Cyber attacks against the transport sector are nothing new. Those of you with long memories will recall how the SoBig virus caused major disruption to the US rail network all the way back in 2003. But the sheer breadth and persistence of threats facing the industry today is largely unprecedented. Just recently San Francisco’s “Muni” transport agency was on the receiving end of a ransomware infection which caused Muni to take its payment systems offline for two days, allowing Muni riders to travel for free, costing the transportation system a few days of lost revenue.
It’s yet another reminder that when it comes to transportation, attacks on the data centre must be detected and remediated as quickly as possible to minimise their impact.
In the Crosshairs
The transport sector covers an extensive variety of organisations across land, sea and air – from ports and airports to cross-country and metropolitan area bus and rail networks, motorway infrastructure and beyond. Like most organisations today, they are increasingly reliant on IT systems to work efficiently. And that’s only going to grow as smart technologies begin to permeate the sector.
As a key part of any nation’s critical infrastructure, transport is in the crosshairs of several groups: hacktivists looking to create a publicity storm; financially motivated cybercriminals; and even state-operatives possibly probing for data. The same Beijing-backed group that hit the US Office of Personnel Management (OPM) last year, for example, was fingered for a data-stealing raid on American Airlines.
As the San Francisco’s Municipal Transportation Agency found out to its cost, attacks can have a serious impact on operations. Some 2,000 computers in the Muni network were compromised, affecting agency-wide functions including email, and real-time bus locations. To cope, bus routes apparently had to be written down by hand for drivers and the firm was forced to allow passengers to travel for free all weekend. It’s not hard to see the potential financial impact of such an attack and the time and money needed to remediate.
The good news is that the uptick in threats has not gone unnoticed. EU security agency Enisa released a report on cyber security and resilience in the public transport sector at the start of the year which shows the issue is at least front of mind. However, as it goes on to outline, several key challenges have yet to be addressed by many organisations including:
- Inadequate spending on cybersecurity
- Use of legacy systems, weakening security
- Poor situational awareness of threats
- A resistance to security adoption
As the Muni incident has proven, a major cyber attack can come out of nowhere and have potentially serious financial and operational repercussions. Transport firms must therefore switch their focus from trying to block everything at the perimeter – an impossible task – to gaining better situational awareness inside their data centres.
This means abandoning legacy solutions and looking to next-generation tools which can catch attacks as early on as possible in the kill chain. Look for vendors which provide granular visibility into communications between applications right down to the process level. And deception techniques which spot suspicious activity early on and reroute connections to a dynamic honeypot environment for observation. Only these kinds of tools will give transport sector organisations the fast and effective response to mounting cyber attacks that they’re crying out for.