Cy­ber­se­cu­rity risks pose threats to trans­port in­dus­try

De­spite the cur­rent pro­jec­tion of tran­spor­ta­tion cy­ber­se­cu­rity spend­ing hit­ting $14b by 2022, the in­dus­try still re­mains vul­ner­a­ble to at­tacks.

Singapore Business Review - - CONTENTS - Genelie De Leon

As more of peo­ple’s data get recog­nised and stored dig­i­tally for a more in­tu­itive ex­pe­ri­ence, vul­ner­a­bil­ity to cy­ber­at­tacks also run high— af­fect­ing both the se­cu­rity of in­di­vid­u­als as well as the in­tegrity of op­er­a­tions of th­ese tran­spor­ta­tion ser­vices. Th­ese trans­port sys­tems are, by na­ture, com­plex and vul­ner­a­ble to cy­ber­at­tacks, ac­cord­ing to Gene Seroka, ex­ec­u­tive di­rec­tor of the port of Los An­ge­les, which han­dles goods with a to­tal value of around $1b. Seroka was part of a panel ses­sion talk­ing about the ris­ing cy­ber­se­cu­rity threats to trans­port dur­ing the In­ter­na­tional Trans­port Fo­rum in Leipzig, Ger­many in May 2018. Seroka ex­plained that his port im­ple­mented the first ever cy­ber­se­cu­rity cen­tre in the U.S. to mit­i­gate cy­ber­se­cu­rity risks that ob­serve a cy­ber­se­cu­rity threat once ev­ery eight sec­onds. He stressed that to ad­dress this is­sue, part­ner­ship be­tween the pub­lic and pri­vate sec­tors is ex­tremely im­por­tant, par­tic­u­larly in shar­ing lessons and learn­ing from the ex­pe­ri­ences of each other. De­spite the cur­rent pro­jec­tion of tran­spor­ta­tion cy­ber­se­cu­rity spend­ing in­creas­ing to around $14b by 2022 from the cur­rent $8b an­nu­ally, ac­cord­ing to ABI Re­search, the tran­spor­ta­tion in­dus­try could still be highly vul­ner­a­ble from cer­tain at­tacks. Michela Ment­ing, dig­i­tal se­cu­rity re­search di­rec­tor at ABI Re­search, noted that there is very poor cy­ber­se­cu­rity be­ing ap­plied or im­ple­mented within tran­spor­ta­tion op­er­a­tional tech­nolo­gies and con­trol sys­tems. Cy­ber­se­cu­rity threats can af­fect op­er­a­tions—both in­ter­nal and ex­ter­nal—of tran­spor­ta­tion com­pa­nies and ser­vice providers.

Solid busi­ness case This is echoed by Hen­rik Kiertzner, prin­ci­pal busi­ness so­lu­tions man­ager at SAS, when he said that ca­pa­bil­i­ties for cy­ber­at­tacks are wide­spread given that so­phis­ti­cated tools can be bought or rented eas­ily, “even for the most im­be­cile crim­i­nals.” Cy­ber­at­tacks have be­come at­trac­tive moves for crim­i­nals and states en­gaged in il­le­gal and heinous ac­tiv­i­ties, be­cause of their low in­vest­ment needs and low risks. Kiertzner said that some se­cu­rity of­fi­cers in firms of­ten face dif­fi­cul­ties in mak­ing the busi­ness case for more cy­ber­se­cu­rity, no mat­ter how enor­mous the cy­ber­se­cu­rity risks and threats are to a com­pany or in­sti­tu­tion. Stéphane Feray Beau­mont, vice pres­i­dent at Al­stom Dig­i­tal Mo­bil­ity, mean­while, em­pha­sised the im­por­tance of con­duct­ing train­ing and spread­ing aware­ness amongst rel­e­vant stake­hold­ers to be able to cre­ate the right mind­set and de­velop much-needed vig­i­lance to be alert when cy­berthreats emerge. In terms of rais­ing aware­ness and in­for­ma­tion-shar­ing, Pe­ter Kum­mer, chief in­for­ma­tion of­fi­cer at SBB or the Swiss Fed­eral Rail­ways echoed the same sen­ti­ments. He, for in­stance, had raised and in­creased the aware­ness of cy­ber­at­tacks in his com­pany, for ex­am­ple, by con­duct­ing tests to find out how em­ploy­ees re­act to phish­ing mes­sages, or du­bi­ous email mes­sages that asks peo­ple to give out their in­for­ma­tion. He noted that the re­sults of th­ese tests showed that a quar­ter of the em­ploy­ees in his com­pa­nies were will­ing to pro­vide pass­words. In terms of what can be done, Beau­mount ex­plained that reg­u­lar changes and re­fresh­ing of ac­count in­for­ma­tion are needed to keep se­cu­rity on a high level, help­ing in­sti­tu­tions dis­tin­guish cy­ber­se­cu­rity from other se­cu­rity is­sues. He rec­om­mended de­sign­ing sys­tems in such a way that cy­ber­at­tacks do not cor­rupt ev­ery­thing by hav­ing sort of a lay­ered sys­tem where trou­bleshoot­ers would be able to deal and solve is­sues with­out the whole sys­tem break­ing down. In terms of gov­ern­ments, Seroka said they could fa­cil­i­tate col­lab­o­ra­tion be­tween stake­hold­ers and con­cen­trate on ar­eas where the cy­ber­se­cu­rity threats have the largest eco­nomic and se­cu­rity im­pacts. Kiertzner noted that the most suc­cess­ful col­lab­o­ra­tions start small, fo­cus­ing on com­mon and in­ter­lock­ing in­ter­ests given that the whole trans­port sec­tor is large and di­verse, so seg­ment­ing the sec­tor would make sense.

Cy­ber­se­cu­rity threats can af­fect op­er­a­tions—both in­ter­nal and ex­ter­nal—of tran­spor­ta­tion com­pa­nies and ser­vice providers.

Panel dis­cus­sion on cy­ber­se­cu­rity threats to trans­port at the 2018 In­ter­na­tional Trans­port Fo­rum held at Leipzig, Ger­many on May 22-25, 2018.

Newspapers in English

Newspapers from Singapore

© PressReader. All rights reserved.