Planes, Trains, and Automobiles- Are They Safe?
We are wildly dependent on the critical infrastructure that is the transportation sector. Without it, you wouldn’t be able to take that quick flight to visit family across state lines and don’t expect your dinner staples to be at Costco. Worse yet, in an emergency, you could be left stranded. Our nation would crumble without transportation systems. Essentially every stage of the supply chain relies on transportation of raw materials, products, and manufactured goods. And emergency response and recovery depend on it. It’s vital for our day-to-day comforts and our global economic stability.
But this vital infrastructure is at serious risk of cyber threats.
Our world is becoming increasingly hyperconnected, so it’s no surprise that the transportation industry has been making strides to keep up. With aims of greater efficiency (think faster deliveries, lower costs), more reliability and flexibility (think customized mass transit, autonomous vehicles), and improved safety (think less human-error induced accidents), the transportation sector is becoming more digitized. In fact, DHS says there is a “growing reliance on cyber-based control, navigation, tracking, positioning, and communications systems.” And this reliance means more devastating consequences if a failure occurs. A single cyber-attack can disrupt vital transportation services and cause long-term sociological and economic damage according to a recent IBM X-Force security research report “Security Trends in the Transportation Industry.”
This is an infrastructure that mostly developed before the age of the internet, and long before cyber security was even a concept, so there’s a lot of protection that now needs to be built into this aging infrastructure of devices, components and their communication systems. These are some of the greatest risks:
weakest link Vulnerability
A system is only as strong as its weakest link. And when the system is a massive, aging infrastructure, there are a lot of weak links. End points, where communication starts and ends are often connected to other systems in the craft or vessel. These end points have an IP address. And when these endpoints have their own IP address (as they often do), someone could gain access to entire control or communications system- transmitting erroneous or malicious data.
Off the shelf software
Much of the transportation industry’s operational technologies and control systems, such as engine and flight control, positioning, navigation systems in aircraft and ships are purchased off the shelf and are Wi-Fi connected. This software may improve connectivity, but if it isn’t designed, implemented and maintained with security in mind, it breeds security risk.
Maintaining security infrastructure properly requires specialized expertise. Professionals need to know how to secure information technology (IT) and operational technology (OT) systems. In 2017, more than half of transportation security teams had fewer than 30 employees dedicated to security. And, 29% reported that a lack of trained personnel is a major obstacle to adopting advanced technologies and processes.
To offset this lack of cyber security expertise, securing against cyber threats is often outsourced. In fact, by mid-2017, nearly 50% of organizations outsourced some or all their cyber security to offset a lack of internal expertise. Outsourcing can also happen to reduce cost or to avoid establishing an in-house team altogether. This may work as a short-term fix, but developing an experienced, internal team is key to protect against the specialized risks in the transportation industry.
Security teams often struggle with fatigue associated with an overwhelming amount of alerts, and the transportation industry is no exception. 35% of security professionals in this industry see thousands of daily threat alerts, of which only 44% are investigated. It’s important to have appropriate filtering capabilities in a security monitoring tool so this fatigue can be relieved.
Transportation is a critical infrastructure, one we all rely on day in and day out. But cyber security breaches in this industry are becoming more prevalent, and an inexperienced talent pool and an increasingly aging infrastructure are only amplifying the issue. It's critical for security teams to put in place tools to help them proactively monitor and prevent cyber attacks.
By the way, October is National Cyber Security Awareness Month - check out other NCASM 2018 posts here.