IDEAS home Printed from https://ideas.repec.org/a/spr/envsyd/v33y2013i4d10.1007_s10669-013-9481-2.html
   My bibliography  Save this article

Cyber risk to transportation, industrial control systems, and traffic signal controllers

Author

Listed:
  • Barry C. Ezell

    (Virginia Modeling, Analysis and Simulation Center)

  • R. Michael Robinson

    (Old Dominion University Center for Innovative Transportation Solutions)

  • Peter Foytik

    (Virginia Modeling, Analysis and Simulation Center)

  • Craig Jordan

    (Virginia Modeling, Analysis and Simulation Center)

  • David Flanagan

    (Virginia Modeling, Analysis and Simulation Center)

Abstract

This paper is a result of a cyber risk assessment with a goal of increasing awareness to operators of infrastructure, managers, and political leadership. Senior executives and political leaders have a very limited understanding of industrial control systems (ICS) and of the crucial role ICS provide to public/private infrastructure, industry, and military systems. Therefore, to accomplish our purpose, we conducted a cyber-risk study focusing on a bridge tunnel ICS and a cyber event that tampered with traffic light operation—two scenarios of concern for senior leaders. In this paper, we present the analytic approach, discuss our model and simulation, and analyze the results using a notational data and generic system description. As a result of this study, we were able to discuss the importance of controls systems with senior leaders. We were able to demystify what we mean by “cyber”, showing that it is possible through simulation to inject the effects of cyber scenarios of concern into simulations to assess impact. Most importantly, during a system audit, ICS operators with decades of engineering experience began to realize that the ICS is vulnerable to willful intrusion.

Suggested Citation

  • Barry C. Ezell & R. Michael Robinson & Peter Foytik & Craig Jordan & David Flanagan, 2013. "Cyber risk to transportation, industrial control systems, and traffic signal controllers," Environment Systems and Decisions, Springer, vol. 33(4), pages 508-516, December.
    • Handle: RePEc:spr:envsyd:v:33:y:2013:i:4:d:10.1007_s10669-013-9481-2
    DOI: 10.1007/s10669-013-9481-2
    as

    Download full text from publisher

    File URL: http://link.springer.com/10.1007/s10669-013-9481-2
    File Function: Abstract
    Download Restriction: Access to the full text of the articles in this series is restricted.
    File URL: https://libkey.io/10.1007/s10669-013-9481-2?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Basnight, Zachry & Butts, Jonathan & Lopez, Juan & Dube, Thomas, 2013. "Firmware modification attacks on programmable logic controllers," International Journal of Critical Infrastructure Protection, Elsevier, vol. 6(2), pages 76-84.
    2. Stanley Kaplan & B. John Garrick, 1981. "On The Quantitative Definition of Risk," Risk Analysis, John Wiley & Sons, vol. 1(1), pages 11-27, March.
    3. Shan, Xiaojun & Zhuang, Jun, 2013. "Hybrid defensive resource allocations in the face of partially strategic attackers in a sequential defender–attacker game," European Journal of Operational Research, Elsevier, vol. 228(1), pages 262-272.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Javier Cano & Alessandro Pollini & Lorenzo Falciani & Uğur Turhan, 2016. "Modeling current and emerging threats in the airport domain through adversarial risk analysis," Journal of Risk Research, Taylor & Francis Journals, vol. 19(7), pages 894-912, August.
    2. Zachary A. Collier & Igor Linkov & James H. Lambert, 2013. "Four domains of cybersecurity: a risk-based systems approach to cyber decisions," Environment Systems and Decisions, Springer, vol. 33(4), pages 469-470, December.
    3. Perez, Yuri & Pereira, Fabio Henrique, 2021. "Simulation of traffic light disruptions in street networks," Physica A: Statistical Mechanics and its Applications, Elsevier, vol. 582(C).

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Abdolmajid Yolmeh & Melike Baykal-Gürsoy, 2019. "Two-Stage Invest–Defend Game: Balancing Strategic and Operational Decisions," Decision Analysis, INFORMS, vol. 16(1), pages 46-66, March.
    2. Gundula Glowka & Andreas Kallmünzer & Anita Zehrer, 2021. "Enterprise risk management in small and medium family enterprises: the role of family involvement and CEO tenure," International Entrepreneurship and Management Journal, Springer, vol. 17(3), pages 1213-1231, September.
    3. Benischke, Mirko H. & Guldiken, Orhun & Doh, Jonathan P. & Martin, Geoffrey & Zhang, Yanze, 2022. "Towards a behavioral theory of MNC response to political risk and uncertainty: The role of CEO wealth at risk," Journal of World Business, Elsevier, vol. 57(1).
    4. S. Cucurachi & E. Borgonovo & R. Heijungs, 2016. "A Protocol for the Global Sensitivity Analysis of Impact Assessment Models in Life Cycle Assessment," Risk Analysis, John Wiley & Sons, vol. 36(2), pages 357-377, February.
    5. K. Karthikeyan & S. Bharath & K. Ranjith Kumar, 2012. "An Empirical Study on Investors’ Perception towards Mutual Fund Products through Banks with Reference to Tiruchirapalli City, Tamil Nadu," Vision, , vol. 16(2), pages 101-108, June.
    6. Nicola Paltrinieri & Nicolas Dechy & Ernesto Salzano & Mike Wardman & Valerio Cozzani, 2012. "Lessons Learned from Toulouse and Buncefield Disasters: From Risk Analysis Failures to the Identification of Atypical Scenarios Through a Better Knowledge Management," Risk Analysis, John Wiley & Sons, vol. 32(8), pages 1404-1419, August.
    7. Louis Anthony (Tony) Cox, Jr., 2012. "Community Resilience and Decision Theory Challenges for Catastrophic Events," Risk Analysis, John Wiley & Sons, vol. 32(11), pages 1919-1934, November.
    8. Chen, Fuzhong & Hsu, Chien-Lung & Lin, Arthur J. & Li, Haifeng, 2020. "Holding risky financial assets and subjective wellbeing: Empirical evidence from China," The North American Journal of Economics and Finance, Elsevier, vol. 54(C).
    9. Bose, Gautam & Konrad, Kai A., 2020. "Devil take the hindmost: Deflecting attacks to other defenders," Reliability Engineering and System Safety, Elsevier, vol. 204(C).
    10. Sakai, Kazuki & Hohzaki, Ryusuke & Fukuda, Emiko & Sakuma, Yutaka, 2018. "Risk evaluation and games in mine warfare considering shipcounter effects," European Journal of Operational Research, Elsevier, vol. 268(1), pages 300-313.
    11. Niël Almero Krüger & Natanya Meyer, 2021. "The Development of a Small and Medium-Sized Business Risk Management Intervention Tool," JRFM, MDPI, vol. 14(7), pages 1-14, July.
    12. Lin, Chen & Xiao, Hui & Kou, Gang & Peng, Rui, 2020. "Defending a series system with individual protection, overarching protection, and disinformation," Reliability Engineering and System Safety, Elsevier, vol. 204(C).
    13. James H. Lambert & Rachel K. Jennings & Nilesh N. Joshi, 2006. "Integration of risk identification with business process models," Systems Engineering, John Wiley & Sons, vol. 9(3), pages 187-198, September.
    14. Johnson, Caroline A. & Flage, Roger & Guikema, Seth D., 2021. "Feasibility study of PRA for critical infrastructure risk analysis," Reliability Engineering and System Safety, Elsevier, vol. 212(C).
    15. Kasai, Naoya & Matsuhashi, Shigemi & Sekine, Kazuyoshi, 2013. "Accident occurrence model for the risk analysis of industrialfacilities," Reliability Engineering and System Safety, Elsevier, vol. 114(C), pages 71-74.
    16. Monzer, Mohamad-Houssein & Beydoun, Kamal & Ghaith, Alaa & Flaus, Jean-Marie, 2022. "Model-based IDS design for ICSs," Reliability Engineering and System Safety, Elsevier, vol. 225(C).
    17. J. C. Helton & F. J. Davis, 2002. "Illustration of Sampling‐Based Methods for Uncertainty and Sensitivity Analysis," Risk Analysis, John Wiley & Sons, vol. 22(3), pages 591-622, June.
    18. Michael Greenberg & Paul Lioy & Birnur Ozbas & Nancy Mantell & Sastry Isukapalli & Michael Lahr & Tayfur Altiok & Joseph Bober & Clifton Lacy & Karen Lowrie & Henry Mayer & Jennifer Rovito, 2013. "Passenger Rail Security, Planning, and Resilience: Application of Network, Plume, and Economic Simulation Models as Decision Support Tools," Risk Analysis, John Wiley & Sons, vol. 33(11), pages 1969-1986, November.
    19. Liang, Liang & Chen, Jingxian & Siqueira, Kevin, 2020. "Revenge or continued attack and defense in defender–attacker conflicts," European Journal of Operational Research, Elsevier, vol. 287(3), pages 1180-1190.
    20. Mohammad E. Nikoofal & Mehmet Gümüs, 2015. "On the value of terrorist’s private information in a government’s defensive resource allocation problem," IISE Transactions, Taylor & Francis Journals, vol. 47(6), pages 533-555, June.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:spr:envsyd:v:33:y:2013:i:4:d:10.1007_s10669-013-9481-2. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Sonal Shukla or Springer Nature Abstracting and Indexing (email available below). General contact details of provider: http://www.springer.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.