As digitalization flows through every major industry in the world, the need for visibility into the devices operating on the network – including IT, OT and IoT assets – has never been greater.
And as cargo, passenger, fare and other systems used by the transportation industry become more complex and connected, they are increasingly targeted in high stakes cyberattacks.
Take for example a cargo ship’s manifest that is used to track the passage of products from one destination to another. In this age of digital connections, it’s now possible for threat actors to use malware to gain access to the manifest, and delete, alter or otherwise corrupt the information it contains.
This is just one example of how cyberattacks can disrupt maritime transportation. Let’s take a look at a few others.
Cyberattacks on Maritime Transportation Can Bring the Industry to a Standstill
A cyberattack on maritime transportation could disrupt the customs approval process, or facilitate the import of illegal goods. Threat actors may also have a bigger target in their sights if a virus is able jump from, say, the ship’s cargo management software to the destination port’s management systems.
Last year, the Center for Risk Studies at the University of Cambridge published a report titled “Shen attack: Cyber risk in Asia Pacific ports.” It outlines the potential impact of a hypothetical virus infecting cargo database records at Asia’s major ports.
Disruptions included halting container traffic, the closure of key ports which could bring the global maritime supply chain and cruise ship industry to a standstill, and much more. The economic fallout, affecting the transportation, aviation, aerospace and manufacturing sectors in particular, was estimated at $110 billion.1
Sound far-fetched? It isn’t.
Complex IT/OT Dynamics of the Transportation Industry
Individual cargo ships carry 8,000 containers on a single voyage, while mass transit systems transport over 53 billion riders each year. Before the global pandemic, over 8.8 billion passengers flowed through airports around the world.
Here are some examples of the systems used to manage transportation operations:
- Maritime shipping: fleet, vessel and sea traffic management systems
- Roadways: Traffic signaling systems containing road sensors and lidar
- Highway tunnels: lighting, heat sensing and ventilation systems
- Railways: traffic planning, power supply, maintenance and station control systems
The complexity of these systems, and the number of IoT devices involved, is skyrocketing. To prevent disruption, and ensure safety and security, transportation and logistics operators need to expand visibility into their OT systems, and strengthen their cyber resiliency.
Unplanned downtime in any of these environments would have a serious impact on the processing of people and products. In an industry where every minute counts, transportation operators can lose valuable time trying to locate, understand and address any issues that arise.
As you’ve likely heard, information technology (IT) is quickly converging with operational technology (OT) across all subsectors of the transportation industry. This makes perfect sense because OT data, once completely segregated from pretty much everything, can be merged with IT data, and shared throughout the organization to provide richer insight and decision- making.
Unfortunately, most OT security teams don’t have the tools, skills, or resources needed to manage IT/OT cross-pollinated environments. So, they’re getting hit by a freight train of new requirements and needs. While IT has been managing sophisticated security programs for a long period of time and has a higher level of security expertise, it isn’t armed with effective tools either.
OT Security Processes Lacking in Transportation Systems
Transportation system OT security has lagged behind that of other industries for some time. The result in many cases is a lack of basic security processes.
For example, in a segregated OT environment, we typically see some endpoint protection and maybe antivirus on servers. But one of the basics not being implemented is the use of domain controllers for authentication of users on servers and workstations. On top of that, there are often no processes in place to manage that type of environment. We also see the same passwords used for initial system commissioning years ago still in use, and when employees or contractors leave the organization, their accounts aren’t being deleted.
This lack of basic security workflows leaves the door wide open, to the point where even an unsophisticated threat actor could hack in.
All Four of the World’s Largest Maritime Shipping Operators Have Been Targeted by Cyber Attacks
In 2017, an integrated logistics provider was targeted by NotPetya ransomware. Impacts included shutdown of the cargo terminal, damage to equipment and an estimated $300M in lost revenue. Between 2018 and 2020, three other companies were also hit by malware or ransomware, impacting booking systems, data centers and other shore-based networks.2
The good news is that digitalization is forcing OT security teams to shore up their side of the fence. The first step includes evaluating their systems and networks, understanding the potential security gaps, and what agreeing on what it means to be cyber-ready. It helps to put aside the mindset around legacy applications that have been running these systems for decades. Security teams need to embrace digital systems that provide enormous operational benefits… along with an increased level of potential security holes and incidents.
Lots of Valuable Data, Little Protection
Thanks to an explosion in the number of Internet of Things (IoT) devices in transportation and logistics systems, organizations are getting a boost in the quantity and quality of sensor data generated. Unfortunately, we’re seeing that many of the IoT devices being used have little if any built-in security. Also, security gaps are often unintentionally created when people commission devices and bypass proper change controls.
So not only do OT folks have to worry about the expanding attack surface, they also have to worry about IoT devices and vendors introducing potential zero-day exploits into their OT environment.
Gaining visibility into the OT/IoT network is key. Strengthening security starts with knowing what’s on the network and what communication is taking place. Otherwise, there’s no way for an organization to see where vulnerabilities and risks lie.
Eliminating IT/OT/IoT Tunnel Vision
Once you have visibility across IT, OT and IoT, you can see which devices are trying to access the internet. Eliminating tunnel vision allows you to see potential backdoors where attackers can gain access to wreak damage.
Here’s a perfect example of a backdoor: a vendor plugs a modem into an organization’s control system environment to provide remote access. This was done to eliminate travel to the site for commissioning, preventative maintenance or incident management. Unfortunately, devices like modems are often forgotten, and end up being left open, creating backdoor access to internal systems.
Visibility provides insight into the environment and helps the security team understand what’s occurring at all times. Lateral movement visibility helps them detect and expose any anomalies within their environment, and respond in real-time rather than finding out about a problem days later.
Transportation systems are becoming increasingly complex, but visibility can provide insight into what was once the control system’s blackbox.
OT/IoT Security Best Practices
Here are a few best practices that can increase the maturity of your OT security program:
- Become familiar with cybersecurity frameworks such as NIST CSF, and industrial automation and control systems standards such as IEC 62443.
- Conduct workshops with your IT counterparts to learn and build on their knowledge base.
- Understand what OT assets and networks need robust protection.
- Develop and test an incident response plan.
- Don’t reinvent the wheel – use a proven visibility and security tool like that offered by Nozomi Networks to protect your OT/IoT environments.
Reducing the Risk of Cyberattacks on the Transportation Industry
Nozomi Networks helps transportation asset owners – those operating maritime, airport, bus, rail, highways and other networks, accelerate their pace of digital transformation.
Our solution unifies visibility and threat detection across OT, IoT, IT and cyber-physical systems and automates the hard work of inventorying, visualizing and monitoring Intelligent Transportation Systems (ITS) control networks.
If you’d like to learn how to reduce the risk of cyberattacks targeting your transportation or logistics operations, please take a look at the industry brief below, and register for our upcoming webinar.