Cyber security of tunnel control centres
The interlinkage between different modes of mobility, dense infrastructure networks and the urbanization of the population demand a reliable, safe and secure transport infrastructure. Any impairment, disturbance or failure of that interlinkage would have a substantial impact on the economy and major segments of the population. In this context, tunnel control centres are responsible for monitoring and control of traffic, thereby ensuring safety and secure operation. The IT systems used for monitoring and control must be adequately protected against the increasing risk of cyber-attacks. Past cyber incidents and the resulting disruptions to important transport links highlight the necessity to adjust the required security level of transport infrastructure to the actual risk from cyber-attacks. The paper presents the current status of the cyber security of road tunnel control centres in Germany and a methodology how to assess the existing cyber security level. This methodology includes aspects on a threefold level: firstly technical aspects (e.g. technical equipment used in tunnels and control centres), secondly organizational aspects (e.g. access control to operation buildings or handling of remote maintenance of hardware and software) and thirdly personnel aspects (e.g. awareness with regard to so-called social engineering and knowledge about first signs of cyber-attacks). In order to achieve an improvement easily, a software application accompanied by a guideline for assessing and improving the existing cyber security level was developed. Related results were achieved in the framework of the research project “Cyber-Safe” which is funded by the German Federal Ministry of Education and Research (BMBF). The contributions by all members of the consortium are gratefully acknowledged. Critical infrastructure; Cyber; Security; Tunnel control centre; Attacks; Threats.