8:00 AM – 9:00 AMRailroad Cyber Risk Management Panel
Risk management (primarily cyber) is changing for railroads. With the increase of the Internet and Things (IoT) and Positive Train Control (PTC), are railroads able to properly secure and manage these changes in technology? This panel discussion will take a look at how railroads and vendors are working to manage and decrease these risks.
Presented by: J. Alex Lang, Chief Information Officer Carload Express, Biff Myre, Director, Solutions OnX Managed Services, Inc., Ron Schlecht, Managing Partner BTB Security, Nick Chodorow, CIO The Belt Railway Company of Chicago
1. Learn how shortline railroaders are coping with and addressing cybersecurity risks
2. Review how PTC vendors are handling cybersecurity
3. Understand what can be done to manage security of the Internet of Things (IoT)
4. Review how a non-Class 1 railroad ensures they aren't the breach point
View session: Railroad Cyber Risk Management Panel
9:00 AM – 9:30 AM(Cancelled) Partnering with Local Emergency Responders
Presented by: Chip Greiner, Chief of Police Morristown & Erie Railway
View session: (Cancelled) Partnering with Local Emergency Responders
9:00 AM – 9:30 AMApplying DOD Risk Management & Assessment Experience to the Transportation Sector
Presented by: Jeff Watts, Director of Cybersecurity RPI Group, Inc.
9:30 AM – 10:00 AMWednesday Morning Networking Break
10:00 AM – 10:30 AMTrack Intrusion Detection Systems using Multi-Sensor Analytics
Platform and track safety and security are prime concerns for many transit agencies worldwide. Accurately detecting and providing real-time situational analysis for people and objects who enter or fall into the track bed is crucial to transit safety and security. The talk will examine how the use of multi-sensor technologies, including real-time LIDAR and video analytics, create a robust solution that enables rapid analysis, feedback and response to track intrusion.
Presented by: Scott Carns, Vice President of Operations Duos Technologies, Inc.
1. Review using multi-sensor deployments for robust and accurate detections
2. Verify how to increase situational awareness and rapid response with centralized monitoring and routing
3. Learn about synergistic value added capabilities
10:30 AM – 11:30 AMTSA Office of Security Operations (OSO) Surface Outreach Programs
I-STEP brings public and private sector partners together to conduct exercises, train, share information, and address transportation security issues to protect travelers, commerce, and infrastructure. I-STEP is the only federal exercise program to focus on the security nexus of the transportation environment. As a result, it not only reduces risk to individual systems, but the entire transportation network.
Presented by: Hans D. Hayes, Transportation Security Inspector, OSO Compliance Transportation Security Administration, Edward Malinowicz, Transportation Security Inspector, OSO Compliance Transportation Security Administration, Edison Velez, Transportation Security Inspector, OSO Compliance Transportation Security Administration
1. Understand TSA's Baseline Assessment for Security Enhancement (BASE)
2. Review TSA's Risk Mitigation Activities for Surface Transportation (RMAST)
3. Explain TSA's Exercise Information System (Exis) Program
11:30 AM – 1:00 PMWednesday Lunch and Exhibits
1:00 PM – 1:30 PMAssessing Security Risk in Rail Transit
Identifying, assessing and addressing security risk in a rail transit environment requires a process that takes into consideration the likelihood of a threat - or vulnerability of the target to the threat - and the consequence of the incident. It differs from assessing safety risk in that the methodology must consider the element of intent to do harm. Agencies do not have unlimited resources, therefore using a process that helps inform where the greatest potential risk lies can assist in prioritizing the use of those limited resources. It is also critical to understand what elements are actually under the control of the rail agency. Rarely can they impact the threat itself, but they have substantial opportunity to impact the vulnerability of the agency to the threat, and therefore impact the outcome.
Presented by: Pamela McCombe, Technical Manager, Transit and Rail Systems WSP/Parsons Brinckerhoff
1. Define a process and methodology to assess security risk
2. State the prioritization of the application of resources to impact security risk
3. Learn about the elements that comprise risk that are within the agency's control
View session: Assessing Security Risk in Rail Transit
1:30 PM – 2:00 PMDeployable Small Form Factor Network Monitoring and Analysis Solution for Wayside PTC Network
This case study provides a deep-dive into CSX’s new rugged, small form factor deployable network monitoring and analysis solution used to analyze CSX’s wayside PTC network. The system utilizes enterprise technology from Net Scout that integrates with CSX’s enterprise level network monitoring and is packaged into a small transportable kit enabling rapid, in-field spot monitoring at a moment’s notice. The speakers will share requirements and environmental constraints, the solution architecture and detailed design and lessons learned. Attendees will learn how to build similar systems for themselves.
1. Review a case study for networking troubleshooting, diagnostics at the wayside locations ensuring integrity and availability of PTC networks
2. VoIP and RoIP performance monitoring at the edge of the network
3. Environmental constraints in deploying technology at wayside locations
4. Methods to deploy enterprise commercial off the shelf (COTS) solutions for ruggedized operational IT solutions at the edge of the network
2:00 PM – 2:30 PMRail Security 15 years after 911. Are We Safer?
The rail industry has made significant strides in rail security, particularly with respect to the transportation of hazardous materials while in transit. This session will review the current state of rail security with an emphasis on legislative and voluntary actions to reduce vulnerabilities – particularly with respect to HazMat shipments. Despite the improvements, the world has changed in the past 15 years. The session will review specific vulnerabilities as they relate to recent terrorist tactics, and will put forth recommendations to further strengthen the U.S. rail network.
Presented by: Richard Flynn, Principal NorthEast Logistics Systems
1. Gain an understanding of current federal regulatory and rule-making requirements and the agencies designated to ensure compliance
2. Discuss how these legislative actions are administered on a day-to-day basis and gain an understanding of the risk-based approach formulated by federal agencies
3. Understand remaining vulnerabilities and suggested strategies to ensure continuous improvement – taking into account both rail network changes and evolving terrorist tactics
View session: Rail Security 15 years after 911. Are We Safer?
2:30 PM – 3:00 PMHomeland Security Implications of Proposed Dallas-Houston HSR
A private corporation is proposing a high-speed intercity passenger train system to operate between Dallas and Houston using Japanese technology and methods. This project brings with it an array of unique and unprecedented homeland security issues with implications for law enforcement, cybersecurity, intelligence, privacy, screening, psychological and mental health effects, and community involvement. A modern high-speed rail system is a network of potential vulnerabilities, and terrorist groups have identified public transportation as desirable targets. Should there be separate homeland security standards for true high-speed rail?
Presented by: Steven Polunsky, Research Scientist Texas A&M Transportation Institute
1. Specify the project description that is unique and unprecedented in the U.S.
2. Learn about the potential vulnerabilities and likely threats of this project
3. Review the possible avenues for addressing vulnerabilities and threats
3:00 PM – 3:30 PMWednesday Afternoon Networking Break and Exhibits
3:30 PM – 4:30 PMCorporate Risk – A New Perspective
Risk Management is perceived as the model risk structure for risk oversight and strategic risk assessment. In an ever-evolving environment that transcends insurance and claims, should a new risk model be considered that encompasses all facets of risk from environmental to terrorism?
Presented by: Laird Pitz, Vice President & Chief Risk Officer CP
1. Examine the evolution of risk management, its construct and reporting function in corporate structures
2. Does this work in the current risk environment
3. Explore an alternative risk structure and perspectives for managing risk going forward
View session: Corporate Risk – A New Perspective
4:30 PM – 5:00 PMNo Files, No Downloads, No Headaches: File and Asset Data Security of the Future
In an increasingly connected world, we demand information instantly. We get instant updates on news, traffic, and more. The locomotives that transport our families and materials should be monitored with that very same care. This lecture presents how streaming event recorder information protects railroads and crews by putting critical event recorder and video data in their hands instantly when they need it most. Learn how the concept of file-less data secures file security and reduces risk of unwanted distribution of data. All this real-time information and secure data delivers the health status of your PTC system to ensure that it is working properly to keep people safe.
Presented by: Larry Jordan, President Wi-Tronix
1. Understand how eliminating event recorder and video files/downloads significantly reduces file security issues and greatly improves technology security
2. Learn how to leverage your Positive Train Control (PTC) investment by remotely verifying and monitoring its health status
3. Understand how to reduce risk and keep crews safe with remote monitoring
5:00 PM – 5:30 AMCritical Incident on a Train
This presentation focuses on an in-depth training program designed for train crews, giving specific actions to take when a critical incident begins, through to when the train actually stops. The program instructs engineers on procedures regarding location of stop and radioing for assistance once an emergency is declared, and it provides crews with the emergency decision making skills to perform in a dangerous environment under pressure and stress.
Presented by: Paul Riggio, Commander Metra Police Department
1. Present an all hazard approach to a life threatening environment on a commuter rail coach car
2. Provide specific instructions on what a train crew can do during the 60 to 90 seconds it takes the train to stop to minimize loss of life
3. Learn how to empower train crews to take charge and employ emergency decision making skills during a life threatening incident on a train
4. Review a program written and designed for on board train crews already proficient in medical emergencies, evacuation, etc.
View session: Critical Incident on a Train
8:30 AM – 9:00 AMHow to Remotely Monitor Your Trackside Cabinets and Telecom Sites
You're responsible for mission-critical trackside and telecom facilities. Learn how to remotely monitor and control your equipment. Avoid wasteful (and sometimes even dangerous) site visits. Protect your revenue by maximizing uptime. Boost profitability by minimizing waste. By interviewing his clients, Andrew has assembled a collection of best practices that are used by industry-leading railroads worldwide. You may not need every one of his tips (maybe you don't have to deal with temperatures below -40 degrees), but you can directly benefit from these proven remote management techniques.
Presented by: Andrew Erickson, Director of Marketing DPS Telecom
1. Understand basic remote-monitoring architecture & methods
2. Discuss best practices for monitoring trackside enclosures
3. Identify best practices for monitoring telecom huts
4. Discover advanced techniques like generator-tank balancing for superior propane vaporization
9:00 AM – 9:30 AMLeveraging Internal Control and Audit to Address Cyber Threats and Risks
Modern rail systems face increasing cyber threats, which can negatively impact the safety and reliability of the infrastructure. This presentation will discuss how to integrate internal control and audit into the security framework to address the risks posed by these threats. Be prepared to meet the challenges of cyber-attacks.
Presented by: Immanuel Triea, Senior Director of Information Security Gannett Fleming, Inc.
1. Understand how internal control is constructed
2. Understand how risk assessment plays a part in internal control
3. Identify where audit fits into the security framework
4. Identify the different security audit mechanisms and evaluate how they contribute to the security framework
9:30 AM – 10:00 AMThursday Morning Networking Break and Exhibits
10:00 AM – 10:30 AMHow to Hack a Train, Safely: Rail Cyber Risk, Testing Methodologies and Techniques
In this talk, Jim McKenney will discuss how to gain support for cyber security testing, how to apply common frameworks to rail environment and discuss methodologies that could be used to asses cyber risk to operational environments such as rail.
Presented by: Jim McKenney, Solutions Architect - Operational Technology CSX
1. Discuss how to gain support for cyber security testing
2. Discuss how to apply common frameworks such as NIST’s Cyber Security Framework to field technologies
3. Discuss different methodologies that could be used to assess cyber risk to rail
4. Understand how to build, gain support for similar cyber risk programs
10:30 AM – 11:00 AMSecuring people, assets and technology at Amsterdam Central Station
By using remotely controlled shunts, monitoring systems, predictive algorithms and a secured cloud system, not only has the safety of track workers increased significantly, but assets are better controlled. This has resulted in fewer failures, higher availability of track and less unforseen maintenance. Other effects: lower costs and greenhouse gas reduction.
1. Review how to work safer
2. Learn how to use new technology to minimize (unnecessary) worker’s time in track, thus minimizing potential accidents/collisions
3. Understand how to optimally secure assets
4. Examine how to minimize the animosity between operations and maintenance and improve track worker and passenger safety
11:00 AM – 11:30 AMThe Standard Dilemma
We often look to standards compliance as a mark of significant achievement. We demand attestation from our vendors and business partners. From a purely compliance and risk management standpoint, there is some merit to utilizing a standards-based approach. Certifications look good on paper and limit investigations from 3rd parties, but does this approach make us more or less secure?
Presented by: Nick Percoco, Chief Information Security Officer Uptake
1. Learn the back story behind the development of security standards designed to improve large populations of industry assets
2. Understand the differences between security and compliance and the implications of confusing the two
3. Learn methods to move beyond the typical security program approaches that yield little to no results towards their objectives
4. Identify ways to instill a greater purpose into those designing and building critical assets making the entire security program more effective
View session: The Standard Dilemma
11:30 AM – 1:00 PMThursday Lunch and Exhibits
1:00 PM – 1:30 PMA Conceptual Risk Assessment Model for Maritime to Rail Intermodal Service
For more than 30 years, containerized ocean freight has been a significant growth segment for U.S. railroads and their intermodal operations, but it has also become a growing security concern for supply chain members as well as other stakeholders ; both public and private. This research first endeavors to identify those risk factors associated with ocean containers arriving at U. S. ports, then assigns weighting factors to establish a risk assessment tool, and subsequently link it to the rail corridor risk management system (RCRMS) developed by the Federal Railroad Administration.
Presented by: Gary Gordon, P.E., Adjunct Faculty Security Studies University of Massachusetts Lowell, Richard Young, Ph.D., FCILT, Professor of Supply Chain Management The Pennsylvania State University
1. Develop the awareness of the need for and application of an intermodal risk assessment tool
2. Engage industry stakeholders in identifying and filling gaps in intermodal risk assessment criteria
3. Raise the awareness of stakeholders of the need to move beyond modal-specific solutions
4. Encourage further research into the potential risks unique to intermodal traffic
1:30 PM – 2:00 PM(Cancelled) Global Threat Briefing
Enterprises expanding into international markets encounter fundamental differences in education, religion, societal interaction, security threats and political instability — all of which impact business and security decisions on a global scale. With expansion comes greater responsibility and risk, prompting CEOs to establish a strong and secure infrastructure internationally. Drawing from his global exposure and decorated military leadership experience, Dale Buckner discusses how international organizations must incorporate their security organization in every aspect of the enterprise — cyber security, physical security and personnel security. Buckner explores risks, security and trends correlated to enterprise operation with an international scope, specifically in emerging, sometimes hostile, markets and economies.
Presented by: Dale Buckner, President/CEO Global Guardian
1. Review the new global threats to personnel
2. Review the new global threats to infrastructure
3. Review the new global threats to communications (Cyber)
4. Learn about the paradigm changes to threats on a global basis
View session: (Cancelled) Global Threat Briefing
2:00 PM – 2:30 PMA Cybersecurity Testbed for Rail Transportation Systems
The National Institute of Standards and Technologies (NIST) is developing a cybersecurity testbed for rail transportation systems. The goal of this testbed is to measure the performance of the rail transportation systems when instrumented with cybersecurity controls. The results will lead to the publication of best practices for the deployment of cybersecurity measures on the rail transportation systems.
Presented by: CheeYee Tang, Electronics Engineer NIST
1. Explain NIST's cyber security testbed for rail systems
2. Discuss how to use the cyber security framework profile for the rail industry
3. Give an introduction to NIST Publication SP800-82, Guide to Industrial Control Systems (ICS) Security
View session: A Cybersecurity Testbed for Rail Transportation Systems
2:30 PM – 3:00 PMIoT Enabled Rail People/Product/Property Secure Chain of Custody
In the near future, we anticipate thousands of computers operating for each and every human being. Ensuring that these machines (i.e. computers) are operating to serve the needs of humanity begins with enabling them to establish and maintain secure and trusted relationships with one another. It is essential that the automated identification of assets (people-product-property) is enabling these assets to establish mutual trust and maintain relationships. This session will help provide background that supports the importance of IoT in the rail and intermodal transportation corridor.
Presented by: Stewart Skomra, President & CTO TeMeDa LLC
1. Review Internet of Things awareness: how IoT-enabled rail can and is driving operational and business model innovations for rail and intermodal transportation
2. Understand what is a secure chain-of-custody and why it is central to our ever-evolving and technologically advancing rail and intermodal transportation ecosystem
3. Gain understanding of automatic identification technologies and their role in establishing and maintaining a secure chain-of-custody
4. Learn the historical-current-future state of wireless telecommunications industry technologies and their roles in rail and supporting secure chain-of-custody
5. Find out what the future will bring as pervasive machine intelligence serves our human experience
3:00 PM – 3:30 PMOnboard Locomotive Security Methods
With the advancement of security in the IT space, customers want to extend their data center out to their remote assets, including locomotives. This session explores the various security methods and fundamentals that can be deployed and monitored on locomotives. By extending embedded security principles to locomotive platforms such as AAR S-9101 standard hardware, the software can become part of an overall cyber-security strategy for the railroad.
Presented by: Mark Kraeling, Product Architect GE Transportation
1. Learn about network security methods applicable to mobile assets
2. Gain an understanding of how security could be deployed for an IT-centric mobile data center on locomotives
3. Discuss the various embedded security fundamentals and learn about their applicability to networks
4. Show demonstrations of network and unwanted intrusions and how security rules and methods can detect and intercept them
View session: Onboard Locomotive Security Methods