passengers. Such harm can be catastrophic and have great consequences.
The sources of risks for the transport critical infrastructure can be natural or man-made. Natural disasters include various natural disasters, such as earthquakes, floods, landslides and others. Man–made ones include terrorist acts, sabotage, military actions, and cyber attacks. Basically, government strategies adopt a risk management approach to the protection of transport critical infrastructure at the national level (Markolf et al., 2019). This approach helps governments identify key security assets, assess risks, and establish strategies and priorities to mitigate these risks. In general, the risk management strategy includes the following measures: prevention, preparedness, response and recovery.
The policy related to transport critical infrastructure attempts to coordinate the role of private operators of such infrastructure, whether they are domestic or foreign, in order to protect critical infrastructure by covering a wide range of public interests. However, the role assigned to investment policy in protecting critical infrastructure transportation is changing (Androjna et al., 2020). All national transport critical infrastructure protection programs implement a risk management approach to the protection of critical facilities. Risk management helps the government identify key security assets, assess risks, and set strategies and priorities to mitigate them. In general, the risk management strategy includes the following measures: prevention, preparedness, response and recovery. Private transport critical infrastructure protection operators play an important role in this activity (Deka et al., 2018). The national strategy for the protection of critical infrastructure transport should cover the so-called theory of all hazards, consider threats to infrastructure, the sources of which are natural disasters, accidents or deliberate cyber or physical attacks.
Interdependence is the main test for risk management in the theory of transport critical infrastructure protection due to the fact that the economy and society rely on the interdependence and interconnection of infrastructure subsystems. All this can result in a phenomenon called the cascade effect (Valaskova et al., 2022). In view of this concept of taking into account all threats, transport critical infrastructure protection involves the involvement of a wide range of different agencies and institutions, including government agencies at various levels and international organizations. Private transport critical infrastructure protection operators are an important part of critical infrastructure protection.
Summing up, it can be concluded that there are several main directions of transport critical infrastructure protection. First of all, it is the use of a comprehensive approach, programs that cover the main, main threats to the infrastructure, regardless of their source. It is the coordination of the work of a wide range of agencies and institutions.
References
Androjna, A., Brcko, B., Pavic, I., & Greidanus, H. (2020). Assessing cyber challenges of maritime navigation. Journal of Maritime Science and Engineering, 8(776), 1–21.
Broo, D. G., Boman, U., & Törngren, M. (2021). Cyber-physical systems research and education in 2030: Scenarios and strategies. Journal of Industrial Information Integration, 60(24), 368–386.
Das, R., & Gündüz, M. Z. (2019). Analysis of cyber-attacks in IOT-based critical infrastructures. International Journal of Information Security Science, 8(4), 122–133.
Deka, L., Khan, S. M., Chowdhury, M., & Ayres, N. (2018). Transportation cyber-physical system and its importance for future mobility. Future Generation Computer Systems, 79(2), 576–588.
Ganin, A. A., Mersky, A. C., Jin, S. A., Kitsak, M., Keisler, J. M., & Linkov, I. (2019). Resilience in intelligent transportation systems (ITS). Transportation Research Part C: Emerging Technologies, 100(19), 318–329.
Gunes, B., Kayisoglu, G., & Bolat, P. (2021). Cyber security risk assessment for seaports: A case study of a container port. Computers & Security, 103(94), 850–860.
Guzman, N. H., Wied, M., Kozine, I., & Lundteigen, M. A. (2019). Conceptualizing the key features of cyber-physical systems in a multi-layered representation for safety and security analysis. Systems Engineering, 23(12), 189–210.
Markolf, S. A., Hoehne, H., Fraser, A., Chester, M. V., & Underwood, B. S. (2019). Transportation resilience to climate change and extreme weather events: Beyond risk and robustness. Transport Policy, 74(24), 174–186.
Moulahi, T., Jabbar, R., Alabdulatif, A., Abbas, S., Khediri, S. E., Zidi, S., & Rizwan, M. (2022). Privacy-preserving federated learning cyber-threat detection for intelligent transport systems with blockchain-based security. Early View, 41(3), 311–336.
Shapiro, L. R., Maras, M. H., Velotti, L., Pickman, S., Wei, H. L., & Till, R. (2018). Trojan horse risks in the maritime transportation systems sector. Journal of Transportation Security, 11(3), 65–83.
Stellios, I., Kotzanikolaou, P., & Grigoriadis, C. (2021). Assessing IoT enabled cyber-physical attack paths against critical systems. Computers & Security, 107(18), 403–410.
Valaskova, K., Nagy, M., Zabojnik, S., & Lăzăroiu, G. (2022). Industry 4.0 wireless networks and cyber-physical smart manufacturing systems as accelerators of value-added growth in Slovak exports. mathematics, 10(11), 1–21.