Story by Bill Haber / May 28, 2021
Bill Haber | CO-Founder
When thinking about cyber exposures, several industries come to mind long before transportation. Healthcare, Financial Services, and Retail are some, to name a few. So why then is the transportation industry ranked third in security vulnerability according to a recent whitepaper? Could the threat of losing drivers’ licenses or social security numbers really be that significant? Is it really more than that?
The answer is a definitive YES.
The real risks we are seeing exist in Operations. When you look at how it’s becoming dependent on so many newly deployed technologies, most basic business processes risk exposure to security incidents (i.e. data theft, ransomware) which could severely interrupt business, and render companies paralyzed.
One of the fundamental changes in the industry boils down to the ability to track vehicles. With the advent of GPS tracking, companies monitor their own transportation networks to track the position of goods in transit, vehicle pace, and likely delay, and to identify potential delays through traffic and routing variables. Additionally, some logistics organizations use RFID and barcoding technologies to track the loading and movement of goods within warehouses and transfer points. Increased use of robotics with control systems often consumes the data sets these technologies use. Since these intelligent devices share data and communicate with other systems, they have the same vulnerabilities as other IoT devices that span password compromise to unauthorized access, and more.
It’s not difficult to imagine the impact of players in the transportation business large and small businesses being compromised. Imagine what could happen if a device that controls information about fuel delivery is sent to a location where it can be used to escalate an attack on a stadium, passenger terminal, or airport. Think about where a truck may be sent with its cargo, a plane or a ship may be docked, based on misinformation caused by bad actors. These incidents can be motivated by attacks, protests, or spreading chaos, panic, and inconvenience. Even the x-ray systems used in these locations have become intelligent, and subject to the same hactivity. All impact timely operation, and all spell loss.
The insurance needs around Cyberextortion and Business Interruption are growing fast. The incidents described above amount to delay, loss of goods, destruction of property, expiration of perishables, and more.
Although this can be tough to keep up with, we see new technology constantly to mitigate risk and prevent these vulnerabilities from being exploited. SIEM systems broaden threat monitoring regularly, endpoint detection and response systems take the fight to a granular level, and machine learning and Artificial intelligence applications continue to focus on looking for behavior that indicates an imminent cyber-attack using the latest unknown or zero-day attack.
Transportation companies need to step up and prepare themselves proactively, becoming early adopters of technologies to guard the payload, their operations lifecycle and the control over smart devices. Get on the front foot with an independent risk assessment, and putting the right risk management strategies and protections in place to respond to an incident.