Skip to content

How Serious Is the Transportation Cyber Attack Risk?

Cybersecurity in rail transport: digital protection against real-life threats | Knorr-Bremse Group

If an attacker breaches a transportation agency’s systems, the impacts may extend well beyond server failure or exposed emails. Assume an attack on a transportation authority in charge of train and subway routes. The outcomes might be terrible.

The transportation industry saw a 186% increase in weekly ransomware attacks between June 2020 and June 2021. In one incident, attackers gained access to the systems of the New York Metropolitan Transportation Authority (MTA). Luckily, no one was harmed, but incidents like this are concerning. Transportation organizations require high levels of security to keep their systems and passengers safe.

Important Public Infrastructure

Ransomware was the top attack type globally in 2021, according to the latest X-Force Threat Intelligence Index, for the third year in a row.

According to the research, “malicious insiders emerged as the main threat type against transportation businesses in 2021, accounting for 29% of attacks on this industry.” In 2021, ransomware, [remote access Trojans], data theft, credential harvesting, and server access assaults all had a part in transportation.” We’ll return to the issue of ‘malicious insiders’ later.

Transportation is uniquely vulnerable since it is part of important public infrastructure. Most people and businesses depend on transportation to go to work on time, send goods, or get medical supplies. If an assault interrupts transportation, whole supply networks may collapse. Physical harm might result from an interruption in traffic lights or rail transit.

New Rules for Digital Defense

In response to the growing threat, the Transportation Security Administration (TSA) of the Department of Homeland Security released new cybersecurity rules for surface transportation owners and operators.

The rules should apply to higher-risk freight railroads, passenger rail, and rail transit. They need owners and operators to do the following:

  • Appoint a cybersecurity coordinator.
  • Within 24 hours, report any events to the Cybersecurity and Infrastructure Security Agency.
  • Create and put into action a cybersecurity incident response strategy to minimize the risk of operational disruption.
  • Completing a cybersecurity vulnerability assessment will allow them to detect potential gaps or weaknesses in their systems.

Motives Behind Cyber Attacks

Attacks against transportation agencies might be motivated by a variety of factors. Attackers may steal information or use ransomware to make money. However, some attackers may seek support from foreign states wishing to create chaos or damage to promote foreign policy goals. While any incident might create system interruption, foreign attacks can increase the chances of equipment faults and accidents.

Rogue Foreign Actors

The attackers in the New York MTA incident made no money demands. Instead, it appears that the hack was part of a recent wave of broad breaches by experienced attackers. According to FireEye, a private cybersecurity firm that helped in the identification of the hack, the hackers were most likely supported by the Chinese government.

Another attack in late 2018 resulted in the conviction of two Iranian men by a federal grand jury. They were suspected of holding the computer system of the Colorado Department of Transportation (CDOT) hostage as part of the SamSam malware scheme. The Iranian-based attackers allegedly requested a Bitcoin payment to unlock stolen CDOT data. The issue forced the shutdown of 1,700 staff computer systems. It took six weeks and almost $2 million to restore the department’s systems.

Therefore, the CDOT did not pay the ransom. The government had digital backups that allowed them to recover encrypted data. Additionally, segmented network operations helped in the protection against viruses spreading to other departments or organizations. As a result, servers managing traffic signals and other road systems in Colorado were unaffected.

What Should Transport Leaders Do?

Given the extensive and ongoing threat to the transportation industry, the TSA has created a toolset. When we look at the rail, public transportation, and surface transportation directions, we see that cybersecurity coordination, reporting, and response strategies are important. Vulnerability assessment is also a top concern, and the TSA advises organizations to use the NIST Cybersecurity Framework as a guide.

As more devices and equipment are deployed in the industry, vulnerability assessments should incorporate Internet of Things (IoT) security. IoT devices are required to coordinate the various moving elements and logistics of any transportation system. However, device connections are possible entry sites for attackers, and you should consider this risk as well.

Transportation Attack Risk Mitigation

Transportation organizations, like any other company, are vulnerable to hacking, but the stakes may be higher. One of the reasons, according to Homeland Security Secretary Alejandro Mayorkas, “ransomware now poses a national security danger.” While TSA rules address incident response, where can one receive risk reduction advice?

The X-Force Threat Intelligence Index not only analyses the current risk environment but also offers suggestions for minimizing the risk of breach. The X-Force study makes the following recommendations to reduce cyber risk:

  • Zero trust: This method assumes that a breach has already happened and seeks to make it more difficult for an intruder to move across a network. Zero trust knows where important data is stored and who has access to it. Strategy is focused methods (multifactor authentication, least privilege, identity access management) are deployed across a network to ensure that only the appropriate individuals have access to the correct data in the right way. This is important in transportation since malicious insiders are responsible for approximately one-third of agency attacks.
  • Security Automation: Security automation is crucial in the face of international threats, different attack types, and many levels of security. Machines can execute things far more quickly than any human analyst or team. Automation also helps in the identification of processes for optimizing workflows.
  • Extended detection and response (XDR): Detection and response systems that combine multiple solutions provide a significant advantage. XDR helps in detecting hackers from a network before they complete their attacks, such as ransomware distribution or data theft.

Keeping Transportation Safe

Government efforts are helping in creating awareness and reducing the chance of risk. Individual transportation companies have also taken on the responsibility of protecting their systems and ensuring the safety of their passengers. The threat of an assault on transportation organizations will almost definitely remain, and passenger safety is important.

 


Here at CourseMonster, we know how hard it may be to find the right time and funds for training. We provide effective training programs that enable you to select the training option that best meets the demands of your company.

For more information, please get in touch with one of our course advisers today or contact us at training@coursemonster.com