TRANSPORTATION CYBERSECURITY

ACID Technologies helps transportation operators protect themselves by detecting the first signs of an impending cyberattack – as early as in its planning stage, and providing real-time, detailed alerts that enable the targeted operators to implement effective preventive measures

The importance of cybersecurity in the transportation industry

The transportation industry covers multiple sectors – aviation, maritime transportation, railways and road vehicles. Its purpose is to efficiently and safely transport passengers and goods both domestically and internationally. The increasing dependence of this critical industry on interconnected digitized systems amplifies its risks from cyberattacks.

Transportation Cybersecurity

In her opening remarks at a Senate Environment and Public Works (EPW) Committee held in July 2021 to discuss cybersecurity threats, Ranking Member US Senator Shelley Moore Capito said the following concerning threats to the transportation sector specifically: “Our roads and bridges, vehicles and infrastructure are becoming more connected and smarter. It opens our transportation system up to vulnerabilities that didn’t exist in the past.” She also announced a new law and requirements aimed to protect transportation systems from cyberattacks.

In the report titled “Aligning the Transit Industry and Their Vendors in the Face of Increasing Cyber Risk: Recommendations for Identifying and Addressing Cybersecurity Challenges” released by the Mineta Transportation Institute (MTI) in mid-2022, the Institute explains that “U.S. public transit agencies are highly dependent on the services of vendors to help deliver and maintain critical technologies linked to everything they do. The vendor’s cybersecurity posture (the strength of their controls and protocols)—whether immature or advanced – is shared with their clients, and this leaves transit agencies of all sizes vulnerable to cyber incidents.” It adds that “the hardware and software lifecycles in public transit are out of sync, creating a situation in which vehicles and other hardware designed to last for 15 years or more are being supported by or carrying software that stopped receiving security updates, which creates serious vulnerabilities.”

186% increase in weekly cyberattacks on transit systems from mid-2021 to mid-2022
((Roads and Bridges, USA)

Connected vehicles produce up to 25 GB of data every hour
(Uswitch)

Former Assistant Director at the US Cybersecurity and Infrastructure Security Agency Bob Kolasky spoke of an additional threat: “some evidence from [US] government sources that nation-states and associated criminal organizations target lifeline [transportation] infrastructure for cyberattacks more than other industries because these industries are strategically important to national security and the economy.”

The risks identified in this report are, of course, applicable to the transportation industry in other countries as well.

The vulnerabilities highlighting the need for cybersecurity for the transportation sector

Prof. Scott Belcher, one of the authors of the above-mentioned Mineta Transportation Institute report, warned: “The more entry points, the greater the vulnerability… Criminals are looking to get access to operational data, personal data and financial data. Each of those data sets gives them leverage… Going forward we will also have to be concerned about criminals taking control of vehicles and putting passengers at risk.”

Roads and Bridges, which reviewed the report, explained that “as the industry is integrating with micromobility, exploring the use of autonomous vehicles, upgrading systems to contactless ticketing, onboard Wi-Fi, and other improvements, the entry points for outside interference keep growing.” It added that from mid-2020 to mid-2022 weekly ransomware attacks on transit systems increased by 186%.

Connected vehicles face threats of their own. A Uswitch study reveals that a standard connected car has about 100 million lines of code, as compared to about 6.5 million for a Boeing 787 jet. Connected cars produce up to 25 GB of data every hour, including information about the driver, the vehicle and passengers. It adds that it is expected that 100% of new cars registered in the UK will be connected by 2026. While the thought of hackers gaining control of vehicles is terrifying, experts believe that their main intent will remain to steal data.

Some cyberattacks that could have potentially been foiled with ACID’s cybersecurity solution for the transportation industry

  • SAS Airlines: In February 2023, the Scandinavian airline SAS reported that its website and app had been attacked. According to the new agency TT, those who tried logging into the app were directed to accounts of other SAS customers, whose personal details they were exposed to.
  • Air France and KLM: In January 2023, Air France and KLM notified their Flying Blue loyalty program customers that their account information might have been exposed: names, phone numbers, email addresses, account numbers and mileage balances. Such information is helpful to criminals committing identity theft.
  • Hellman Worldwide Logistics: The German firm, which offers airfreight, sea freight, road and rail, and contract logistics services, admitted to having been impacted by a phishing attack in December 2022. As reported by Cybersecurity Guide, a result of the attack it was forced to stop taking new bookings for several days, disconnected its data centers around the world and shut down some of its systems to limit the spread. The extent of the loss of revenue resulting from this attack has not been disclosed.
  • Danish State Railways: In November 2022, a cyberattack caused a shutdown of railway operation for a number of hours.
  • Wabtec Corporation: The US rail and locomotive company’s operations in the USA, Canada, the UK and Brazil were impacted in a ransomware attack that the corporation detected in June 2022.
  • Go-Ahead: London’s biggest bus operator, and one of the largest bus services providers in the UK, was targeted in a cyberattack in September 2022, which affected some of its back-office systems.
  • New York Metropolitan Transportation Authority (MTA): The MTA, North America’s largest transportation network, which carries more than 11 million passengers each weekday, sustained a cyberattack in June 2021. According to Cybersecurity Guide, this attack is suspected of being a sophisticated cyber-espionage campaign launched by Chinese threat actors who had exploited a zero-day vulnerability in a remote access product from Pulse Connect Secure to infiltrate the MTA’s network. The attackers were able to achieve persistence on three of the MTA’s 18 computer systems for several days. The MTA insists that no customer data was stolen and that the attackers did not tamper with critical systems, further substantiating the likelihood of espionage as the motive. It was suspected at the time that this attack may have been only exploratory, in preparation for an even larger attack that could bring transportation to a virtual standstill in the northeast USA. 
  • ATC Transportation: The servers of the US company ATC Transportation, which provides equipment and support services to logistics companies involved in transportation, distribution and warehousing, were infected with malware in March 2021, apparently to facilitate a ransomware attack. Cybersecurity Guide reported that in addition to encrypting critical data to hold for ransom, they potentially obtained personal information of current and former employees and job applicants, including names, Social Security numbers, and DOT required drug test results.
  • Matson: The shipping giant (an annual revenue of about US$ 2 billion), which provides cargo ship service to much of the world, sustained a ransomware attack in October 2020. Cybersecurity Guide reported that the cybercriminals claimed to have stolen a terabyte of data. They then encrypted it and threatened to post it on the dark web if the ransom was not paid.
  • Maersk: The cyberattack that impacted the giant shipping container firm Maersk in June 2017 is considered particularly severe. Cybersecurity Guide reported that the attack affected all the company’s business units, including container shipping, port and tugboat operations, oil and gas production, drilling services, and oil tankers. The cybercriminals who had perpetrated the ransomware attack on Maersk demanded payment of US$ 300 in bitcoin in exchange for access to the hacked data. The company’s CEO stated that as a consequence of the attack, business volumes were negatively affected for a couple of weeks in July, and added that the cyber-attack is expected to impact results negatively by US$200 – US$300 million.

Some other cyberattacks which took place in December 2022 alone (partial list), in other countries, targeted:

  • The port of Lisbon, Portugal
  • The mass transit company SP Trans in São Paulo, Brazil
  • The railroad company ÖBB in Austria
  • The mass transit company Companhia Paulista de Trens Metropolitanos (CPTM) in São Paulo, Brazil
  • A logistics company, Mayer & Mayer, in Germany
  • The provider of maritime systems Voyager Worldwide in Singapore

ACID provides cost-effective cybersecurity for the transportation industry

ACID offers an exceptionally cost-effective solution for the transportation industry: It deploys clusters of bots and implements advanced AI algorithms in order to detect the first hint of an attack in the clear, deep and dark web, as well as in multiple other sources, as early as in its initial planning phase. Once such an intent is detected, ACID alerts the targeted company in real time, providing all the available information – including screenshots of threats detected on the dark web and deep web, which the company may be reluctant or incapable of accessing itself. ACID continues to monitor the sources, using client-specific keywords in several languages, and provides updates with any additional data as it becomes available. While ACID continuously monitors a great number of sources, if the company wishes to include additional ones in the search, ACID swiftly does so.

The real time alerts provided by ACID at the first sign of an attack, and the subsequent updates with additional information as it becomes available, enable the IT teams of the targeted company to prepare and implement countermeasures that will mitigate the impact of the attack, or possibly thwart it altogether. Players in the transportation sector are thus supported in avoiding the theft of sensitive data and costly ransom payments, and in maintaining their business continuity and reputation.