Threat analysis of an information system for dangerous goods

Authors:

  • Lars Westerdahl
  • Johan Bengtsson

Publish date: 2019-02-26

Report number: FOI-R--4735--SE

Pages: 45

Written in: Swedish

Keywords:

  • Dangerous goods
  • transportation
  • information security
  • IT-security

Abstract

Transportation of dangerous goods is regulated in Sweden as well as internationally. The regulations ADR, RID and ADN stipulate, among other things, which information is to be included in the transport documentation and where it should be available. The WG Telematics working group within UNECE is reviewing the possibilities of developing a common information system for information on transportation of dangerous goods within Europe. FOI has, on behalf of MSB, carried out an overall analysis of the proposed information system in order to identify threats and possible IT security-related problems with the solution. If the proposed system is adequate or not for intended users such as regulatory authorities and emergency services, is difficult to determine based on the analysed material. However, it is clear that the IT security requirements that have been identified in the working group's proposal do not cover the entire information system. The requirements in the proposal from WG Telematics only concern the central parts of the information system, but the units that supply the system with information are omitted. These units include the equipment that must be in place in transportation vehicles such as lorries, trains and ships in order to make freight declarations available, for example when authorities exercise supervision.