Otto  background

Poor Cybersecurity: A Threat to the Transportation Industry

Today, hackers and bad actors already have the expertise and resources necessary to infiltrate networks and take down critical infrastructure and systems, crippling companies, industries, even entire regions. Cybercriminal activity around the globe is escalating as hackers continue exploiting unprotected gaps in security, many of which stem from the expanding “internet of things” (IoT) and rapid proliferation of cloud computing services.

While some security professionals might think they’re not at risk because their company’s industry, operating region or technology isn’t seen as a target, but dismissing cybersecurity best practices could be a fatal error as the speed and scale at which adversaries are launching their attacks continues to grow.

While until recently hackers have focused on penetrating computer systems at banks, retailers, health care facilities and government agencies — systems that offer access to sensitive data, including personal and financial information — recent attacks demonstrate that the transportation and logistics (T&L) industry is now on hackers’ radar.

In June 2017, when Danish shipping giant A.P. Moller-Maersk’s computer system was attacked by hackers during the Petya attack, it led to a disruption in transportation across the entire world, including delays at the Port of New York and New Jersey, the Port of Los Angeles, Europe’s largest port in Rotterdam and India’s largest container port near Mumbai. Worse yet, the company reported that it could have lost as much as $300 million during the cyberattack.

In fact, according to the the 2018 Cost of a Data Breach Study, conducted by the Ponemon Institute and sponsored by IBM Security, the transportation industry has a per capita data breach cost of $128, close to the average cost of breaches across all industries.

Other than Maersk, media reports revealed other transportation and logistics industry giants were affected during the breach, including German postal and logistics company Deutsche Post and German railway operator Deutsche Bahn, which was also a victim of the WannaCry ransomware hack in May. For the T&L industry, the June 2017 cyberattack served as a vital reminder to elevate cybersecurity to a top priority.

Part of the increased focus on the transportation industry relies on the notion that the industry is a global one that impacts so many other different industries around the world. The industry is fragmented with large transportation and logistical giants working alongside much smaller companies who are responsible for one short leg of a product’s long journey from raw materials to production, then from the retailer to consumer. This fragmentation provides opportunities for hackers to gain access to sensitive data.

Another piece of the focus on transportation is due to digitization within the industry. Traditionally, the transportation industry’s technology infrastructure was built on closed, proprietary systems. However, due to the increasing maintenance costs and complexity of existing systems, the change to connected systems must happen sooner than later.

In recent years, the T&L industry has been in the process of automating systems, converting information found in paper files into digital assets and using advanced analytics to discover and better understand the needs of their customers. Unfortunately, this increased digitization means more systems are online and vulnerable to attack.

Today, there is very poor cybersecurity being applied or implemented within transportation operational technologies and control systems, and many of these systems now use commercial off-the-shelf software and are internet connected through Wi-Fi and cellular networks. This means that as transportation and logistics organizations build increasingly complex and connected infrastructure, the attack surface grows and different threats that are often more sophisticated and more dangerous are revealed.

According to Cisco’s 2017 Midyear Cybersecurity Report, more than one-third of transportation industry security professionals said that advanced persistent threats (APTs) and the proliferation of “bring your own device” (BYOD) and smart devices were high security risks to their organizations. The report also revealed 59 percent of security professionals said cloud infrastructure and mobile devices are among the most challenging risks to defend against attacks.

Consider the consequences surrounding the adoption of increasingly connected and more complex transportation systems. As traffic lights, road sensors, rail or bus mass transit systems, ports and airports systems come online and become connected, hackers are increasingly able to attack not only the information technology but also the operational technology that runs signaling and control systems. In theory, cybercriminals could cause significant disruptions by shutting down public transit services, altering traffic signals or otherwise remotely operating pieces of a city’s transportation infrastructure.

Fortunately, security professionals working in the transportation sector around the globe are indeed wary of these growing threats. Unfortunately, the move away from closed, proprietary systems is forcing security pros to manage a higher number of more complex threats. In the Cisco report, 35 percent of transportation security professionals said they see thousands of daily alerts, of which only 44 percent are investigated. Worse yet, of the alerts investigated, 19 percent are deemed legitimate threats — but only 33 percent of legitimate incidents are remediated.

As cybersecurity threats continue to increase, the T&L industry will need more experienced security personnel and robust security policies and procedures in place to not only defend against attacks but also to respond and remediate after an attack. Rather than creating policies and procedures from scratch, transportation officials should leverage the best practices and reference frameworks that already exist when architecting their networks and systems in order to make them as secure as possible.

The T&L industry’s fragmentation makes determining the appropriate cybersecurity solutions more challenging than it needs to be, and because the industry also operates on low margins, extensive capital expenditure on cybersecurity is unattractive. Given these realities, the transportation industry needs a cost-effective, simple, easy and secure solution for cybersecurity that aligns with existing best practices and reference frameworks.

While many companies are working to address compliance and risk management, security programs must continue improving detection and prevention of more advanced attack situations. With critical functionalities such as engine and flight control, electronic positioning systems, chart displays, and navigation systems within aircraft and ships operating using commercial off-the-shelf software, patch management has taken on vital importance. Fortunately, solutions designed to address these realities exist. Enter Automox.

In the end, taking precautions by installing security systems, such as firewalls and detection systems for denial of services attacks and other malware, is crucial but insufficient by themselves. Adopting proactive cybersecurity risk management solutions provides an opportunity for transportation and logistics companies to differentiate themselves from their competition. Forward-thinking companies will begin to see a safer logistical offering as a competitive advantage, especially as attacks continue — and grow increasingly expensive.

About Automox

Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.

Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.

Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.

Dive deeper into this topic