It is like a scene from a movie: digitally-savvy threat actors take control of traffic lights to make their exit, creating vehicular blockades and hazards for their pursuers. Depending on the genre, it may involve explosions: many, many explosions and millions of dollars of damage in the escape.
In real life, while cyber threats to infrastructure that impact transportation may be quieter in execution, they are potentially equally expensive and damaging to economies. Perhaps if there were explosions we would see a steeper increase in response to cyber threat intelligence. At any rate, it will fall upon the transportation industry to take cyber threats more seriously in 2017.
Cyber Security Precedent
Dangerous and damaging cyber security weaknesses in transportation have already been demonstrated, not just in movies and science fiction:
- Vehicles have been remotely controlled (including turning the vehicle’s steering wheel and initiating breaks).
- Municipal trains have been hacked for ransom.
- Shipping giants have been halted.
- Entire airlines have been grounded.
The list could go on. In fact, attacks against connectivity have been on the rise. As more devices (including vehicles) join the internet of things (IoT) and efficiency efforts rely on increased automaticity, the possibility of cyber threat increases even more rapidly than the technology upon which such connective efforts rely.
The Possible Threats
It is not actually possible to list all of the potential threats against the transportation industry, but there are certain trends in an attack which can shed insight on where those threats are likely to hit. The biggest cyber security threats of all, target the communication networks themselves: satellites channels, such as LAN and cellular systems already in use. Nearly everything currently used for navigation and guidance, from aircraft and maritime vessels to automobiles and the GPS navigation systems in vehicles, rely upon satellite communications. That makes such systems an “efficient” means of attacking transportation.
Whether to reroute vehicles, hide/falsify content logs, or just generally create chaos, the digital communication means of the transportation industry provide many avenues for potential threat actors to execute their intended objectives.
Such attacks would likely be motivated by:
- Money—Ransoming goods or people have been the motivation for pirates as long as they have sailed the seven seas.
- Hiding—Smuggling goods or people across borders could also be considered a money motivation but is its own category.
- Politics—Whether independent insurgents or state-sponsored actors, political motivations have targeted people and entire nations, and transportation can be another means to generate leverage against governments.
Given the potential harm to the very fabric of society that such attacks could warrant, you would think that cyber security measures would be as great a priority as safety features against crash or fire.
The Realities Going Forward
The reality in the future of cyber security is that cyber threats will be the direct responsibility of heads of organizations, departments, and offices. Legislation in both the UK and the US, as well as some other nations, has already started moving in that direction. The idea behind such legislation is to stop the possibility of “passing the buck” to IT departments or even back to the central government itself when it comes to implementing cyber security measures.
Fortunately, another reality is that cyber threats are much more avoidable and containable than most people realize. Even the most simple measures, such as teaching employees about effective passwords and what to click or not click, can make a tremendous impact. An overall cyber security action plan, then, could be considered as basic to future health and longevity of an industry as marketing strategies. It is up to the transportation industry to make it happen.