If an attacker gains access to a transit agency’s networks, the consequences might be considerably more serious than server outages or exposed emails. Consider an attack on a transportation agency in charge of railway and subway routes. The consequences could be disastrous.
The transportation industry saw an 186 percent rise in weekly ransomware assaults between June 2020 and June 2021. The New York Metropolitan Transportation Authority (MTA) system was breached in an incident. Thankfully, no one was hurt, but such situations should be taken seriously. To keep the systems and people secure, transportation companies need excellent security.
Ransomware will be the most common attack type in 2021, according to the latest X-Force Threat Intelligence Index. “Malicious insiders emerged as the top attack type against transportation organisations in 2021, accounting for 29 percent of attacks on this industry,” according to the research.
Transportation was hit by ransomware, [remote access Trojans], data theft, credential harvesting, and server access assaults in 2021.” Later, we’ll return to the topic of “malicious insiders.”
Transportation is uniquely vulnerable as part of important public infrastructure. Whether it’s getting to work on time, transporting goods, or obtaining medical supplies, most people and businesses rely on transportation. If transportation is disrupted, entire supply chains could be disrupted. Physical damage could result from a traffic signal or rail service disruption.
New Rules for Digital Defense
The Transportation Security Administration (TSA) of the Department of Homeland Security announced additional cybersecurity regulations for surface transportation owners and operators in response to the escalating threat.
Higher-risk freight railroads, passenger rail, and rail transport are all subject to the rule. They demand those owners and operators:
- A cybersecurity coordinator should be appointed.
- Within 24 hours, report any events to the Cybersecurity and Infrastructure Security Agency.
- To limit the risk of operational disruption, develop and implement a cybersecurity incident response plan.
- To detect any gaps or weaknesses in their systems, do a cybersecurity vulnerability assessment.
Attacks on transportation agencies might have a variety of motivations. For financial gain, intrusive actors may steal information or deploy ransomware. Meanwhile, other assailants may be aided by foreign states trying to disrupt or destroy in order to achieve foreign policy objectives. While any incident can cause system disruption, foreign attacks pose a greater risk of equipment failures and accidents.
Rogue Foreign Actors.
The attackers in the New York MTA assault made no payment demands. Instead, the breach looks to be part of a recent wave of sophisticated attackers’ incursions. The intruders are likely backed by the Chinese government, according to FireEye, a private cybersecurity firm that assisted in the discovery of the intrusion.
Another incident in late 2018 resulted in the indictment of two Iranian men by a federal grand jury. As part of the SamSam virus scam, they were suspected of holding the Colorado Department of Transportation (CDOT) computer system hostage. The attackers allegedly sought a Bitcoin ransom to decode the infected CDOT files. The issue resulted in the shutdown of 1,700 employee computer systems. The department’s systems were brought back online after six weeks and roughly $2 million.
The CDOT ultimately refused to pay the ransom. The government had digital backups that allowed them to restore encrypted data. Additionally, network segmentation prevented malware from propagating to other departments or agencies. As a result, servers in Colorado that handle traffic signals and other road systems were unaffected.
What Should Transport Leaders Do?
The TSA has created a toolkit in response to the pervasive and persistent threat to the transportation industry. Cybersecurity coordination, reporting, and response plans are vital, according to the directions for rail, public transit, and surface transportation. Vulnerability assessment is also a top priority, and the TSA suggests using the NIST Cybersecurity Framework as a guidance.
As more sensors and devices are deployed in the industry, vulnerability assessments should incorporate Internet of Things (IoT) security. IoT devices are required to coordinate the many moving parts and logistics of any transportation system. Device connections, on the other hand, are potential entry points for attackers, and you should examine this risk as well.
Transportation Attack Risk Mitigation
Transportation organisations, like any other institution, are vulnerable to cyberattack, but the stakes may be higher. One of the reasons, according to Alejandro Mayorkas, Homeland Security Secretary, “ransomware now poses a national security concern.” Where can one get advice on risk mitigation while the TSA directives address incident response?
The X-Force Threat Intelligence Index not only assesses the existing risk landscape, but also provides recommendations for lowering the danger of compromise. The X-Force report makes the following recommendations for reducing cyber risk:
Zero Trust: This strategy is based on the assumption that a breach has already happened and seeks to make it more difficult for an intruder to roam across a network. Zero trust knows where essential information is stored and who has access to it. Multifactor authentication, least privilege, and identity access management are among the robust verification mechanisms used across a network to ensure that only the right individuals have access to the appropriate data in the right way. This is critical in the transportation industry, as malicious insiders are responsible for approximately a third of all agency assaults.
Security Automation: Security automation is critical in the face of transnational threats, a variety of attack types, and several layers that must be protected. Machines are significantly faster at completing jobs than any human analyst or team. Automation also aids in the discovery of strategies for bettering workflows.
Extended detection and response (XDR): Technologies that integrate numerous detection and response systems offer a considerable advantage. Before they reach the ultimate step of their attack, such as ransomware deployment or data theft, XDR detects and eliminates criminals from a network.
Keep Transportation Safe
Government actions are assisting in raising awareness and reducing the risk of injury. Individual transportation companies have also assumed responsibility for safeguarding their systems and ensuring the safety of their passengers. The threat of attacks on transportation companies will almost definitely persist, and passenger safety is paramount.