As cargo, passenger, fare and other systems used by Australia’s transportation industry become more complex and connected, they are increasingly targeted in high stakes cyberattacks.
Consider a freight ship’s manifest that is used to track the passage of goods from one destination to another. In the age of digital connectivity, it’s possible for hackers, be they nation state or organised crime groups, to use malware and other cyber-attack methods to gain access to the manifest, and delete, alter or otherwise corrupt the information it contains.
This is just one example of how cyberattacks can disrupt transportation and bring the world to a standstill, creating an accelerated need for better visibility in Australia’s transport industry.
Bringing transport to a standstill
Late last year, we saw industrial action disrupt Australia’s ports, creating further issues in bringing cargo in and out of Australia following the pandemic’s sudden impact.
A cyberattack could do the very same thing – hacking on maritime transportation could disrupt the customs approval process or facilitate the import of illegal goods. Threat actors may also be eying a bigger target, for example by initially attacking a ship with a view to getting into the port’s management systems.
Last year, the Centre for Risk Studies at the University of Cambridge released a report titled Shen Attack: Cyber Risk in Asia Pacific Ports, outlining the potential impact of a hypothetical virus infecting cargo database records at Asia’s major ports.
Major disruptions identified included halting container traffic, the closure of key ports worldwide, and more. The economic fallout could affect all transportation industries, as well as manufacturing and other key related industries, to the tune of $110 billion.
Complex IT/OT Dynamics of the Transportation Industry
In 2019, over 61 million passengers travelled through Australian airports. Meanwhile, a typical individual cargo ship might carry 8,000 containers on one voyage. Tipping the scales at the other end, mass transit systems worldwide transport more than 53 billion people every year.
None of this could happen without a number of key systems used to manage transport operations, such as fleet, vessel and sea traffic management systems; traffic-signalling systems with road sensors and lidar; and power supply, maintenance and station control systems.
The complexity and increasingly interconnected nature of these systems, and the number of IoT devices involved, is skyrocketing. In an industry where every minute counts, transportation operators need to avoid unplanned downtime trying to identify issues as they arise.
To prevent disruption and ensure safe and secure travel, transport and logistics operators need to expand visibility into their operational technology (OT) systems and strengthen cyber resiliency.
OT is like the lesser known, but equally if not more-so important, cousin to information technology (IT) in critical and industrial environments. It monitors and detects issues on vital industrial equipment, assets, processes and events.
As the threat landscape in Australia’s transport industry broadens and escalates, it’s important that IT and OT cyber security data are merged and shared in an organisation to ensure it remains protected.
OT security skills gap in transportation systems
Unfortunately, transport-system OT security in Australia has lagged behind that of other industries and countries, resulting in a widespread lack of basic security process.
For example, in an OT environment, we often see some basic endpoint protection and maybe antivirus on servers. But some basic fundamentals are completely missing, such as the use of domain controllers for managing user authentication, no processes and procedures being in place to manage security in an OT environment, and even the same passwords being used for years.
This lack of basic security workflows leaves the hatch wide open, to the point where even an unsophisticated threat actor could gain access.
Fortunately, digitalisation is forcing security teams to shore up their OT security. The first step includes evaluating their systems and networks, understanding the potential security gaps, and agreeing on a definition of ‘being cyber-ready’.
It helps to put aside the mindset around legacy applications that have been running these systems for decades. Security teams need to embrace digital systems that provide enormous operational benefits and better information on potential security holes and incidents.
Valuable data protection and removing tunnel vision
The explosion of the number of IoT devices in Australia’s T&L systems has seen a major boost in the quantity and quality of data the industry can use to improve its services, efficiency and more.
The reliability on this data provides greater cause for the industry to up its security game, but many IoT devices have little-to-no built-in security. Further, security gaps can be unintentionally created when people commission devices and bypass proper change controls.
Gaining visibility into the OT/IoT network is key here. Strengthening security starts with knowing what’s on the network and what communication is taking place. Otherwise, there’s no way for an organisation to see where risks and vulnerabilities lie.
Once this visibility is in place, it’s important to eliminate tunnel vision, looking beyond the organisation’s own systems and into the supply chain.
This opens our periphery to backdoor threats. For example, imagine a technology supplier plugs a modem into a transport company’s control system environment to provide remote access. It ignores the OT security processes in place, and creates backdoor access to internal systems.
Enhancing visibility to the full footprint of the organisation’s systems is essential for holistic security.
Protecting digital to ensure physical movement
There are simple practices the industry can take to remain safe and secure, including awareness of cybersecurity frameworks and control systems standards, conducting knowledge-sharing workshops with IT and industry counterparts, understanding what assets need robust protection, developing an incident response plan, and using proven technology to protect the environment.
While transport very much operates in the physical, digital is still its heartbeat and nothing moves if threat actors are allowed to have their way.
Malcolm Bailie is Manager Solutions Delivery and Projects (APAC) for industrial cyber security, operational technology and IoT company Nozomi Networks