Dr.-Ing. Selcuk Nisancioglu
Federal Highway Research Institute (BASt)
Selcuk Nisancioglu is a Civil Engineer and works for the German Federal Highway Research Institute (BASt), which is the practice-oriented, technical-scientific research institute of the German Government in the field of road engineering. It is dedicated to a wide range of tasks, which result from the relationships between roads, humans and the environment. Its mission is the improvement of safety, environmental compatibility, efficiency and performance relating to roads.
Selcuk Nisancioglu was responsible for various research projects concerning health & safety and environmental issues on construction sites as well as civil security for transport infrastructures. At the moment he is working on enhancing the cyber-security of tunnel, traffic and local public transport control centres.
Presentation: Assessing the cyber security of tunnel control centres
Transport infrastructure is the backbone of economies, providing connections for people and goods, access to jobs and services, and enabling trade and economic growth. The interlinkage between different modes of mobility, dense infrastructure networks and the urbanization of the population demand a reliable, safe and secure transport infrastructure. Any impairment, disturbance or failure of that interlinkage would have a substantial impact on the economy and major segments of the population. In this context, tunnel control centres are responsible for monitoring and control of traffic, thereby ensuring safety and secure operation. The IT systems used for monitoring and control must be adequately protected against the increasing risk of cyber attacks. Past cyber incidents and the resulting disruptions to important transport links highlight the necessity to adjust the required security level of transport infrastructure to the actual risk from cyber attacks.
The paper presents the status quo of the cyber security of road tunnel control centres and a methodology how to assess the existing cyber security level. This methodology includes aspects on a threefold level: firstly technical aspects (e.g. technical equipment used in tunnels and control centres), secondly organizational aspects (e.g. access control to operation buildings or handling of remote maintenance of hardware and software) and thirdly personnel aspects (e.g. awareness with regard to so called social engineering and knowledge about first signs of cyber-attacks). In order to achieve an improvement easily, a software application accompanied by a guideline for assessing and improving the existing cyber security level was developed.