The issues of a cyberattack in the transport sector

Like all the other sectors of the economy, the transport industry is undergoing massive digitisation across the world. This opportunity to create value through modernisation is also an opportunity for hackers who have plenty of possibilities to attack transport systems and companies (from passenger transport to industrial logistics).

What types of cyberattacks transport facilities must face? How can they prepare against these attacks? Here is some advice to limit the risks of cyberattacks in the transport sector.

Numerous and edifying attacks

There are several types of cyberattacks in the transport sector. According to the report of the European Union Agency for Cybersecurity (ENISA), the main threats to the transport sector are the following:

• Ransomware attacks
• Threats related to data theft and compromise
• Malicious software
• DDoS atttacks (Distributed Denial-of-Service)
• Phishing
• Attacks on supply chain

Ransomware attacks have become the most significant threat in 2022, as it almost doubled from 13% in 2021 to 25% in 2022. These attacks often target railway IT systems, disrupting passenger services, ticketing systems and mobile applications.

Hacktivism attacks are also on the rise (accounting for a quarter of all attacks), often in response to the geopolitical environment and aimed at disrupting operations. This is what happened in Poland in August 2023, where hacktivists paralysed a large part of the Polish rail network using an analogue VHF system (with no security). They took advantage of the situation to make propaganda in favour of Russia and Vladimir Poutine.

As an example of a denial-of-service attack, a Danish railway company has suffered a DDoS attack in 2018. As a result, its ticketing system was out of service throughout the entire attack. This is an attack with minor consequences when compared to the impact of the attack on FedEx and Maersk, whose container terminals were rendered inoperable following a Trojan horse attack via NotPetya back in 2017, costing 300 millions dollars to FedEx.

As most companies don't communicate when an attack has not been clearly identified, we don't really know the extent of the damage. However, according to a report issued by IBM (IBM Security X-Force Threat Intelligence Index 2022) 10% of cyberattacks target the transport sector.

Unfortunately it is to be noticed that hackers often prevail.

And yet, companies are poorly prepared

Indeed, it is clear that there is not a global culture of cybersecurity in the transport sector. According to a study of the Mineta Transportation Institute (MTI), whereas 73% of companies from the transport sector claim that they have access to information to implement a real cybersecurity strategy, only 60% have a real response plan to cyberattacks, and almost half of them do not find their plan sufficient.

So, what is to be done? France rely on a very dynamic cybersecurity ecosystem driven by the ANSSI (French Cybersecurity Agency) and other actors such as the Cyber campus and its regional network.

Transport companies must comply to the same basic concepts as the ones of other sectors. It is impossible to guarantee unconditional security for digital operations and resilience to attacks. It is therefore important to ensure the general security of the network, including for simple access to a computer in an office on a port.

As a result, it is mandatory to implement a strong authentication system to connect. It is necessary to collect and store all actions in a reliable way (including timestamping and secure data backup). Then, it is recommended to adopt a pro-active approach on these data and analyse systematically what is out of the ordinary, even if there is no apparent cyberattack.

As for resilience, it is even easier: beyond the necessity to have a response plan, the company must be agile and must ensure multiple responses to an attack so that the latter does not paralyse completely all operations. The point is also accepting to quickly change technical and human processes across the company.

Regarding the transport sector in particular, one difficulty in terms of cybersecurity is the multiplicity of interacting systems, often managed by different entities. As a result, the attack could spread, or the system could collapse when a seemingly innocuous sub-system is shut down (for example, let’s imagine disabling alerts or blocking an access control system so that an entire infrastructure is brought to a standstill, with significant financial and human consequences). To address this issue, it is necessary to conduct a cross-disciplinary analysis of emerging systems and behaviours. It is recommended not to let each actor securing its “own garden”.

A new era is emerging, filled with challenges

The more the transport sector modernises, the more it becomes an attractive target to hackers. In dealing with this threat, companies must adopt a multidimensional approach in order to secure their operations and infrastructures.

This implies a resilience strategy, which goes beyond of simply implementing security measures. This strategy allows minimising the impact of potential attacks on operations. Besides, it is essential to evaluate risks rigorously in order to identify potential threats and establish suitable response plans.