Executive summary:

This report is mainly discussing about the network management tools related risks and their management based on the IT companies. This report discuss about the risk management of the tools like Datadog, PRTG network monitor, NinjaRMM, solar winds network performance monitor & obkio. This report will also provide the effective management planning over the risk.

 

Introduction

New mass transport ticketing systems are far more than mere places to get a card. They provide the key user interface which will assist with strategic preparation for the citizen's transportation network utilizing smart card technologies by gathering valuable usage details.  With seamless ticket handling & exposure to essential travel behavior information, passengers will be able to use a fully organized & controlled platform & assist the transport engineer.  Smart card policies have been the new standard foreign travel ticketing because of their convenience & performance.  With seamless ticket handling & exposure to essential travel behavior information, passengers will be allowed to utilize a proper organized & controlled platform & help transport engineers. Smart card policies are the standard of international travel because of their convenience & efficiency. This study would address all issues about risk recognizing coupled with impact evaluation. Also, this study discussed how to build a solution plan for all of the threats that have been created. Rather than that, this article discusses the impact on the partners related to all of the threats addressed

Modern ticketing mechanisms for public transit are way more than just devices for obtaining fare. These have the main customer experience and, gathering useful usage data can help with systematic planning for the people transit network using the technology of smart cards. Passengers would be able to use a properly structured and operated framework and support transport engineer by smooth ticket processing and having access to critical travel behavior details. To their simplicity and performance, smart card schemes become the latest norm in international travel ticketing. Using automatic systems, tickets can be bought and topped, allowing quick movement among various stations and simple switching between various travel modes. Nonetheless, recent experience has already demonstrated that it is both challenging and costly to build effective and secure public transit ticketing systems. In this report, all the aspects related to risk identification will be discussed along with impact assessment. Also, how to create a response strategy for all the risks that have been founded are mentioned in this report. Other than that, the impacts on the stakeholders due to all the risks that have been discussed are explained in this report.

 

Risk management planning

Within a smart card, there are a total of 2 sorts of non-volatile memory. The ROM (read-only memory) includes permanent information that is accessed during the processing, for example operating system of smart card software. The EEPROM (electrically erasable programmable read-only memory) is a very common sort of memory to insert or erase data at any stage in the life cycle of the card. Consequently, security-sensitive data contained internally in a card can easily be attacked by the attacker. The purpose of the attack is that information like these can be obtained and used to jeopardize the protection of the card or any important individual in the smart card system. The attack on a smart card often targets the operation of the existing smart card microprocessor, cryptographic primitives (for example, cryptographic keys generation or application implementation). This attack will force the microprocessor of the smart card to carry out certain operations that jeopardize its security.

1. Logical attacks: the conceptual forms of attack aim to exploit and locate any bugs or flaws in the operating system architecture of the smart card or the application of the smart card. These may be the sort of adding incorrect instructions, templates, field distances, or attempts to fill upstreams to the board with NinjaRmm, & Datadog. These may be the sort of adding incorrect instructions, templates, field distances, or attempts to fill upstreams to the board. Such attacks have the plus point that these are inexpensive, fairly easy to execute, and automatically cannot damage the coin. However, if trustworthy developers of software and vendors of the smart card are utilized then robust architecture (sometimes peer reviews) and implementation process can remove the technical vulnerabilities.
2. Physical attacks: an individual that obtains a physical connection to a smart card will launch certain forms of attacks. The intruder will then either be a cardholder, one of the team members, or just a 3^rd entity who somehow happens to hold off any valid cards. There are several various methods to conduct attacks in physical form on a microprocessor with smart cards, others include equipment of low cost while some expensive and need advanced equipment. Common attacks in the above categories include incidents by re-energizing burnt fuses utilizing ion beaming or using the microscopes of laser cutter type to change the chip structure, to interpret the portions of EEPROM card memory (using strong electron microscopes). For certain situations, it may be necessary to break a numerous amount of chips before an assault is deemed successful. To have appropriate countermeasures, the manufacturers of the smart card are continuously refining their chip’s architecture for making them harder for such attacks to occur. Although physical threats have concentrated on smart cards that are used in certain sectors there is none excuse that they cannot be used for transport. The big issue is how a crime organization will make a commercial justification to explain the risk and commitment that such an attempt would take.
3. Side-channel attacks: The attacks on the side channel are of no interest to the smart card company, as they involve moderate equipment rates and they do not automatically harm the device. Most hacks have tracked the operating smart card’s delivery current to determine how specific processes are functioning and collect hidden knowledge like keys contained on the device. Similar findings were gained by strategically positioning a little antenna through specific locations of the smart card chip in laboratory conditions. Attacks may be added to systems that usually run, or by leveraging external feedback to build faults.

Distribution and handling of smart cards will also be treated as a delicate process. In specific, smart cards would have to be shipped from the supplier to, for example, the retailer to the different distribution locations at different selling points, pre-personalized at different places, in the transportation sector. Therefore, the shipment and delivery of cards should often take place through authorized couriers. If for card activation, the keys are used (for example, to safeguard the cards via their travel through different sites) stay hidden then cards stay fairly safe. Destruction and repair of smart cards is a critical process too. This must be assured that the chosen cards are correctly disposed of so that any remaining interest inside electronic purses is recovered correctly with Obkio & PRTG network monitoring. This must be assured that the chosen cards are correctly disposed of so that any remaining interest inside electronic purses is recovered correctly. The monetary compensation process would be sufficient to discourage workers from manipulating the residual interest retained in missing or cards which are not working, or also criminals who select old cards and build disposal copies. Considering the growing complexity of cyber threats, cyber evaluation, and smart card are deemed necessary. It is agreed that the use of such smart card safety assessments and case studies to enhance the confidence of the smart card system of ticketing should be contemplated for the industry of transport to safeguard its properties. Misuse of the concessionary system or season passes is a common form of theft to which the smart card security has no clear cover. A cardholder may always lend the smart card to someone else (for example, handling the entitlements on discount). Such a form of fraud would however proceed despite the implementation of smart card technologies without sufficient visual examination of ticket media. Nonetheless, transaction logging correlated with the systems at the back end can identify inappropriate or irregular user habits, and therefore the card program can indirectly counter such fraud. Staff theft is a form of theft in which smart card systems can provide certain clear security as the extra features provided by the smart card program can safeguard such personnel procedures (ticket insurance, access control). Many potential possibilities for theft, though may emerge about the processing of stolen and missing cards. Employee theft may usually be very inventive and impossible to predict, so appropriate management protocols will be to limit incentives.

The stakeholder has to be selected very carefully before discussing the risk, as the particular risk has to be told to that stakeholder who is responsible or one who undertakes those issues. By telling the stakeholder whose role is not there is a waste of time. Depending upon the impact and probability, the risk is been priorities, in the same way, the stakeholders are also priorities – depending upon the interest and authority. Authority means that, is the stakeholder is capable to affect the project and interest means how much do the stakeholder care. The response to these concerns would rely on what one does to exploit their allies and mitigate the influence of the opponents. The greater information we have for our clients, the more we will communicate for them. This is certain: if they are neglected their interest will be inflamed, they must prepare contact. Proactive risk control ensures that concerns are identified before they come to one's notice. Risk reduction isn't difficult, but must be monitored. The same applies to the teams. It's not that complicated top grasp who they are and what they desire. 

Planning of risk management

In a smart card, there are two parts of nonvolatile memory. The read-only memory holds permanent material that is retrieved through development, such as a smart card. The EPROM is a common memory sort to erase & edit the data at various stages in the card life cycle. Consequently, the sensitivity of security data includes in a card in an internal manner which can be attacked by several attackers. The main aim of the attack is over the information which is sensitive and can be jeopardized card protection or other information related to individuals over the system of a smart card. The smart card attack mainly targets the present operations of microprocessor-based smart cards, primitives of cryptographic, such as the generation of cryptographic keys & implementation of an application. This type of attack will force out the smart card microprocessor which carries out different operations that can jeopardize the security.   

1. Logical attacks:

The main aim of the attack of conceptual forms is to exploit & locate different flaws & bugs in the smart card architecture and its based operating system. This may be the type of add out the improper instructions, distances of fields, various templates or fill out the attempts to board. This type of attack has some sorts of the plus point that these are inexpensive, & its execution is simple & it does not damage the coin automatically. Although, if a trustworthy type of developers of vendors& software based on the smart card is utilized specifically & then robust type architecture & process of implementation can remove the vulnerabilities of the technical aspect. 

2. Physical attacks:

A person who gets physical smart card contact can initiate other types of attacks. Then the attacker would either beholder of passport, one of the leaders of squad, or even a random person who somehow owns legitimate cards. There are many different strategies for carrying out a physical assault on microprocessors using smart cards and some provide less cost equipment, although others are costly & need specialized equipment. All the mention categories comprise the incident through reenergizing used laser cutter type microscopes to modify chip structure, to view EEPROM card memory portions (using a strong electron microscope). It could be appropriate to crack a significant number of chips into some circumstances before an attack is deemed effective. To have an adequate countermeasure, manufactures of the smart card are constantly optimizing the design of their chip to make it harder to occur these attacks. While physical attacks have a focus on a smart card that is used in some industries, there is no reason for not being able to use them for transportation. The main question is whether a criminal group can have a financial rationale to justify the danger & effort to this type of attempt. While physical attacks have a focus on a smart card that is used in some industries, there is no reason for not being able to use them for transportation based on Datadog, PRTG network monitor. The main question is whether a criminal group can have a financial rationale to justify the danger & effort to this type of attempt.

 

Side-channel attacks:

There are no benefits of an attack on side-channel in smarter card organizations, as they require reasonable levels of equipment & do not immediately harm the system. Most of the hackers have monitored the distribution present of the running smart card to decide how different processes operate & collect secret information including system keys. Similar results have been obtained by carefully placing a littlie antenna under the positions of a smart card device. Attacks might be applied to the normal operating processes, or by exploiting direct input to built faults.

It will also consider the delivery & managing of smart cards like a delicate operation. Specifically, smart cards involved in the transport industry will have to deliver from manufacturer to, e.g., the seller at various sales points on the specific delivery centers, pre personalized on various places, in the transport business. Consequently, the shipping & distribution of cards will always occur in approved countries. Also, if keys are using for card activation stay concealed then the cards remain relatively secure. Smart card deletion & repair is also a critical process. It must be ensured that the selected cards should be used properly disposed of so if there is any left interest in electronic bags is recovered correctly. The cash reward mechanism should be enough to deter employees from exploiting the remaining value held in lost cards, cards that are not functioning or offenders picking expired cards & creating copies of disposal. Given the growing sophistication of cyber attacks, risk assessment & smart cards are deemed important. It is decided that usage of these cards protection tests & case studies to improve the trust of ticketing cards network that will be envisaged for travel industries & to protect its assets. The very usual form of theft is misapplied by the concessionary system & season passes towards which smart card's security have no clear idea. The cardholder can still send someone else smart card (e.g., managing the discount entitlements). However, this type of fraud will continue given the introduction of smart cards technology in the absence of proper visual inspection of media. However, transaction monitoring combined with the back end process will detect improper or unusual usage behavior & therefore this type of fraud can easily detect by the card program. Fraud of employees is a type of fraud that smart card programs may offer such specific protection because the additional protections offered by smart card service will safeguard plan of action of personal (access control, ticket safety). There are several possible fraud options, but the recovery of stolen & lost cards can arrive. Theft of workers will typically be rather imaginative & difficult to anticipate, so correct management procedures must be in effect to restrict opportunities.

As before the discussion of risk, stakeholders should be selected very carefully, so the particular risk should be informed to that stakeholder who is answerable or to the one who has undertaken those issues. There is a waste of time by telling to stakeholders whose role is not there. The danger has become priorities based on effect & likelihood, even as stakeholders are always priorities depending on importance & authority. Authority defines as the stakeholders worthy of influencing project & involvement implies how much stakeholder’s consideration is being undertaken. The approach to these questions will be focused on what one can do to manipulate their allies & reduce adversary’s power. The more knowledge given about the clients the better will be the connection with them. That is certain: if their desires are ignored they can be animate, they will have to brace communication. Proactive risk management means that issues are detected before arrival at warring. The reduction of damages is not hard but should be supervised. The same is true with squads. It is not always that hardtop understanding of to whom they are & what they want.

 

Conclusion

 From a technology point of view, all components that enable smartcard development are available in the transport industry. The procurement of the newly available technology will eliminate such risks but at the same time raise overall expenses to replace the project. In addition to this, the right configuration, development & service of the network will be seen very important phases. The article addresses risk control, in which various threats that exist in ticketing schemes for smart cards are addressed also with the risk recognition & impact evaluation. Various threats are described & addressed, & then quickly evaluated as to how they impact on them. A matrix of effects & risk probability of goals & risk levels is used. Each one of them problem addressed has been presented with the response plan to efficiently handle the defined risks. After the article, it is clarified that how the latest risk-reduction practices have been to stakeholders.

In this report risk management is discussed, in which the different risks that occur in the smart card ticketing systems are discussed along with risk identification and the impact assessment. Also, different risks are been identified and discussed and are analyzed briefly that how they affect. Here, an impact matrix and risk probability to prioritize and rate the risks are used. Every issue that is discussed has been provided with a response strategy for effectively managing the risks that have been identified. At the end of the report, it is explained that how does a stakeholder has been informed about the current activities of risk management.

 

References

Alghnam, S., Alkelya, M., Alfraidy, M., Al-Bedah, K., Albabtain, I.T. and Alshenqeety, O., 2017. Outcomes of road traffic injuries before and after the implementation of a camera ticketing system: a retrospective study from a large trauma center in Saudi Arabia. Annals of Saudi medicine, 37(1), pp.1-9.

Canitez, F., Alpkokin, P. and Black, J.A., 2019. Agency costs in public transport systems: Net-cost contracting between the transport authority and private operators-impact on passengers. Cities, 86, pp.154-166.

Guan, Y., Wu, B. and Jia, J., 2020. Does online ticket booking system make people better off? An empirical study on railway service. Transportation Research Part F: Traffic Psychology and Behaviour, 73, pp.143-154.

Guan, Y., Wu, B. and Jia, J., 2020. Does online ticket booking system make people better off? An empirical study on railway service. Transportation Research Part F: Traffic Psychology and Behaviour, 73, pp.143-154.

Harrison, G., Grant-Muller, S.M. and Hodgson, F.C., 2020. New and emerging data forms in transportation planning and policy: Opportunities and challenges for “Track and Trace” data. Transportation Research Part C: Emerging Technologies, 117, p.102672.

Othman, A.G. and Ali, K.H., 2020. TRANSPORTATION AND QUALITY OF LIFE. PLANNING MALAYSIA, 18(13).

Rat, C.L., 2019. Safety Management System In Air Transportation. In Proceedings of the INTERNATIONAL MANAGEMENT CONFERENCE (Vol. 13, No. 1, pp. 1051-1058). Faculty of Management, Academy of Economic Studies, Bucharest, Romania.

Tonn, G., Kesan, J.P., Zhang, L. and Czajkowski, J., 2019. Cyber risk and insurance for transportation infrastructure. Transport policy, 79, pp.103-114.

Vigren, A. and Pyddoke, R., 2019. The impact on bus ridership of passenger incentive contracts in Swedish public transport. K2 working papers, (2019: 3).

Vigren, A. and Pyddoke, R., 2020. The impact on bus ridership of passenger incentive contracts in public transport. Transportation Research Part A: Policy and Practice, 135, pp.144-159.