Cybersecurity risks pose threats to transport industry

Cybersecurity threats can affect operations of transportation companies and service providers.

The advent of an increasingly digitally connected world means that most of mankind’s day-to-day activities and transactions will most likely be serviced digitally, in one way or another—including transportation and how people will view and carry out mobility and moving from point A to point B. The digital push has seeped in the transportation sector with the likes of ride-hailing and ride-sharing platforms like Uber, Grab, and Didi Chuxing, as well as the existence of autonomous vehicles (for example, Tesla’s autopilot mode) and traffic navigation tools like Waze.

However, what comes with this transition of much of the transportation industry to the digital world and the slew and avalanche of available data that comes with it is a list of cybersecurity threats, both personal and commercial. As more of people’s data get recognised and stored digitally for a more intuitive experience, vulnerability to cyberattacks also run high—affecting both the security of individuals as well as the integrity of operations of these transportation services.

These transport systems are, by nature, complex and vulnerable to cyberattacks, according to Gene Seroka, executive director of the port of Los Angeles, which handles goods with a total value of around $1b. Seroka was part of a panel session talking about the rising cybersecurity threats to transport during the International Transport Forum in Leipzig, Germany in May 2018.

Seroka explained that his port implemented the first ever cybersecurity centre in the U.S. to mitigate cybersecurity risks that observes a cybersecurity threat once every eight seconds. He stressed that to address this issue, partnership between the public and private sectors is extremely important, particularly in sharing lessons and learning from the experiences of each other.

Despite the current projection of transportation cybersecurity spending increasing to around $14b by 2022 from the current $8b annually, according to ABI Research, the transportation industry could still be highly vulnerable from certain attacks. Michela Menting, digital security research director at ABI Research, confirmed in a separate report the threats that this rapid digitalisation that the transportation sector has been experiencing. She believes there is very poor cybersecurity being applied or implemented within transportation operational technologies and control systems. Cybersecurity threats can affect operations—both internal and external—of transportation companies and service providers.

This is echoed by Henrik Kiertzner, principal business solutions manager at SAS, when he said that capabilities for cyberattacks are widespread given that sophisticated tools can be bought or rented easily, “even for the most imbecile criminals.” Cyberattacks have become attractive moves for criminals and states engaged in illegal and heinous activities, because of their low investment needs and low risks. Kiertzner said that some security officers in firms often face difficulties in making the business case for more cybersecurity, no matter how enormous the cybersecurity risks and threats are to a company or institution.

Stéphane Feray Beaumont, vice president at Alstom Digital Mobility, meanwhile, emphasised the importance of conducting training and spreading awareness amongst relevant stakeholders to be able to create the right mindset and develop much-needed vigilance to be alert when cyberthreats emerge. He stressed what Kiertzner noted on the need for common methodologies and standards, as well as the benefits of information sharing.

In terms of raising awareness and information-sharing, Peter Kummer, chief information officer at SBB (or the Swiss federal railways) echoed the same sentiments. He, for instance, had raised and increased the awareness of cyberattacks in his company, for example, by conducting tests to find out how employees react to phishing messages, or dubious email messages that asks people to give out their information. He noted that the results of these tests showed that a quarter of the employees in his companies were willing to provide passwords. This poses a cybersecurity threat to any company because criminals at the other end of the attacks will be able to access confidential information that should have been only for the eyes and usage of company employees.

In terms of what can be done, Beaumount explained that regular changes and refreshing of account information are needed to keep security on a high level, helping institutions distinguish cybersecurity from other security issues. He recommended designing systems in such a way that cyberattacks do not corrupt everything by having sort of a layered system where troubleshooters would be able to deal and solve issues without the whole system breaking down. In terms of governments, Seroka said they could facilitate collaboration between stakeholders and concentrate on areas where the cybersecurity threats have the largest economic and security impacts. Kiertzner noted that the most successful collaborations start small, focusing on common and interlocking interests given that the whole transport sector is large and diverse, so segmenting the sector would make sense.

Another issue is the vertical integration in the transport sector, particularly in logistics such as between shipping companies and port terminals, which increases the risk of cyberattacks affecting the whole supply chain. The challenge will be to create inter-operability of systems, whilst at the same time departmentalising risks. Common standards will be needed, while a segmented approach based on security issues may be necessary.

Genelie De Leon of Singapore Business Review attended the International Transport Forum 2018 in Leipzig, Germany. The forum ran from May 22-25, 2018. .