Andrew Lintell, General Manager, EMEA, at Claroty, outlines why all organisations in the transport sector must ensure they have robust security in place.
The transportation sector is one of the core industries commonly grouped under Critical National Infrastructure (CNI), being listed as essential in the NIS2 directive. The umbrella term covers a huge range of organisations, from air and rail travel to hauliers and highways.
Despite their diversity, all of these organisations are united by escalated cyberthreats. As a sector with some of the largest physical operations, and one that is heavily linked to both business and civilian operations, transport is highly vulnerable to disruption.
Against escalating threats, all organisations involved in the transport sector must ensure they have robust security in place to deliver resilience and keep their operations moving in the face of disruptive attacks.
How digitisation has increased vulnerability
Transport organisations are heavily reliant on cyber-physical systems (CPS), where digital assets are connected with physical processes. This means disruptive attacks like ransomware can have a more significant impact than other sectors, as disabling a single system can cause an entire operation to screech to a halt.
Alongside this, these cyber-physical systems can also create an expanded attack surface for threat actors to exploit.
Internet of Things (IoT) devices, for example, are widespread in the transport sector in the form of sensors, cameras and many other uses. Yet they often lack robust security features, such as proper asset classification and segmentation protocols, which can create additional vulnerabilities. The risk extends beyond individual IoT devices to encompass the entire Extended Internet of Things (XIoT), which includes Industrial Control Systems (ICS), Operational Technology (OT), Industrial IoT (IIoT) and building management systems (BMS).
The push for connectivity and digitisation has amplified these vulnerabilities within the sector. Passengers expect real-time updates on transport services for example, and hauliers need to be able to monitor their fleets, necessitating continuous online connectivity. Additionally, vendors need access to OT, IoT and IIoT systems to monitor and maintain operations, but integration into the cloud for real-time analytics further exposes these systems to attackers.
Traditionally, OT systems were manually focused and isolated from IT networks and the Internet. Digital integration has enabled better efficiency through automation and remote access, but also exposed these systems to a connected environment they were never designed for. OT systems are rarely compatible with standard IT management and security solutions, making it even more difficult to identify threats.
The growing prevalence of ransomware attacks has affected both IT and OT environments and increased the need for thorough visibility across all CPS. This visibility is crucial for quickly detecting and mitigating breaches, safeguarding the future of transport operations.
Crucial need for enhanced visibility
The lack of visibility into industrial networks compounds the challenge of managing system failures. A simple issue like a power outage or a CCTV breakdown could have multiple implications such as a technical glitch needing routine maintenance, a cybersecurity threat warranting investigation, or even potential vandalism requiring police attention. For transport operators to manage these issues effectively while adhering to strict international Safety Integrity Level (SIL) standards, comprehensive visibility and control over their networks are essential.
As many transport organisations fall under the CNI umbrella, they frequently need to guarantee constant uptime. For example, a cyberattack leading to a prolonged national transport disruption would have wide-ranging effects, not just on daily commutes but also on the wider economy. Furthermore, as transactions for tickets and services increasingly move online, transport entities manage vast quantities of sensitive financial information. A breach could therefore not only disrupt operations but also lead to significant financial theft and reputational damage, affecting customer trust and loyalty.
The sector must also prioritise the safety of both passengers and cargo, mandating compliance with SIL standards tailored to the safety risks of each system or component. Any third-party equipment, including cybersecurity solutions, integrated into the network must operate independently from critical safety systems or mesh seamlessly without recertification.
This environment underscores the critical need for robust security measures that move from a reactive to a proactive defence posture. Anticipating rather than just responding to cyberattacks is vital for ensuring resilience and safety in the transport industry.
Path to sustainable cybersecurity practices
The EU is looking to tackle the threat to transport with the updated Network and Information Systems (NIS) directive, which set out cybersecurity requirements for essential and important services. The updates aim to keep legislation aligned with current technologies and enhance the overall resilience of crucial infrastructure against cyberthreats.
Whether an organisation has EU operations bound by the NIS2 directive or not, all businesses operating in the transport field need to proactively improve their ability to manage and secure CPS.
Key capabilities include:
1. Asset Management: Managing assets efficiently is key to maintaining operational resilience. Yet, the transport sector’s unique challenge is using industrial assets with proprietary protocols, which are often incompatible with standard inventory tools. Organisations need a robust system that supports these proprietary protocols with continuous monitoring and analysis capabilities, alerting them to asset changes and optimising workflows through enhanced reporting and integrations.
2. Network Protection: Implementing Zero Trust controls such as network segmentation and secure access is essential. Transport organisations require systems that can recommend and automatically enforce tailored segmentation policies. Such systems should facilitate continuous monitoring to detect deviations in how assets communicate, enabling proactive responses to potential policy violations.
3. Vulnerability and Risk Management: Identifying a vulnerability is the initial step; assessing its context and potential impact is critical for effective risk management. Given the high cost of downtime, the transport sector requires a dedicated cybersecurity solution that precisely matches assets to known vulnerabilities and analyses risk scenarios to prioritise remediation efforts based on both severity and likelihood of exploitation.
4. Threat Detection: Even with strong preventive measures, the complexity of cyber-physical systems means breaches can still occur. Thus, transport organisations require advanced security solutions equipped with multiple detection engines that understand and adapt to the unique behaviours of their network’s assets. These systems should integrate seamlessly with existing technologies, bridging gaps in IT-OT security expertise.
The transport sector’s reliance on connected technologies comes with heightened security risks that cannot be overlooked. By transitioning from reactive to proactive security practices, transport organisations can better protect against cyberthreats, ensuring the safety and reliability of services critical to daily operations and the broader economy. These organisations must have an integrated approach to cybersecurity to stay ahead of potential threats and maintain the trust of their customers and the public.