Navigating the threat of cyber attacks on the transport sector

Train passing by - cyber threats to transport
(Image credit: Future)

How can we fight cybercrime? After the dramatic rise of ransomware attacks around the world, organizations need to have the best strategies in place to prevent these events from happening. When combating cyber attacks, transport companies are at a considerably high risk. As vital infrastructures, they must have higher standards of protection in place, otherwise chaos has the ability to take over.

About the author

Dirk Schrader is Global VP of Security Research at Netwrix.

In this increasingly digitally connected world, it is not a surprise that there will be a major increase in the rate of cyber attacks. As we are more switched on than ever before, this now also means that we are more at risk of a cyber attack. A recently published article in The Independent discussed the fact that Microsoft had recently warned the US that it is being hit by a large number of cyber attacks, showing that hundreds of different organizations and companies have been affected. The transport sectors are often the key focus of attacks as they are the most impactful and highly disruptive. Therefore, how can we protect the transport sector from these hacks?

Why do cyber attackers focus on the transport industry so heavily? The transport sector, as a critical public infrastructure, is a prime target. Transport is such a core industry which numerous citizens and companies depend on – it is hard to comprehend a world without a mobile transport system. It covers so many areas in our day to day lives; food and materials deliveries, key medical services, and work commutes are just the tip of the iceberg of what can be affected. If these services are disrupted, then it becomes problematic on a much wider scale, some might say, even chaotic. More importantly, it is also dangerous when traffic signals and lights are disabled, and serious accidents are more than likely to occur.

How cyber attacks disrupt the transport sector

In the transport industry, there is always a massive threat of cyber attacks, and over the years there have been a few that stand out including an attack at Deutsche Bahn in 2017. The company's IT systems were affected by WannaCry ransomware, and it caused mayhem with ticket machines and display boards becoming completely out of action at various stations.

The Danish state railway was also affected in a DDoS or distributed denial of service attack in May 2018. There was an overload of the IT system that resulted in an inoperable mobile app, homepage, phone, email, and it froze ticketing services. Then, there was the notorious crypto trojan NotPetya that disabled critical infrastructures including ones at TNT-Express and the Maersk Group. According to The Maersk Group, they incurred damages at the cost of around 200-300 million US dollars with container terminals becoming inactive. 

How to protect transport infrastructures

It is clear how important it is to protect transport infrastructures from these cyber attacks. There is a labyrinth of IT systems and OT (Operational Technology), apps and devices including those that span ticketing, the app, and the signal and passenger information system that are largely at risk.

When developing a security plan, it is important to incorporate both IT and OT systems, as both are interlinked – if one gets infected, then so can the other. The older OT systems may present a challenge as they do not always have cohesive integration options. As always, safety is a top priority too. Regarding industrial control systems (ICS), a hacker can disable control system signals (including traffic lights), telephone communications, and private company data in just one cyber attack – which could cause major accidents and result in devastating consequences.

Security against cyber attacks is a complex matter

The challenge for the transport industry is that with digital networks expanding, there is a higher chance of transport companies falling prey to cyber attacks and the damage can be very extensive. Securing the main infrastructure is a complex matter that demands a high level of consistent and sustainable prevention. Looking to the future, companies need to develop a concrete cyber resilience strategy that covers more than cybersecurity and ensures functionality throughout a possible attack, so that business is not impacted greatly.

Risk assessments need to be undertaken to highlight potential threats. Important assets should be the main focus along with the disruption an attack on these could cause. Companies often use a Vulnerability Management (VM) solution that can analyze both IT and OT systems to suggest security improvements – this effective process runs continuously to update and is an essential technology for any organization or network.

In the great cyber security battle, it is vital for the transport sector – or any sector – to work proactively and sustainably on their security strategy and to build resilience. Comprehensive planning and vulnerability management is at the heart of all of this, which is why organizations must level up and plan for every possible outcome – so they are not caught out.

Dirk Schrader is Global VP of Security Research at Netwrix.