Researchers from Iowa State University, including Ostonya Thomas, Muhaimin Bin Munir, Jean-Michel Tine, Mizanur Rahman, Yuchen Cai, Khandakar Ashrafi Akbar, Md Nahiyan Uddin, Latifur Khan, Trayce Hockstad, and Mashrur Chowdhury, have developed a novel approach to enhance cybersecurity awareness in the transportation sector. Their work focuses on leveraging generative AI to extract and organize cyber incidents from publicly available datasets, transforming unstructured data into structured formats to improve accessibility and practical use.
The study addresses a critical gap in the transportation industry: despite numerous cyberattacks on transportation systems worldwide, comprehensive and centralized records of these incidents remain scarce. The researchers sourced incidents from several reputable databases, including the Center for Strategic & International Studies (CSIS) List of Significant Cyber Incidents, the University of Maryland Cyber Events Database (UMCED), the European Repository of Cyber Incidents (EuRepoC), the Maritime Cyber Attack Database (MCAD), and the U.S. DOT Transportation Cybersecurity and Resiliency (TraCR) Examples of Cyber Attacks in Transportation (2018 to 2022). These incidents were then classified into five transportation modes: aviation, maritime, rail, road, and multimodal, forming a transportation-specific cyber incident database.
A key innovation in this research is the use of a fine-tuned large language model (LLM) to transform heterogeneous cyber incident data into structured formats. This approach ensures that the data is organized and easily accessible, making it more useful for cybersecurity awareness and analysis. The researchers also developed a Retrieval-Augmented Generation question-answering system, which allows users to query the curated database for specific details on transportation-related cyber incidents. This system enhances the practical use of the database by enabling users to retrieve relevant information quickly and efficiently.
By leveraging LLMs for both data extraction and user interaction, the study contributes a novel, accessible tool for improving cybersecurity awareness in the transportation sector. The researchers’ approach not only promotes cybersecurity awareness but also provides a structured and centralized resource for transportation cyber incidents. This tool can be invaluable for industry professionals, policymakers, and researchers seeking to understand and mitigate cyber threats in the transportation sector. The practical applications of this research are significant, as it can help prevent future cyber incidents by raising awareness and providing actionable insights. Read the original research paper here.