Abstract
All of transport is becoming increasingly automated and computerized. Consider the recent Boeing 737 Max 8 accidents in Indonesia and shortly thereafter. All indications point to a software error in code adopted following a redesign of the aircraft in which larger engines were installed than on previous Boeing 737 models as the likely culprit in both accidents. A computer software error likely overwhelmed both doomed flight crews as they fought the computerized instructions that were being given to the aircraft shortly after takeoff. A total of 346 persons died in the two accidents. Their loss should give stark warning about the safety of computer code emplaced in transportation systems: land, maritime, and air. There is little evidence of liability in commodity software. Since the infancy of modern operating systems, computer bugs, crashes, and hacks have plagued the Information Technology (IT) industry. While countless business plans, academic paper drafts, and personal correspondence have been lost to software bugs and crashes, the idea of filing suit on commodity productivity and operating system software manufacturers for damages has always been and remains a preposterous idea. What should concern us in transport is a new phenomenon—the merging of automation or process control software with network interconnectivity. Whether an aircraft autopilot, a shipboard navigation system, or a self-driving semi-truck, there remains a drive to interconnect these systems with others, often via the same technology and protocols that encompass the Internet. Unfortunately, the Internet remains a rickety ship with regard to security from unauthorized manipulation or subversion. Establishing the ideational footing for a risk and remediation strategy for this problem in the transport sector is the purpose of this paper.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Andreasson KJ (2011) Cybersecurity: public sector threats and responses. CRC Press
Barrett M (2018) Framework for improving critical infrastructure cybersecurity. Rep, National Institute of Standards and Technology, Gaithersburg, MD, USA, Tech
Bishop M (2003) What is computer security? IEEE Secur Priv 1(1):67–69
Boneh D, Sahai A, Waters B (2011) Functional encryption: definitions and challenges. In: Theory of cryptography conference Springer, pp 253–273
Bonneau J, Preibusch S (2010) The password thicket: technical and market failures in human authentication on the web. In: WEIS
Brynjolfsson E, Renshaw AA, Van Alstyne M (1997) The matrix of change. MIT Sloan Manag Rev 38(2):37
Burrows M, Abadi M, Needham RM (1989) A logic of authentication. Proc R Soc London A Math Phys Sci 426(1871):233–271
Carvalho M, DeMott J, Ford R, Wheeler DA (2014) Heartbleed 101. IEEE Secur Priv 12(4):63–67
Chiappetta A, Cuozzo G (2017) Critical infrastructure protection: beyond the hybrid port and airport firmware security cybersecurity applications on transport. In: 2017 5th IEEE International Conference on Models and Technologies for Intelligent Transportation Systems (MT-ITS). IEEE, pp 206–211
Coffed J (2014) The threat of gps jamming: the risk to an information utility. Report of EXELIS, pp 6–10
Conklin WA (2009) Principles of computer security: Comptia security+ and beyond. Netw Secur 3:18
De Haes S, Van Grembergen W (2004) It governance and its mechanisms. Inf Syst Control J 1:27–33
Denning DE (1987) An intrusion-detection model. IEEE Trans Softw Eng 2:222–232
Dolezilek D, Hussey L (2011) Requirements or recommendations? sorting out nerc cip, nist, and doe cybersecurity. In: 2011 64th annual conference for protective relay engineers. IEEE, pp. 328–333
Ellis R, Mohan V (2019) Rewired: Cybersecurity Governance. John Wiley & Sons
Furnell SM, Clarke N, Werlinger R, Hawkey K, Beznosov K (2009) An integrated view of human, organizational, and technological challenges of it security management. Information Management & Computer Security
Gal-Or E, Ghose, A. (2004) The economic consequences of sharing security information. In: Economics of information security. Springer, pp 95–104
Gikas C (2010) A general comparison of fisma, hipaa, iso 27000 and pci-dss standards. Inf Secur J: Glob Perspect 19(3):132–141
Gill R (2002) Change management-or change leadership? J Chang Manag 3(4):307–318
Goldreich O et al (2005) Foundations of cryptography–a primer. Found Trends® Theor Comput Sci 1(1):1–116
Guerrero-Ibanez JA, Zeadally S, Contreras-Castillo J (2015) Integration challenges of intelligent transportation systems with connected vehicle, cloud computing, and internet of things technologies. IEEE Wirel Commun 22(6):122–128
Guldenmund FW (2000) The nature of safety culture: a review of theory and research. Saf Sci 34(1–3):215–257
Howard M (2004) Building more secure software with improved development processes. IEEE Secur Priv 2(6):63–65
Jajodia S, Noel S, Kalapa P, Albanese M, Williams J (2011) Cauldron mission-centric cyber situational awareness with defense in depth. In: 2011-MILCOM 2011 military communications conference. IEEE, pp 1339–1344
Kim K, Günther H-O (2006) Container terminals and cargo systems, vol 140. Springer
Langner R (2011) Stuxnet: Dissecting a cyberwarfare weapon. IEEE Secur Priv 9(3):49–51
Liu S, Kuhn R (2010) Data loss prevention. IT Professional 12(2):10–13
McQuade M (2018) The untold story of notpetya, the most devastating cyberattack in history
Minnaar A (2017) Cybercrime, cyberattacks, and problems of implementing organizational cybersecurity. In: Global Issues in Contemporary Policing. CRC Press, pp 147–164
Olszewski B (2018) Advanced persistent threats as a manifestation of states’ military activity in cyber space. Sci J Mil Univ Land Forces 50
Rivest RL, Shamir A, Adleman L (1978) A method for obtaining digital signatures and public-key cryptosystems. Commun ACM 21(2):120–126
Ross R, Katzke S, Johnson A, Swanson M, Stoneburner G, Rogers G (2003) Nist sp 800-53 recommended security controls for federal information systems
Sandhu RS, Coyne EJ, Feinstein HL, Youman CE (1996) Role-based access control models. Computer 29(2):38–47
Schneier B (2007) Schneier’s cryptography classics library: applied cryptography, secrets and lies, and practical cryptography. Wiley Publishing
Schneier B (2011) Secrets and lies: digital security in a networked world. John Wiley & Sons
Venkateswaran R (2001) Virtual private networks. IEEE Potentials 20(1):11–15
Wang H, Lau N, Gerdes R (2017) Application of work domain analysis for cybersecurity. In: International conference on human aspects of information security, privacy, and trust. Springer, pp 384–395
Wang S-YK, McDaniel JJ (2019) Piracy and intellectual property theft in the internet era. In: Advanced methodologies and technologies in system security, information privacy, and forensics. IGI Global, pp 59–70
Wood BJ, Duggan RA (2000) Red teaming of advanced information assurance concepts. In: Proceedings DARPA information survivability conference and exposition. DISCEX’00, vol 2. IEEE, pp 112–118
Zerlang J (2017) Gdpr: a milestone in convergence for cyber-security and compliance. Netw Secur 2017(6):8–11
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Bronk, C. (2020). Operation of Transport and Logistics in a Time of (Cyber)Insecurity. In: Diez, P., Neittaanmäki, P., Periaux, J., Tuovinen, T., Pons-Prats, J. (eds) Computation and Big Data for Transport. Computational Methods in Applied Sciences, vol 54. Springer, Cham. https://doi.org/10.1007/978-3-030-37752-6_3
Download citation
DOI: https://doi.org/10.1007/978-3-030-37752-6_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-37751-9
Online ISBN: 978-3-030-37752-6
eBook Packages: EngineeringEngineering (R0)