IDEAS home Printed from https://ideas.repec.org/a/spr/envsyd/v33y2013i4d10.1007_s10669-013-9481-2.html
   My bibliography  Save this article

Cyber risk to transportation, industrial control systems, and traffic signal controllers

Author

Listed:
  • Barry C. Ezell

    (Virginia Modeling, Analysis and Simulation Center)

  • R. Michael Robinson

    (Old Dominion University Center for Innovative Transportation Solutions)

  • Peter Foytik

    (Virginia Modeling, Analysis and Simulation Center)

  • Craig Jordan

    (Virginia Modeling, Analysis and Simulation Center)

  • David Flanagan

    (Virginia Modeling, Analysis and Simulation Center)

Abstract

This paper is a result of a cyber risk assessment with a goal of increasing awareness to operators of infrastructure, managers, and political leadership. Senior executives and political leaders have a very limited understanding of industrial control systems (ICS) and of the crucial role ICS provide to public/private infrastructure, industry, and military systems. Therefore, to accomplish our purpose, we conducted a cyber-risk study focusing on a bridge tunnel ICS and a cyber event that tampered with traffic light operation—two scenarios of concern for senior leaders. In this paper, we present the analytic approach, discuss our model and simulation, and analyze the results using a notational data and generic system description. As a result of this study, we were able to discuss the importance of controls systems with senior leaders. We were able to demystify what we mean by “cyber”, showing that it is possible through simulation to inject the effects of cyber scenarios of concern into simulations to assess impact. Most importantly, during a system audit, ICS operators with decades of engineering experience began to realize that the ICS is vulnerable to willful intrusion.

Suggested Citation

  • Barry C. Ezell & R. Michael Robinson & Peter Foytik & Craig Jordan & David Flanagan, 2013. "Cyber risk to transportation, industrial control systems, and traffic signal controllers," Environment Systems and Decisions, Springer, vol. 33(4), pages 508-516, December.
  • Handle: RePEc:spr:envsyd:v:33:y:2013:i:4:d:10.1007_s10669-013-9481-2
    DOI: 10.1007/s10669-013-9481-2
    as

    Download full text from publisher

    File URL: http://link.springer.com/10.1007/s10669-013-9481-2
    File Function: Abstract
    Download Restriction: Access to the full text of the articles in this series is restricted.

    File URL: https://libkey.io/10.1007/s10669-013-9481-2?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Basnight, Zachry & Butts, Jonathan & Lopez, Juan & Dube, Thomas, 2013. "Firmware modification attacks on programmable logic controllers," International Journal of Critical Infrastructure Protection, Elsevier, vol. 6(2), pages 76-84.
    2. Stanley Kaplan & B. John Garrick, 1981. "On The Quantitative Definition of Risk," Risk Analysis, John Wiley & Sons, vol. 1(1), pages 11-27, March.
    3. Shan, Xiaojun & Zhuang, Jun, 2013. "Hybrid defensive resource allocations in the face of partially strategic attackers in a sequential defender–attacker game," European Journal of Operational Research, Elsevier, vol. 228(1), pages 262-272.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Javier Cano & Alessandro Pollini & Lorenzo Falciani & Uğur Turhan, 2016. "Modeling current and emerging threats in the airport domain through adversarial risk analysis," Journal of Risk Research, Taylor & Francis Journals, vol. 19(7), pages 894-912, August.
    2. Zachary A. Collier & Igor Linkov & James H. Lambert, 2013. "Four domains of cybersecurity: a risk-based systems approach to cyber decisions," Environment Systems and Decisions, Springer, vol. 33(4), pages 469-470, December.
    3. Perez, Yuri & Pereira, Fabio Henrique, 2021. "Simulation of traffic light disruptions in street networks," Physica A: Statistical Mechanics and its Applications, Elsevier, vol. 582(C).

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Abdolmajid Yolmeh & Melike Baykal-Gürsoy, 2019. "Two-Stage Invest–Defend Game: Balancing Strategic and Operational Decisions," Decision Analysis, INFORMS, vol. 16(1), pages 46-66, March.
    2. S. Cucurachi & E. Borgonovo & R. Heijungs, 2016. "A Protocol for the Global Sensitivity Analysis of Impact Assessment Models in Life Cycle Assessment," Risk Analysis, John Wiley & Sons, vol. 36(2), pages 357-377, February.
    3. Chen, Fuzhong & Hsu, Chien-Lung & Lin, Arthur J. & Li, Haifeng, 2020. "Holding risky financial assets and subjective wellbeing: Empirical evidence from China," The North American Journal of Economics and Finance, Elsevier, vol. 54(C).
    4. Niël Almero Krüger & Natanya Meyer, 2021. "The Development of a Small and Medium-Sized Business Risk Management Intervention Tool," JRFM, MDPI, vol. 14(7), pages 1-14, July.
    5. Lin, Chen & Xiao, Hui & Kou, Gang & Peng, Rui, 2020. "Defending a series system with individual protection, overarching protection, and disinformation," Reliability Engineering and System Safety, Elsevier, vol. 204(C).
    6. Johnson, Caroline A. & Flage, Roger & Guikema, Seth D., 2021. "Feasibility study of PRA for critical infrastructure risk analysis," Reliability Engineering and System Safety, Elsevier, vol. 212(C).
    7. Kasai, Naoya & Matsuhashi, Shigemi & Sekine, Kazuyoshi, 2013. "Accident occurrence model for the risk analysis of industrialfacilities," Reliability Engineering and System Safety, Elsevier, vol. 114(C), pages 71-74.
    8. Monzer, Mohamad-Houssein & Beydoun, Kamal & Ghaith, Alaa & Flaus, Jean-Marie, 2022. "Model-based IDS design for ICSs," Reliability Engineering and System Safety, Elsevier, vol. 225(C).
    9. J. C. Helton & F. J. Davis, 2002. "Illustration of Sampling‐Based Methods for Uncertainty and Sensitivity Analysis," Risk Analysis, John Wiley & Sons, vol. 22(3), pages 591-622, June.
    10. Michael Greenberg & Paul Lioy & Birnur Ozbas & Nancy Mantell & Sastry Isukapalli & Michael Lahr & Tayfur Altiok & Joseph Bober & Clifton Lacy & Karen Lowrie & Henry Mayer & Jennifer Rovito, 2013. "Passenger Rail Security, Planning, and Resilience: Application of Network, Plume, and Economic Simulation Models as Decision Support Tools," Risk Analysis, John Wiley & Sons, vol. 33(11), pages 1969-1986, November.
    11. Liang, Liang & Chen, Jingxian & Siqueira, Kevin, 2020. "Revenge or continued attack and defense in defender–attacker conflicts," European Journal of Operational Research, Elsevier, vol. 287(3), pages 1180-1190.
    12. Konrad, Kai A. & Morath, Florian, 2023. "How to preempt attacks in multi-front conflict with limited resources," European Journal of Operational Research, Elsevier, vol. 305(1), pages 493-500.
    13. Felipe Aguirre & Mohamed Sallak & Walter Schön & Fabien Belmonte, 2013. "Application of evidential networks in quantitative analysis of railway accidents," Journal of Risk and Reliability, , vol. 227(4), pages 368-384, August.
    14. Yacov Y. Haimes, 2012. "Systems‐Based Guiding Principles for Risk Modeling, Planning, Assessment, Management, and Communication," Risk Analysis, John Wiley & Sons, vol. 32(9), pages 1451-1467, September.
    15. Zio, E., 2018. "The future of risk assessment," Reliability Engineering and System Safety, Elsevier, vol. 177(C), pages 176-190.
    16. Julie E. Shortridge & Benjamin F. Zaitchik, 2018. "Characterizing climate change risks by linking robust decision frameworks and uncertain probabilistic projections," Climatic Change, Springer, vol. 151(3), pages 525-539, December.
    17. Yacov Y. Haimes, 2006. "On the Definition of Vulnerabilities in Measuring Risks to Infrastructures," Risk Analysis, John Wiley & Sons, vol. 26(2), pages 293-296, April.
    18. Angelo Panno & Annalisa Theodorou & Giuseppe Alessio Carbone & Evelina De Longis & Chiara Massullo & Gianluca Cepale & Giuseppe Carrus & Claudio Imperatori & Giovanni Sanesi, 2021. "Go Greener, Less Risk: Access to Nature Is Associated with Lower Risk Taking in Different Domains during the COVID-19 Lockdown," Sustainability, MDPI, vol. 13(19), pages 1-17, September.
    19. Adam Behrendt & Vineet M. Payyappalli & Jun Zhuang, 2019. "Modeling the Cost Effectiveness of Fire Protection Resource Allocation in the United States: Models and a 1980–2014 Case Study," Risk Analysis, John Wiley & Sons, vol. 39(6), pages 1358-1381, June.
    20. Peng Ye, 2022. "Remote Sensing Approaches for Meteorological Disaster Monitoring: Recent Achievements and New Challenges," IJERPH, MDPI, vol. 19(6), pages 1-28, March.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:spr:envsyd:v:33:y:2013:i:4:d:10.1007_s10669-013-9481-2. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Sonal Shukla or Springer Nature Abstracting and Indexing (email available below). General contact details of provider: http://www.springer.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.