Problem:Operational Technology (OT) runs key equipment and systems essential for critical processes at Austin Transportation Department's current operations as well as in any future environment in which Connected (CV) or Autonomous(AV) Vehicles would operate. While Austin Transportation Department is likely maintaining robust defense-in-depth cyber protections for IT, these protections typically diminish where IT meets OT. Despite best efforts, no OT system is truly “air gapped” and attackers can gain access to the OT and control systems. Austin Transportation Department's system are at risk without OT protection. A successful cyber attack would have a direct and material impact to Austin Transportation Department and the public it serves. Furthermore, campaigns like Dragon Fly 2.0 (North Korea) actively targeting the US energy sector and successful OT cyber campaigns like the 2015 and 2016 Ukraine power grid attacks (Russia), Shamoon (Iran), Stuxnet, Havex, BlackEnergy and more show cyber threats to OT and control systems are real and increasing. A transportation agency in Canada recently traced a cyber-attack back to North Korea. Austin Transportation Department’s traffic system would benefit from robust, cost effective OT cybersecurity. Furthermore, Austin Transportation Department would distinguish itself in its preparedness for CV and AV deployments by showcasing IT AND OT cybersecurity best practices.
Solution:Mission Secure, Inc. (MSi) proposes deploying the patented MSi Platform to protect the OT network and key equipment and systems for Austin Transportation Department. An additional benefit would be an assessment process which would provide Austin Transportation Department with much greater insight to their overall cybersecurity position.
- Assess the Austin Transportation Department OT and key systems (ITS, Field Cabinets, ATC’s etc.) and asses the critical cyber risks
- Determine the “As Is” architecture of the OT cybersecurity in place, identify major cyber control gaps and immediate recommendations to prevent a skilled cyber adversary from impacting operations at the assets.
- Develop a cyber architecture design for the key systems/assets using the MSi Platform
- Configure, test and deploy the MSi Platform in incremental phases
- Provide maintenance, support, and upgrades