Top Cyber Security Challenges in the Transport Sector

The transport sector increasingly benefits from the adoption of digital transformation strategies, but it’s vital to recognise that the vulnerability to various cyber attacks also rises in step with these changes. Edge technologies including Industrial Internet of Things (IIoT) sensors and actuators make transport services more efficient and cost-effective to run, but this closer convergence between operational technology and information technology expands the attack surface. On-board connected  services and online ticketing portals bring unparalleled convenience to passengers, but can also be susceptible  to hacking and data breaches. 

Transport is one of 13 critical national infrastructure sectors in the UK, deemed pivotal for the normal functioning of the country. Cyber attacks in the transport sector come with the risk of a disparate variety of consequences, from stolen sensitive information to complete service shutdowns and even endangering human lives. In this article, we are going to take a look through the key cyber security challenges that the transport sector must address along with some tips and strategies for transport companies to improve their cyber defences.

Cyber Security in Transport: Key Challenges

A more dangerous threat landscape

Map of observed incidents (January 2021 to October 2022) 

Transport service providers and organisations face a threat landscape that continues to get more dangerous each year. A recently released report covering cyber incidents in the transport sector observed a 25% increase in the monthly average number of reported incidents affecting the transport sector in 2022 compared to 2021.

As for why cyber attack activity is on the rise, there are likely many factors at play. Profit-motivated hackers make up the bulk of threat actors in the transport sector, with ransomware and data-related attacks being the most commonly encountered threats.

There is perhaps a perception that the data stored by these organisations is highly valuable and worth targeting in pursuit of a payday or even to cause severe disruption. This data includes sensitive customer details and proprietary equipment information throughout the supply chain. Digital transformation initiatives increase the volume of data being collected and transmitted throughout the technology environment.

Current geopolitical tensions from the Russia-Ukraine War and recent intelligence that Russian state actors are actively targeting CNI organisations also contribute to higher levels of observed cyber threats. Hacktivists carry out attacks like Distributed Denial of Service (DoS) that aim at operational disruption, typically with ideological and political motives. A 2022 DDoS attack on the Port of London Authority saw the public trust entity, responsible for overseeing commercial operations on 95 miles of the Thames, knocked offline.

The proliferation of networked IoT devices

A market analysis of IoT in the transportation sector forecasts 14.5% compound annual growth between 2021 and 2026. The many different use cases for these Internet-connected devices in transport, along with cost-efficiencies, sees them proliferate throughout many sub-sectors of transport at a high rate.

In railway systems, for example, vibration and temperature sensors and actuators help carry out predictive maintenance by monitoring a fleet’s diagnostic data, safety sensors on wheels, tracks, and breaks enable rapid notification about safety hazards for operators, and smart ticketing systems interact with users’ smartphones to charge correct fares at station entry points.

While “smart” transportation is an overall positive trend, the rapid proliferation of IoT devices in these ecosystems can cause security concerns. In the rush to get devices to market, IoT manufacturers often prioritise functionality over security. Devices may use unsecured communication protocols or default passwords that are very easy to crack. And, since IoT devices often support operational processes, there are risks of IoT vulnerabilities spilling over to impact transport safety.

Cyber security talent shortages

The UK’s ongoing cyber security talent shortage impacts all industries and sectors, but it’s worth underlining the extent of the problem and how it interacts with the ability of transport companies to defend their systems and assets effectively. A 2022 report found that 51% of all private sector businesses identified a basic technical cyber security skills gap, while a third lack more advanced skillsets such as penetration testing, forensic analysis, and security architecture or engineering.

Cyber security talent survey 2023

Talent shortages in advanced cyber skills can be particularly damaging for the transport sector. In-depth penetration tests help unearth software and firmware vulnerabilities in their IT, OT, and IoT assets while knowledge of security architecture helps to effectively control traffic, protect data, and reduce the attack surface of operational technologies. Without these critical skills, it’s far harder to defend against today’s sophisticated threat actors.

Asset visibility

The complex nature of transport technology ecosystems poses challenges in maintaining asset visibility. And, it’s impossible to properly defend your technology environment if you don’t know what systems are in it and whether they are vulnerable.

The average airport might have hundreds of network appliances such as firewalls and switches running various applications. Railway system architectures are inherently distributed. Diverse companies manufacture and code the hardware and software used within the complex supply chains that transport services rely on.

Tracking the location and status of all software and hardware assets is no small task. One unpatched vulnerability in an unknown asset can cause a cascading effect that leads to a data breach or operational hazard.

Tips and Strategies for Improving Cyber Defences in Transport

From maritime to rail to air, here are some tips and strategies for improving cyber defences in transport.

• Network segmentation—Reflecting the risks of increased OT/IT convergence in transport, partitioning the network into segments and zones helps to contain the impact of an attack and harden the most critical operational systems against attackers who try to cross the boundary from IT into OT.
• Defense-in-depth—This approach thoughtfully layers security defences to put up as many barriers as possible against potential attacks. The layers of defence could include policies and procedures (e.g. incident response plans), physical controls like locks and badges, perimeter controls such as firewalls and denial of service prevention systems, data encryption, vulnerability management, secure multi-factor authentication for apps, and more. The point is to remove any reliance on one layer of defence for keeping out malicious actors.
• Security awareness training—Implement ongoing cybersecurity awareness and training programs for all employees, including non-technical staff. Addressing even the basic shortfalls in security knowledge helps create a culture of security consciousness, reduces risks from low-hanging fruit attacks, and ensures that everyone is aware of their role in preventing cyber intrusions.
• Patch management—Keep all software (e.g. transport management software) and hardware up-to-date with the latest security patches. This includes operating systems, applications, firmware, and network devices. Implement a patch management process to ensure timely updates and minimise the risk of exploitation. And bear in mind that effective patch management must begin with an accurate asset inventory.
• Security testing—The complexity of transport technology ecosystems and the ever-menacing cyber threat landscape make penetration testing a necessity. These simulated attacks look for exploitable vulnerabilities in your networks, protocols, devices, and applications.
  
  

tmc3 - A cyber security partner for the digital era

Navigating the cyber security challenges in the transport sector is easier when you have a cyber security partner to address chronic cyber talent shortages. While the above best practices will prove useful, you still need advanced skills like penetration testing to get more proactive in the modern threat landscape.

tmc3’s suite of security services helps transport companies thrive in the digital era. Our penetration test service leverages the skills of qualified security experts to assess your critical web applications, network, and infrastructure for security vulnerabilities. You also get clear and actionable reporting to strengthen resilience against cyber crime.

Contact us today to solve your cyber security challenges.