Skip Ribbon Commands
Skip to main content

Quick Launch

 

 Announcements

 
Attachments
  
  
  
  
7/13/2016 1:28 PM

 

 

 Discussion

 
  
  
  
  
There are no items to show in this view of the "Discussion" discussion board.

 

 

 Best Practices

 
Attachments
  
  
There are no items to show in this view of the "Best Practices" list.

 

 

 Reference Documents

 
  
  
  
  
Folder: Case Studies
  
7/22/2016 1:13 PMNo presence informationPocanic, Helena CTR (FHWA)
Folder: ConVeh info
  
7/22/2016 1:14 PMNo presence informationPocanic, Helena CTR (FHWA)
Folder: CS Advisories
  
7/22/2016 1:13 PMNo presence informationPocanic, Helena CTR (FHWA)
Folder: CS Presentations
  
7/22/2016 1:14 PMNo presence informationPocanic, Helena CTR (FHWA)
Folder: CS Reference Docs
  
7/22/2016 1:15 PMNo presence informationPocanic, Helena CTR (FHWA)
Folder: CS Team - Action Logs - Work plans
  
7/22/2016 1:15 PMNo presence informationPocanic, Helena CTR (FHWA)
Folder: DEFCON 22 - AUGUST 2014
  
7/22/2016 1:16 PMNo presence informationPocanic, Helena CTR (FHWA)
Folder: DEFCON 24 Presentations
  
11/9/2016 1:10 PMNo presence informationMurphy, Ray (FHWA)
Folder: DEFCON Trip Reports
  
7/22/2016 1:16 PMNo presence informationPocanic, Helena CTR (FHWA)
Folder: DHS ICS CS Training Materials Jan 2016
  
7/22/2016 1:15 PMNo presence informationPocanic, Helena CTR (FHWA)
Folder: DHS references - docs - pubs
  
7/22/2016 1:15 PMNo presence informationPocanic, Helena CTR (FHWA)
Folder: HCSF Materials June 2016
  
11/10/2016 10:24 AMNo presence informationMurphy, Ray (FHWA)
Folder: ICS-CERT     Industrial Control Systems Cyber Emergency Response Team
  
7/22/2016 1:15 PMNo presence informationPocanic, Helena CTR (FHWA)
Folder: ORDERS --- POLICIES --- DIRECTIVES
  
7/22/2016 1:15 PMNo presence informationPocanic, Helena CTR (FHWA)
Folder: Security Assessments - Threat Matrix
  
7/22/2016 1:15 PMNo presence informationPocanic, Helena CTR (FHWA)
ransomware attacks during the last 12 months - Nov 2016.pdf
  
11/10/2016 10:06 AMNo presence informationMurphy, Ray (FHWA)
 

 Links

 
  
Comments
  
  
  
  
  
Tips on stronger password can be found here.
  
FHWA Order 5181.1a Emergency Reporting Procedures 3-5-2010
  
CS Research ethics
  
CS Research ethics
  
ICS-CERT Cyber Security Evaluation Tool
  
Request for Information (RFI) recently issued by the Department of Commerce, National Institute of Standards and Technology (NIST).  For context, NIST issued this RFI to gather information on version 1.0 of the voluntary Framework for Improving Critical Infrastructure Cybersecurity. The goal of the RFI is to gain understanding of organizations' awareness of and experiences with this Cybersecurity Framework.
  
The Center for Internet Security is a 501c3 nonprofit organization focused on enhancing the cyber security readiness and response of public and private sector entities, with a commitment to excellence through collaboration. CIS provides resources that help partners achieve security goals through expert guidance and cost-effective solutions.

  
ICS-CERT Roadmap to Secure Control Systems in the Transportation Sector
  
The use of the following ICS tools to assess their current security posture as a precursor to any cyber security program is recommended.
  
Video from 2014 DEFCON on hacking driverless vehicles.
  
Cryptography is the science of writing in secret code and is an ancient art; the first documented use of cryptography in writing dates back to circa 1900 B.C. when an Egyptian scribe used non-standard hieroglyphs in an inscription. Some experts argue that cryptography appeared spontaneously sometime after writing was invented, with applications ranging from diplomatic missives to war-time battle plans. It is no surprise, then, that new forms of cryptography came soon after the widespread development of computer communications. In data and telecommunications, cryptography is necessary when communicating over any untrusted medium, which includes just about any network, particularly the Internet.

Encryption plays an essential role in protecting the privacy of electronic information against threats from a variety of potential attackers. In so doing, modern cryptography employs a combination of conventional or symmetric cryptographic systems for encrypting data and public-key or asymmetric systems for managing the keys used by the symmetric systems. Assessing the strength required of the symmetric cryptographic systems is therefore an essential step in employing cryptography for computer and communication security.

  
Laurel, MD--19 September 2014.

Presentations by and to five academic researchers from the Universities of Maryland, Bonn, and Leibniz were the order of the day at a special ceremony in Emerson Cafe. The scholars were recognized as the winners of the Best Paper of 2013 in Cybersecurity and the runner up.

Dr. Deborah Fincke, NSA Director of Research, welcomed and thanked them for their contribution to the evolving Science of Security. Dr. Michael Hicks of the University of Maryland led the winning team which included Dr. Elaine Shi and graduate student Chang Liu. Their work, "Memory Trace Oblivious Program Execution" showed that combing Programming Languages (PL) and cryptography can yield memory trace obliviousness (MTO). Their goal was to address the problem when, in the Cloud, data encryption can mask content, but not header information. Using Oblivious RAM, around as a "curiosity" since the 1980's, they demonstrated a hybrid system that allows a relatively small overhead while masking both headers and content.

Dr. William Smith, now at the University of Bonn, and his colleague Sascha Fahl, University of Leibniz, presented the Honorable Mention paper, "Rethinking SSL Development in an Applied World." Dr. Smith told the audience about the problem of SSL certificate failure on Android and I-Phones. Their research showed that 14% to 18% of the applications they looked at were subject to Man in the Middle Attacks (MITMA ) because SSL certificates were invalid or bypassed. To find the reasons for this security failure, they interviewed developers and looked at the nature of the specific problem with the certificate. Their conclusions indicate that developers often inadvertently shut down and leave off the certificates for SSL when they develop apps, including one antivirus software that was used as an example.





  
The Clean-Slate Design of Resilient, Adaptive, Secure Hosts (CRASH) program will pursue innovative research into the design of new computer systems that are highly resistant to cyber-attack, can adapt after a successful attack to continue rendering useful services, learn from previous attacks how to guard against and cope with future attacks, and can repair themselves after attacks have succeeded.
  
TRB CYBERSECURITY May 2015 WEBINAR - RECORDING


 

 

 Members

 
  
Agency/Organization
  
  
  

​US DOT/FHWA/Office of Technical Services

ITS Specialistray.murphy@dot.gov
  

USDOT/FHWA Resource Center

Transportation Technologies Specialist Edward.Fok@dot.gov
  

Federal Highway Administration - New Jersey Division

ITS Engineerekaraj.phomsavath@dot.gov
  

Federal Highway Administration - DC Division

Traffic Operations / Safety Engineer peter.doan@dot.gov