Transportation networks are foundational to our modern way of life. The current restrictions on global movement and thecorresponding reduction in demand for travel and transportation services, while profound, are temporary. Forecasting future demand and capacity requirements is nearly impossible. But, the travel and transportation industries are part of the countrys critical infrastructure. They will return as significant contributors to global gross domestic product (GDP) and employment.
Although global demand and workforces arecurrently reduced, threat activity against industries is not. Travel and transportation companies share a common backbone of critical infrastructure and data that areattractive to malicious actors. Travel and transport providers global supply chains require theintegration of third-party vendors and present an expansive attack surface. Hence, these providers will never be immune to cyber attacks.
According to the X-Force Threat Intelligence Index 2020, IBM X-Force Incident Response and Intelligence Services (IRIS) reported that the transportation sector was the third-most attacked in 2019. This highlights the growing appeal of data and infrastructure operated by these companies. Airlines and airports are increasingly being targeted by cybercriminals and nation-state adversaries; this has continued in 2020.
For example, in February 2020, Australian transportation and logistics companyToll Group reported that systems across multiple sites and business units were encrypted by the Mailto ransomware. In response, Toll Group shut down multiple systems, impacting severalcustomer-facing applications.
The following month, the San Francisco International Airport disclosed a data breach. Reportedly, the attack was perpetrated by a state-sponsored threat group that targets organizations in critical infrastructure sectors with the objectives of reconnaissance, lateral movement and cyber espionage.
Then, on May 14, 2020, the Texas Department of Transportation (TXDoT) became part of a ransomware incident. TXDoT is responsible for air, road and railway transportation across Texas. They detected an attack after finding unauthorized entry to its network. They isolated theaffected computers from the network to block further unauthorized access, affecting operations.
Threat actors are increasingly targeting internet of things (IoT) devices, operational technology (OT) and connected industrial systems, according to the X-Force Threat Intelligence Index 2020. Industrial internet of things (IIoT) solutions promise revolutionary changes to travel and transportation operations. These solutions particularly help manage globally distributed fleets of assets increasingly connected and ubiquitous. But, these IIoT solutions also introduce new attack vectors.
Many of the technologies that enable travel and transport operations are legacy OT/industrial control systems (ICS). Some with critical, un-patched software vulnerabilities. These systems often rely on IIoT devices, which are not without vulnerabilities, for routing, positioning, tracking and navigation and to interface with public applications. If left unpatched, these vulnerabilities in connected ICS and in IIoT devices represent a very real threat.
New vulnerabilities have appeared as providers become more dependent on IIoT platforms and on data services that enable automation. In April 2020, an unspecified vulnerability in Oracle supply chain that allows an attacker to compromise the Oracle Transportation Management component was reported. Use of these platforms and services increases the potential for unauthorized access to proprietary data and critical systems. They place physical and digital assets at risk. Whether executed by financially motivated cybercriminals or state-sponsored adversaries, a successful attack on travel or transportation supply chains can have a severe cascading effect on downstream industries.
IBMs Institute for Business Value (IBV) reports IIoT cybersecurity for transportation companies Mitigating risk and building resilience and IIoT cybersecurity for travel companies Protecting travel operations, confirm the rapid adoption of IIoT technologies by travel and transport providers and their extensive application in supply chain and logistics processes. Fleet management, predictive maintenance, warehouse, inventory and location management are primary supported use cases.
These reports surveyed 300 IT and OT executives responsible for the security of their travel and transportation organizations IIoT environments. It highlights that they are apprehensive about the security of information flowing among their operational, corporate and IIoT networks. These executives also cite gateways and gateway-related connectivity as the most vulnerable IIoT components.
Survey respondents are aware that connecting systems that monitor and control physical environments to public networks, such as the internet, can introduce risks. Yet, only 29% of travel companies and 16% of transportation companies have fully evaluated these risks. This small subset of companies also have established formal IIoT cybersecurity programs to build, manage and update the tools, processes and skills required to mitigate them.
When asked to rate IIoT cybersecurity risks, travel executives rated exposure of traveler data as one of their top risks. Data breaches can be a significant financial liability, in addition to a public relations liability.
For example, a large airline was fined $230 millionin 2019 in connection with a data breach that violated the General Data Protection Regulation (GDPR). It compromising a variety of personal information, including log in, payment card, travel booking details and name and address information for 500,000 customers. The fine, which represented 1.5% of the airlines total annual revenue, remains the highest the UK Information Commissioners Office has ever levied on a company over a data breach.
According to the IBV, more than two-thirds of transportation executives rated damage to the organizations reputation and loss of public confidence as a high or very high risk. This is followed by exposure of sensitive data and endangerment of individuals safety. Operational disruptions or shutdowns and reduced visibility and control due to the complexity of IT systems being connected to OT systems are also exposed.
The June 2017 ransomware attack on a global shipping company is an example of the cascading effect of operational disruptions in the transportation industry. This attack caused almost 80 ports and terminals globally to either come to a standstill or experience significant delays. The disruption was not limited to maritime ports and container vessels. Trucks destined for inland facilities were also held up at ports. They waited for systems to come back online so they could process and receive or deliver their shipments. This interruption delayed product distribution for extended periods. The shipping company had to rebuild a significant portion of its IT infrastructure at an estimated cost of $300 million.
IIoT solutions span IT, OT and consumer technology. These systems are typically managed in silos by different teams with different areas of expertise. This makes defense against cyber attacks extremely difficult and detection of IIoT-related incidents and intrusions a real challenge. But, it is not insurmountable.
The IBV also found some travel and transportation organizations to be more cyber resilient than others. These companies have a much better grasp of the security requirements of their IIoT deployments and connected industrial control systems (ICS) in general than others. The IBVcalled them security leaders.
According to the IBV, security leaders are better at protecting their organizations from IIoT-related attacks. Where they truly differentiate is at detecting, responding to and recovering from incidents and breaches when they occur. And they do so twice as fast as other companies.
The IBV identified 10 security controls and practices. Based on Center for Internet Security (CIS) Critical Security Controls and artificial intelligence (AI)-driven practices from IBM IoT security research, these controls are instrumental to achieving this level of performance. Each of these highly-effective controls and practices relates to a security function: protection and prevention or detection, response and recovery.
The reports for travel and transportation companies include action guides to implement them as part of a three-phased approach to help improve IIoT cybersecurity postures and resilience.
1. Create a solid defensive foundation by integrating IIoT into the enterprise risk management process. Plus, incorporate IIoT cybersecurity controls and practices and their associated technologies into an overarching IIoT security strategy.
2. Practice your readiness to deal with IIoT-based incidents.
3. Enhance ICS security by leveraging the benefits that artificial intelligence and automation can offer.
The start of a defensive foundation is incorporating IIoT cybersecurity controls and practices and their associated technologies into an overarching IIoT security strategy.
Establish IIoT cybersecurity programs to define, manage and update required IIoT cybersecurity tools, processes and skills. Address IIoT-related risks as part of the broader security risk-management framework. Perform regular risk assessments. Form cross-functional security teams with representation from IT security, engineering, operations and control system and security vendors. Bolster defensive capabilities with highly effective controls. Limit access to networks and control the flow of data across them.
Focus on boundary defense; this control has the highest impact on IIoT cybersecurity performance. Use segregation strategies to keep IIoT components operating in their own zones. Or, segregate their own separate networks to mitigate the negative effects a breach of the less-trusted IIoT network could have on the more secure corporate IT network. Limit and control network ports, protocols and services. Fully understand the protocols employed by each device. Then, test IIoT devices and implement malware defenses. Build a strategy to control the installation, spread and execution of malicious code at multiple points throughout the organization.
Fully understand the protocols employed by each device. Then, test IIoT devices and implement malware defenses. Build a strategy to control the installation, spread and execution of malicious code at multiple points throughout the organization. Control the use of administrative privileges. Employees with access to critical systems often present the single greatest threat to enterprise cybersecurity, whether through ill intent or inadvertent behaviors. Take inventory ofauthorized and unauthorized assets (devices and other hardware). Unauthorized IIoT devices and networks (which are examples of shadow IIoT) operate under the radar of organizations traditional security policies, making them difficult to detect.
Flaws and security holes in IIoT devices and ICS, including SCADA systems, leave transportation companies vulnerable to botnets that spread distributed denial of service (DDoS) attack malware. Once the defensive IIoT cybersecurity foundation is in place, integrate IIoT cybersecurity into security operations while prioritizing the highly effective controls.
Incident response management (IRM) and its associated controls support an effective response to IIoT-related incidents and breaches. The IBV notes that adopting better protection and prevention practices, plus ensuring systems are securely developed and deployed are excellent starting points. But, this does not guarantee the organization wont be breached. Companies must act quickly and decisively if this occurs.
Establish, manage and test IIoT incident response plans and processes, such as:
The key is to deploy automated, adaptive security capabilities. This can be achieved by implementing highly effective AI-driven controls. According to the IBV, this step is critical because bad actors continually develop new methods for infiltrating systems. Its imperative to put automated mechanisms in place to help detect and remediate breaches since essential cybersecurity skills are often in short supply.
Here is how to implement automation detection, remediation, response and recovery.
How fast the travel and transport industries will recover from COVID-19 will largely depend upon how effectively industry leaders earn the trust of all stakeholders, including customers, employees, business partners, governments and shareholders. In addition to decisive actions to improve health safety, instilling confidence in their ability to protect sensitive data and the infrastructures that enable mobility of individuals and goods will help to accelerate trust.
See original here:
Securing Travel and Transportation Operations - Security Intelligence
Read More..