While the technology is everywhere, so are security threats, and even the
transportation industry isn’t free of them.
For example, weekly ransomware attacks in transportation
increased by 186%
between June 2020 and June 2021.
This number will continue to rise. This is because transportation companies
don’t use qualified teams to handle data security. This article will go
through some of the security threats of the industry and how to solve them.
Security Threats in the Transportation Industry
Let’s look at some hazards the transportation industry is facing today.
IT and OT Convergence
When it comes to information technology (IT) and operational technology (OT),
there are a lot of terms that get thrown around. But what does it all mean?
In a nutshell,
- IT convergence refers to the integration of information technology systems.
while OT convergence refers to the integration of operational technology
While the two terms are often used interchangeably, there is a big difference
between the two. IT systems are designed to support business processes, while
OT systems are designed to control physical processes. As businesses
increasingly rely on digital technologies, the line between IT and OT is
However, the two disciplines still have very different priorities and goals.
As a result, many organizations are finding that IT and OT convergence is
essential for achieving their business objectives.
Interestingly, the major threat in the transportation industry is due to IT/OT
Information technology controls data-related computing. Operational technology
is hardware or software that monitors physical processes. OT security is only
for securing physical assets and devices.
Both systems are important in transportation. Yet, mixing them together could
cause security problems. Companies are mixing them a lot because companies are
trying to save costs.
A quick solution to most IT/OT problems is to
learn more about OT security
and the best practices for OT/ICS cyber security. By understanding the unique
risks associated with OT systems, organizations can implement the necessary
controls to protect their operations.
Additionally, by sharing information and working collaboratively, IT and OT
professionals can ensure that their networks are secure and resilient in the
face of evolving threats.
Let us look at a few examples:
are cars that can connect to the internet. They can download updates, share
data with other cars and drive themselves. You can control connected cars with
your phone and check if there is fuel or the car lock is on.
While this is great, it opens them to many risks.
For example, hackers can enter connected car systems, steal important data or
control the vehicle. This happened in 2015 during a connected car test.
Researchers hacked a moving car and controlled the brakes, accelerators, and
windshield wipers. What’s more, they did it from a computer 10 miles away!
One of the most serious is the possibility that hackers could gain control of
a car’s systems and use it to cause accidents or otherwise endanger
passengers. In addition, connected cars generate large amounts of data that
could be used to track people’s movements or exploit their privacy.
As the connected car revolution continues to gather speed, it is essential to
address these concerns in order to ensure that this transformative technology
does not also create new dangers. Fortunately, OT security works to protect
physical assets like these cars even when their IT fails.
Safety at Sea
Maritime transportation is the most important in the world. In 2019,
up to 90% of all goods
were transported worldwide on water. Thus, an attack on maritime
transportation could mean the destruction of livelihoods.
Usually, cyber attacks are not common in maritime. However, due to the
increased use of IT/OT systems, they are now more common than ever.
During the Hack The Sea challenge of 2021, it took teams less than 14 hours to
hack the ship’s navigation system. Also, these teams could take control of
other systems like the steering and throttle.
Rail Transportation Attack
Rail transportation has been a reliable form of transportation for hundreds of
years. They are cheap and can carry large loads. Unfortunately, in recent
times, they have been open to attacks.
For example, in 2018, experts found that 86% of 1,000 hardware devices
supplied to San Fransisco’s Rapid Transit system were compromised. They
contained hidden backdoors that could be used to transfer data. These
backdoors could send data to America’s enemies.
Also, in March 2022, an Italian state had to suspend rail activities due to
Rail transportation systems are extremely complex, with many physical and
programmed assets that must work together seamlessly. Unfortunately, this
complexity also makes the system vulnerable to breaches.
An OT breach can occur when one of the subsystems is compromised, for example
by a hacker. This can cause disruptions to the entire system, including delays
and cancellations. In extreme cases, it can even lead to accidents. Therefore,
it is essential for rail companies to invest in security measures that can
protect their systems from these kinds of threats.
Attacks on Trucks
Trucking companies use software to make their operations better. Yet, since
this industry is so old, they don’t focus on cyber security. Unfortunately,
this makes it a likely victim.
Hackers can get important information about goods and personal data on workers
from the software. For example, in 2018, there was a
ransomware attack on Bay & Bay Transportation. This attack locked up the system is used to manage its fleet.
Cyber Attacks on Airplanes
In recent years, there has been an increase in the number of cyber attacks on
airplanes. Unlike other cyber threats, this one is the most critical because
it can not only cost information, but also thousands of lives.
The most recent example of this was the
on United Airlines Flight 93 on September 11, 2001. The attack was perpetrated
by al-Qaeda operatives who used laptops to gain control of the plane and
redirect it into a field in Pennsylvania.
While no lives were lost in that particular incident, it is clear that cyber
attacks on airplanes have the potential to be incredibly dangerous. In order
to prevent future attacks, it is essential that airplane security protocols be
updated to account for the threat of cyber terrorism.
This may include adding strengthened firewalls and encryption systems, as well
as conducting regular security audits. Only by taking these precautions can we
hope to protect ourselves from this growing threat.
On an IT level, cyber attacks on airplanes can be very deadly too, as the
EasyJet cyber attack has shown. EasyJet lost 9 million customer email
addresses to hackers in 2020. They also lost the credit card information of
and the hit from COVID caused the company to lose 45% of its share value that
Apart from attacks on airline systems, hackers could also attack the private
computers of passengers on a flight. This happens if a passenger connects to
the WiFi. Connecting to the cabin WiFi gives hackers access to data on the
airline. Hackers could also attack other passengers’ devices and get their
Solutions to Cyber Security Threats in Transportation
There are many steps companies can take to deal with security threats. Let’s
go through some of them:
Security assessment recognizes the foremost assets like laptops, computers,
saved data and etc and the next step is to identify the various cyber security
threats this can pertain. Companies can do risk assessment tests on their
systems before releasing them. For example, paid hackers can try to break in
and see every system’s weakness.
All devices should be scrutinized thoroughly for any entry points that might
be vulnerable to hacking.
Companies should create good central management and monitoring devices for
their systems. These devices can help detect unknown changes or attempted
breaches. In addition, monitoring your system to see how it works is a good
first step in dealing with cyber security threats.
Have security responders that are armed with the right data and understanding
of how the system works. These security responders should understand the
difference between IT networks and OT networks.
They should also have access to API integrations that make it possible to
share data between themselves. This data should include information on asset
management, as discussed above.
Finally, security responders should have a stored backup of known secure
configurations for easy access.
Keep Some Distance Between IT and OT
Don’t be in a rush to modernize OT systems when you can’t protect them. For
example, the transportation industry is headed towards IT/OT convergence, but
if it’s done too soon, we won’t be able to protect it from evil elements.
For now, we must keep some distance between IT and OT. At least until we know
what it takes to handle the convergence.
The transportation industry is a high-profile target for criminals and
terrorists. The industry has made great strides in improving security, but
there are still many vulnerabilities. Criminals and terrorists use a variety
of tactics to exploit these vulnerabilities.
The transportation industry must continually improve its security measures to
stay ahead of criminals and terrorists. Thanks to some of the tips shared in
this article, companies can ensure the safety of their systems and continue to
serve their customers and communities in the best way possible.