November 14, 2019, 12:00PM (ET)
Enhancing Cybersecurity in Public Transportation
As transportation infrastructure continues to expand from isolated nodes to large interconnected networks, cybersecurity is a critical concern for transit agencies. This report provides recommendations and suggested policies for transit agencies that may help reduce cybersecurity liabilities. The recommendations are informed by a literature review of existing vulnerabilities, a survey of Florida transit agencies, a taxonomy of transit technologies, outcomes of cybersecurity working groups and workshops, and hands-on analyses of several technologies, all of which were conducted as part of this project. Existing vulnerabilities were discovered in literature for connected vehicles, autonomous vehicles, electronic ticketing systems, traffic signal controllers, traffic signal priority, and dynamic message signs. Survey participants ranked employee training as the biggest challenge to implementing good cybersecurity practices. The taxonomy of transit technologies was based on five dimensions: extent of deployment in Florida, mode of transportation, functionality, responsible organizations, and liabilities. The report also includes the results of the cybersecurity working group meetings and workshops held during the project and provides a detailed analysis of a vulnerability discovered in a Florida mobile fare payment application by the research team. Important areas of future work include further examining mobile fare payment apps, onboard Wi-Fi, and traffic controller equipment, as well as adding cybersecurity components to the existing management plan processes currently established for safety and security in Florida.
Presenters: Jay Ligatti, Ph.D., and Kevin Dennis, University of South Florida; and Sean J. Barbeau, Ph.D., Center for Urban Transportation Research
Sean J. Barbeau, Ph.D. is the Principal Mobile Software Architect for R&D at the Center for Urban Transportation Research at the University of South Florida. His research interests include multimodal mobile apps, open-source software, standardized open data, and cybersecurity for mobile phones and transportation infrastructure. Dr. Barbeau holds a B.S. and M.S. in Computer Science from USF as well as a Ph.D. in Computer Science and Engineering from USF.
Jay Ligatti is a Professor in the Department of Computer Science and Engineering at the University of South Florida. His research areas are software security and programming languages. His research projects have focused on improving the security of transportation systems and data, web applications, executable binaries, and user-authentication systems.
Kevin Dennis is a Ph.D. student in the Department of Computer Science and Engineering at the University of South Florida. His research interests include software security and cybersecurity for transportation infrastructure. Kevin holds a B.S. in Computer Science from the University of South Florida.