Safety and Security in Remote Bridge Operations
- PI: Randy Sandone, University of Illinois
- Co-PI: Scott Bought, Maritime Security Center
- Co-PI: Matthew Mawrer, Maritime Security Center
The Homeland Security Challenge
Drawbridges are currently mainly operated by onsite staff, but there is a growing demand for these operations to be controlled remotely through the use of information and communications technologies (ICT) to lower costs and improve efficiency. Though largely owned and operated by the private sector, the United States Coast Guard provides oversight and recommendations regarding the safe and secure operation of remote bridges. Introduction of ICT brings new challenges to the safe operation of these bridges stemming from potential cyber vulnerabilities and resultant attack vectors. A rigorous examination of remote bridge ICT architectures must be conducted and voluntary cybersecurity standards, guidelines, and best practices must be developed and promoted to strengthen the security and resilience of those systems. It is essential to significantly reduce the risk of cyberattack on remote bridge operating systems. This research project will conduct that analysis and deliver data-driven standards, guidance, and best practices to the remote bridge community to achieve that goal.
The COE Solution
With extensive input from the American Bureau of Shipping, and with the support of Simple Cyber, LLC the proposed project – funded by the Maritime Security Center, a DHS Center of Excellence at Stevens Institute of Technology - will conduct a thorough analysis of the cyber risks and vulnerabilities of remote bridge ICT architectures. This analysis will consider analogous operations in distributed cyber-physical systems, and identify practices and protocols from other sectors such as pipeline supervisory control and data acquisition (SCADA) systems. Based on this analysis, the project will develop and publish best practices and will propose voluntary cybersecurity standards for remote bridge operations. The project will develop and publish both a Risk Management Plan template based on the NIST Risk Management Framework (NIST SP 800-37) and a proposed Cyber Security Framework Profile that can be used by remote bridge owners and operators to achieve and maintain enhanced cyber security of their operations. This Profile will also be added to the CIRI/DHS-developed Cyber Secure Dashboard software to help owners and operators implement and maintain the proposed standards and best practices as they transition to remote bridge operations.