How to Secure Transit's Critical Infrastructure

As cyberattacks on the transportation industry become more common and more brazen, companies must confront cyber-threat visibility issues in their systems

Critical Infrastructure Hack Cybersecurity

Cyber researchers have long speculated that Russian hackers are using Ukraine as a testing ground for cyberattacks on other counties. In October, they continued their assault on Ukraine with a pair of attacks—one on Odessa’s airport, another on Kiev’s metro system—aimed at paralyzing critical infrastructure. Thieves used the BadRabbit ransomware to cripple operations.

Breaches of critical infrastructure in the transportation sector can cause anything from information loss and identity theft to delays and operational disruption/paralysis. In the worst-case scenarios, they will cause deadly accidents. (Approximately 4.3 million ride the New York City subway each day. What happens if a hacker gains control of its physical systems?) Companies—facing regulation violations, lawsuits, reputational damage—are in the tough position of protecting both business interests and necessary societal functions.

What they desperately need is enterprise-wide visibility, because their cybersecurity challenges often lie in the connectivity of systems, which creates several attack vectors. Moreover, impacting one system can trigger a negative cascading effect among operational, enterprise-information, and subscribed systems (such as Internet providers, web hosts, and cloud storage services).

A security-analytics platform designed around unsupervised machine learning can process large amounts of data to spot anomalies in the behavior of users, networks, files, endpoints—and any combination therein. Imagine if security teams could even spot threats, such as several types of malware, created to be “invisible.” This is now possible.

Two ways of minimizing costs include investing in a security-analytics solution that integrates with existing technologies, and which optimizes the role of security staff with a list of prioritized threat leads. The latter is particularly crucial. In 2013, the Airports Council International-North America issued a warning that APT attacks representing a nation state were targeting dozens of U.S. airport computer systems. Today, the European Aviation Safety Agency alone reports an average of 1,000 attacks each month. And last week, a Department of Homeland Security official spoke at a cyber summit about how his team hacked an actual Boeing 757, commandeering its system.

Even budget-strapped transportation departments cannot afford to ignore cybersecurity concerns anymore. Attacks on transportation are becoming more common and more brazen. Some other noteworthy attacks in recent years:

  • In June 2015, a DDoS attack off-lined the systems for 10 planes at a Warsaw airport.
  • Hackers briefly compromised San Francisco’s Muni public-transit system in November 2016 through ransomware.
  • Chinese hackers took control of flight-information screens at two large airports in Vietnam in July 2016, in addition to compromising Vietnam Airlines’ website.
  • In June 2017, the Peyta/Not Peyta ransomware paralyzed networks at Ukraine’s international airport and Kiev’s metro, before it spread internationally.

In wake of the San Francisco metro attack, Virginia Senator Mark Warner sounded an alarm in January 2017, writing, reports the Washington Post, “that he worries Metro could fall victim to a similar attack, inconveniencing hundreds of thousands of D.C. subway riders and further imperiling the finances of the agency, which is already facing a $290 million budget shortfall.”

He has a point. Just a few days earlier, during an IT test in January 2017, the D.C. Metro lost remote access to switches (causing delays while workers found manual solutions) and allegedly lost control of ventilation fans, too. It’s all-too-clear, continues Warner, that with any attack “directed toward critical infrastructure, the impacts could be grave and far-reaching.

LEARN MORE How machine learning analytics is transformational in protecting critical infrastructure