Posted by Marbenz Antonio on May 24, 2022
If an attacker breaches a transportation agency’s systems, the impacts may extend well beyond server failure or exposed emails. Assume an attack on a transportation authority in charge of train and subway routes. The outcomes might be terrible.
The transportation industry saw a 186% increase in weekly ransomware attacks between June 2020 and June 2021. In one incident, attackers gained access to the systems of the New York Metropolitan Transportation Authority (MTA). Luckily, no one was harmed, but incidents like this are concerning. Transportation organizations require high levels of security to keep their systems and passengers safe.
Ransomware was the top attack type globally in 2021, according to the latest X-Force Threat Intelligence Index, for the third year in a row.
According to the research, “malicious insiders emerged as the main threat type against transportation businesses in 2021, accounting for 29% of attacks on this industry.” In 2021, ransomware, [remote access Trojans], data theft, credential harvesting, and server access assaults all had a part in transportation.” We’ll return to the issue of ‘malicious insiders’ later.
Transportation is uniquely vulnerable since it is part of important public infrastructure. Most people and businesses depend on transportation to go to work on time, send goods, or get medical supplies. If an assault interrupts transportation, whole supply networks may collapse. Physical harm might result from an interruption in traffic lights or rail transit.
In response to the growing threat, the Transportation Security Administration (TSA) of the Department of Homeland Security released new cybersecurity rules for surface transportation owners and operators.
The rules should apply to higher-risk freight railroads, passenger rail, and rail transit. They need owners and operators to do the following:
Attacks against transportation agencies might be motivated by a variety of factors. Attackers may steal information or use ransomware to make money. However, some attackers may seek support from foreign states wishing to create chaos or damage to promote foreign policy goals. While any incident might create system interruption, foreign attacks can increase the chances of equipment faults and accidents.
The attackers in the New York MTA incident made no money demands. Instead, it appears that the hack was part of a recent wave of broad breaches by experienced attackers. According to FireEye, a private cybersecurity firm that helped in the identification of the hack, the hackers were most likely supported by the Chinese government.
Another attack in late 2018 resulted in the conviction of two Iranian men by a federal grand jury. They were suspected of holding the computer system of the Colorado Department of Transportation (CDOT) hostage as part of the SamSam malware scheme. The Iranian-based attackers allegedly requested a Bitcoin payment to unlock stolen CDOT data. The issue forced the shutdown of 1,700 staff computer systems. It took six weeks and almost $2 million to restore the department’s systems.
Therefore, the CDOT did not pay the ransom. The government had digital backups that allowed them to recover encrypted data. Additionally, segmented network operations helped in the protection against viruses spreading to other departments or organizations. As a result, servers managing traffic signals and other road systems in Colorado were unaffected.
Given the extensive and ongoing threat to the transportation industry, the TSA has created a toolset. When we look at the rail, public transportation, and surface transportation directions, we see that cybersecurity coordination, reporting, and response strategies are important. Vulnerability assessment is also a top concern, and the TSA advises organizations to use the NIST Cybersecurity Framework as a guide.
As more devices and equipment are deployed in the industry, vulnerability assessments should incorporate Internet of Things (IoT) security. IoT devices are required to coordinate the various moving elements and logistics of any transportation system. However, device connections are possible entry sites for attackers, and you should consider this risk as well.
Transportation organizations, like any other company, are vulnerable to hacking, but the stakes may be higher. One of the reasons, according to Homeland Security Secretary Alejandro Mayorkas, “ransomware now poses a national security danger.” While TSA rules address incident response, where can one receive risk reduction advice?
The X-Force Threat Intelligence Index not only analyses the current risk environment but also offers suggestions for minimizing the risk of breach. The X-Force study makes the following recommendations to reduce cyber risk:
Government efforts are helping in creating awareness and reducing the chance of risk. Individual transportation companies have also taken on the responsibility of protecting their systems and ensuring the safety of their passengers. The threat of an assault on transportation organizations will almost definitely remain, and passenger safety is important.
Here at CourseMonster, we know how hard it may be to find the right time and funds for training. We provide effective training programs that enable you to select the training option that best meets the demands of your company.
For more information, please get in touch with one of our course advisers today or contact us at email@example.com