How Dangerous Is the Cyberattack Risk to Transportation?
An attacker could breach the systems of a transit agency, causing serious damage beyond leaking emails and server downtime. Imagine an attack on a transit authority that oversees subway and train routes. It could lead to terrible results.
The transportation industry saw a 186% rise in ransomware attacks between June 2020 and June 2021. One attack saw attackers break into the New York Metropolitan Transportation Authority systems. Although no one was hurt, incidents like this are concerning. Transport organizations need strong security to ensure that passengers and their systems are safe.
Critical Public Infrastructure
The latest X-Force Threat Intelligence Index revealed that ransomware was the most popular attack type worldwide in 2021, for the third consecutive year.
According to the report, malicious insiders were 29% of all attacks on transportation companies in 2021. Ransomware [remote-access Trojans], credential harvesting, data theft and server access attacks all played a part in transportation’s decline in 2021.” We’ll get back to the topic of “malicious insiders” later.
Transport is a critical part of the public infrastructure. Transport is essential for most people and businesses. It’s vital to their ability to get to work on schedule, send goods, or receive medical supplies. Transport disruptions can cause entire supply chains to collapse. Physical harm could result from disruptions in transportation, such as traffic light and rail transit disruption.
Digital Defence: New Rules
The Department of Homeland Security’s Transportation Security Administration (TSA), announced new cybersecurity requirements to surface transportation operators and owners in response to the increasing threat.
These requirements apply to high-risk freight railroads, passenger trains and rail transit. These requirements require operators and owners to:
- Designate a cybersecurity coordinator
- Within 24 hours, report cybersecurity incidents to Cybersecurity and Infrastructure Security Agency
- To reduce operational disruption, create and implement a cybersecurity response plan.
- To identify any vulnerabilities or gaps in their system, conduct a cybersecurity vulnerability assessment.
Cyberattack Motives
There are many motives behind attacks on transport agencies. For financial gain, intrusive actors might steal information or use ransomware to extort funds. Other attackers may be supported by foreign countries in order to disrupt or degrade foreign policy goals. Any incident can cause disruption to systems, but foreign attacks could pose a greater risk of equipment malfunctions or accidents.
Rogue Foreign Actors
The New York MTA attackers did not make any financial demands. The breach seems to be part of a recent string of widespread intrusions made by skilled attackers. The Chinese government likely supported the intruders, according to FireEye, a private cybersecurity company that assisted in finding the breach.
Two men from Iran were indicted by a federal grand jury for another attack in late 2018. The two men were accused of taking the Colorado Department of Transportation’s computer system hostage in the SamSam malware plot. The Iran-based attackers demanded Bitcoin ransom in order to decrypt the CDOT data. It caused the computer systems of 1,700 employees to be shut down. It took nearly 2 million dollars and six weeks to bring the department’s computers back online.
The CDOT didn’t pay the ransom. The state had digital backups that allowed them to retrieve encrypted data. Segmented network operations also prevented malware spreading to other agencies and departments. Servers that control traffic lights and other roads in Colorado didn’t feel the effects.
What should transport leaders do?
TSA’s toolkit was created in response to the ongoing threat to the transportation industry. We can see that cybersecurity coordination, reporting, and response plans are crucial in the directives for rail and public transport. Vulnerability assessment is a top priority. The TSA recommends agencies consult the NIST Cybersecurity Framework to help them.
As more devices and sensors are used in the industry, vulnerability assessments should include Internet of Things security. IoT devices are vital in order to coordinate the many moving parts and logistics within any transport system. You should be aware that device connections can open the door to attackers.
Transportation Attack Risk Mitigation
Transportation agencies are at risk of being cyberattacked just like any other organization. But the stakes could be even higher. Alejandro Mayorkas secretary of Homeland Security stated that ransomware is a national security risk.
The X-Force Threat Intelligence Index provides information about the current threat landscape and offers suggestions on ways to reduce compromise risk. The X-Force report offers some suggestions to reduce cyber risk.
- Zero Trust: This approach assumes that a breach has already taken place and aims to make it more difficult for an intruder or other person to move through a network. Zero trust can identify where sensitive data is located and who has access. To ensure that only the right people have access to the data, robust verification measures are used (HT0_ multifactor authentication and least privilege), throughout a network. This is especially important for transport as almost a third of all agency attacks are caused by malicious insiders.
- Security Automation: Security automation is crucial due to international threats, multiple attack types, and layers that require protection. Automation completes tasks faster than any human analyst, team or person. Automated systems can also be used to identify ways to improve workflows.
- Extended detection and response (XDR), Detection technologies that combine multiple solutions offer a significant advantage. XDR detects and eliminates attackers before they reach the last stage of an attack such as ransomware installation or data theft.
Transport safety
The government agencies are working to increase awareness and reduce the risk of harm. Individual transport agencies have taken responsibility for protecting their systems as well as ensuring traveler safety. There will be attacks on transport agencies, which will continue. Passenger safety is also important.