Leaders urge tighter transportation security

The more travel requires hopping from one type of transportation system

to another, the more important it is to take security measures that include

protecting the information systems that control railways, airways and other

modes of transportation, security experts say.

Most transportation security programs focus on preventing contraband

smuggling, illegal immigration, hijacking and sabotage, but a looming problem

is the hijacking of the information network, or cyberterrorism, said Hal

Whiteman, director general of security and emergency planning at Transport

Canada.

Further complicating matters, transportation systems are becoming more

globally connected — more intermodal, which means they connect several types

of transportation to move people and goods from point to point. These systems

increasingly use information technology for communications, navigation and

surveillance, and a vulnerability in one piece could be a threat to all

transportation, he said.

"For security to be effective and cost-effective, it must address all

the modes of transportation," said Whiteman, who spoke on a panel of transportation

and information security experts Oct. 11 at the International Transportation

Symposium in Washington.

As countries look to connect their transportation systems across borders,

technology will be crucial for safety and economic success, said Bill Harris,

a senior consultant for the Critical Infrastructure Assurance Office who

served as a commissioner on the President's Commission on Critical Infrastructure

Protection. It would be a mistake for the United States to secure only its

own IT infrastructure when it connects with international systems in all

types of businesses, he said.

"As we look to critical infrastructure protection, we note that the

infrastructures are not independent infrastructures, they're interdependent

infrastructures," Harris said. "If we solve the cyberproblem in the United

States, that is no solution because we're linked."

If secure systems are connected to insecure systems, that renders the

whole transportation system weaker, he said. Air traffic control (ATC) systems

tend to be isolated from other information systems, which keeps them more

secure, but the Federal Aviation Administration plans to connect the air

traffic control telecommunications systems with other administrative systems

at the agency. ATC systems internationally also interface at some points.

"International cooperation is absolutely essential to take full advantage

of capabilities to solve problems," he said.

One way to help solve the information security problem in transportation

is to look at how past technological problems were solved, Harris said.

For instance, when heavier trains were introduced to carry more goods and

reduce costs, it was discovered that the tracks and land they were built

on collapsed under the burden in some areas of the country. By drawing on

the experiences of other countries, the United States was able to design

better rail systems, he said.

"The key is a database," Harris said. "You're guessing if you act to

a single event." Creating databases will provide a way for a community of

users of cybersystems that manage transportation systems to learn from each

other's experience.

The Transportation Department formed a partnership early this month

with the Association of American Railroads to create an Information Sharing

and Analysis Center for the railroad industry to share information about

IT security and railroads. Railroads are increasingly relying on satellite

technology for communications and navigation to improve safety and efficiency.

The DOT also is assessing the vulnerability of information systems like

the Global Positioning System, which is used by many modes of transportation

as a tool for navigation and surveillance and will be relied on as a primary

means of aircraft navigation in the future.

Laws that protect against high-tech crime must also have commonalities

across borders and be updated to address new threats, said Lou Tyska, chairman

of the National Cargo Security Council. About 33 percent of terrorist acts

are perpetrated against transportation, he said. The Commerce Department

also should be included in deciding security policies for transportation,

he said, particularly as transportation becomes a vital part of electronic

commerce.