Transport for London (TfL) has been targeted in a cyberattack. The organisation stated that there is no evidence of customer data being compromised and no current impact on TfL services.
Andrew Lintell, General Manager, EMEA at Claroty, said: “TfL is the heartbeat of London commuting. With this comes an incentive for attackers to break through the barriers and cause severe disruption or access the treasure trove of personal data that it holds.
“Like any large, complex organisation, TfL must be mindful of the gap in its cyberhygiene standards. Just like any other transport provider, it will operate a wide range of cyber-physical systems (CPS). Each one of these must be continuously monitored with visibility into all systems to quickly detect and mitigate threats.
“The UK NIS regulations are key in ensuring vital systems are protected and policies are adhered to, and it is critical the proposed upcoming reforms minimise the gap to the European NIS2 regulations. Proactive security measures for public services are a must for reliable and safe amenities.
“NIS2 calls for all businesses operating in the transport sector to improve CPS security via asset management and keeping real time inventories of what is on the network. The sector’s reliance on interconnected IT and OT technologies provides heightened risks.
“To address this, an integrated approach to security is key where there is visibility into cyber-physical systems in OT environments, as well as consistent IT security controls. Unified security governance across IT and OT is vital in building cyber-resilience.”
Andrew Brown, Software Security Expert at Propel Tech, said: “The TfL cybersecurity incident (they are currently sharing very little information about it – and rightly so) should be viewed as a sizable near miss in the realm of cybersecurity.
“It serves as a reminder for organisations in charge of mass transit, both in the UK and further afield, just how much of a lucrative target this type of infrastructure is for bad actors.
“It seems those in charge of cybersecurity at TfL have managed to get ahead of this with a rapid response, protecting both consumer data and ensuring zero disruptions to users – an impressive feat. However, just because they’ve thwarted it this time doesn’t mean they can get complacent.
“The fact that their backroom systems were targeted highlights vulnerabilities that could have had far-reaching consequences. A successful breach could have led to a disruption in service – the tube alone reached four million journeys a day at the end of last year—that could’ve brought the city to a standstill this morning, not to mention data breaches on a massive scale.
“It’s clear from the decision to ask employees to work remotely that there is still a lot of work to be done, no doubt with the support of the National Cyber Security Centre, who will be trying to establish exactly who was behind this and what their motives were.
“If anything, this incident should remind us all that robust cybersecurity measures must not only be ‘in place’ but must also be regularly checked, updated, and tested to ensure they are up to the job.
“This requires staff, resources and funding. Cybersecurity is no longer a ‘nice to have’; it is a must-have for anyone handling customer data and with the responsibility of providing services to the public, especially at the scale of TfL.”
Javvad Malik, lead security awareness advocate at KnowBe4, said: “There aren’t many details at present, but the fact that TFL was able to detect the cyberattack and initiate its incident response plans.
“It does highlight the need for ongoing vigilance, particularly for organisations which provide public and critical infrastructure.
“We also need to bear in mind that the main root causes which allow criminals to penetrate organisations is through social engineering, unpatched software, or through poor credentials. While it’s not sure how the breach at TFL occurred, it is quite likely one of these avenues would be the culprit. Emphasising the fact that organisations need to pay close attention to the fundamentals, not just from a technological perspective, but from a human and procedural aspect too and work to build a culture of security throughout.”
Mayur Upadhyaya, CEO and Co-founder at APIContext, added: “The TfL cyberattack serves as a stark reminder of the vulnerabilities inherent in complex IT systems, even those not directly exposed to the public. By targeting TfL’s backroom systems, attackers demonstrated the importance of securing all parts of an organisation’s IT infrastructure.
“TfL’s response, including the work-from-home directive and enhanced security measures, underscores the need for preparedness and contingency planning to minimise the impact of cyberincidents. Such proactive steps are crucial for maintaining operational resilience and mitigating potential damage.
“In today’s interconnected world, APIs are the lifeblood of digital operations. Securing these gateways is paramount to preventing unauthorised access and data breaches. Regular security assessments, vulnerability management and incident response planning are essential components of a robust cybersecurity strategy.
“The ever-evolving cyberthreat landscape demands a proactive approach. Organisations must continuously adapt their security measures to stay ahead of emerging threats and ensure the resilience of their critical infrastructure.”
