04 Sep Trouble ahead for transport
Jon Hill, Account Executive, Transport & Public Safety at Genetec looks at how we should be taking a proactive approach to safeguarding both cyber and physical security for transport.
The transport industry has a difficult history of cyberattacks. When NotPetya was unleashed in 2017, the malicious software wreaked havoc on critical infrastructures, including those of TNTExpress and the Maersk Group. The Maersk Group alone suffered immense financial losses, estimated to be between US$200- 300 million. Container terminals came to a grinding halt, causing significant disruption to global supply chains. Worryingly, all the signs point to similar trouble ahead. ENISA, the European Union Agency for Cybersecurity, recently conducted its first analysis of the cyber threat landscape for the transport sector.
It reports ransomware attacks are steadily increasing and have become a prominent threat to the sector. It also observes that those responsible are increasingly acting not just for monetary gain. State-sponsored actors, cybercriminals and politically motivated ‘hacktivists’ activity are all behind ransomware and DDoS attacks geared towards disrupting operations. Airports, railways and transport authorities are the main targets for DDoS attacks, with aviation also at particular risk of attacks targeting passenger information and the proprietary information of OEMs. Its findings are very pertinent to the Middle East which has experienced state-sponsored cyberattacks on critical infrastructure such as utilities, oil and gas, and transport hubs. A proactive stance is needed The legacy of high-profile incidents, and the expansion of attack surfaces in the transport sector, highlight the critical importance of taking a proactive stance in collectively safeguarding cyber and physical security. In today’s rapidly evolving threat landscape, the two cannot be separated. And waiting for attacks to occur before taking action is a recipe for failure. The transportation industry must recognise the need to be ahead of the curve, anticipating and mitigating potential risks before they materialise. Airline, railway, maritime and logistics companies must make security a top priority. This entails the development and implementation of robust security measures across all aspects of operations. From the underlying IT infrastructure and network systems to passenger-facing applications and critical control systems, every element of the transportation ecosystem should be fortified against potential threats.
An overlooked avenue for cyber attack
When asked to consider vulnerabilities related to the improper management of physical security devices, most people understandably think about risks to people’s physical safety. For example, somebody being able to remotely stop the video feed from a camera, open or lock a door, or disrupt critical building systems. These are certainly valid, but most cyberattacks are not intended to compromise the physical safety of people or property. Instead, these attacks target applications, files and data managed by IT. It is an open secret that hackers are successfully targeting video surveillance cameras and other IoT devices to launch cyberattacks. An attack that originates in a camera can find its way through the network to block access to critical applications, lock and hold files for ransom or steal the personal data of employees, students, program clients and residents.
For example, the Mirai botnet continues to disrupt systems and networks by attacking them through internet-connected devices, including cameras. To find vulnerable devices, the botnet had previously relied on trying to log in with factory-default usernames and passwords. This has now evolved to exploit unpatched vulnerabilities. An analysis by Genetec concluded that too many security cameras offered this opening for attack. According to its study, nearly seven in 10 cameras had out-of-date firmware.
This conclusion is gradually becoming realised within IT organisations because of two issues that have become clearer and more compelling. Firstly, the increasing crossover of network attacks from internet-connected security cameras gives attackers easy network entry and IT has limited visibility until after the fact. And secondly, the rising volume and disruption of cyberattacks inherently increase the risk level of any network-connected device that is not adequately secured.
Cybersecurity risks in physical security systems
Many transportation companies still rely on outdated models of security cameras and door controllers, often delaying their replacement until absolutely necessary, or until the initial capital investment has been fully recovered. However, these older devices, particularly cameras, pose significant cyber risks due to their limited security capabilities. This concern has prompted many governments to plan for the upgrade of their fixed surveillance systems in the near future, recognising the need to mitigate potential vulnerabilities. Hackers are well aware that certain cameras are easy to compromise, serving as convenient entry points into connected networks. Several factors contribute to the ease of breaching cameras:
Outdated network design: Historically,
the physical security industry did not
prioritise cybersecurity, resulting in a
lag in integrating advanced features and
technologies. These devices were typically
connected in closed network designs that
did not account for the higher security
demands of the internet, WiFi, or cellular
connections.
Inadequate maintenance:
Cybersecurity best practices, such as
regularly changing passwords are not
always incorporated into physical security
management. Many ageing physical
security devices no longer receive
firmware updates from manufacturers,
leaving them susceptible to known
vulnerabilities.
Knowledge gap: The retirement or
the departure of employees responsible
for installing and managing physical
security systems can create a knowledge
gap regarding device configurations and
maintenance.
Vulnerable devices: Certain cameras
manufactured by specific Chinese
companies have been identified as posing
a significant cyber risk. Governments
worldwide are increasingly discouraging
the use of products from these vendors,
citing ethical concerns and potential trust
and security vulnerabilities. In various
countries, including the UK and North
America, restrictions have been imposed
on high-risk video surveillance equipment
manufacturers due to questionable ethical
practices and cybersecurity issues.
By proactively addressing these challenges and taking steps to identify and mitigate potential risks, transportation organisations can strengthen their cybersecurity posture and reduce the likelihood of successful cyberattacks. Upgrading outdated security devices, implementing robust maintenance practices and prioritising cybersecurity measures are critical to safeguarding the integrity and resilience of transportation systems.
Improving the cybersecurity of physical security
An integrated security team can produce an effective review of needed cybersecurity improvements across physical security devices and systems. This review should include several key areas of focus. Improve security monitoring. Ensure all network-connected physical security devices are monitored and managed by the IT tools for network and security management. Also, check for features in the video management system (VMS) and access control system (ACS) that provide alerts or data for use by IT’s network and security monitoring tools. Strengthen protection measures. Look for ways to improve existing configurations and management practices for physical security devices, including:
Using secure protocols for connecting
the device to the agency network
Disabling access methods that support
a low level of security protection.
Verifying configurations of security
features and alerts.
Replacing defaults with new
passwords that are changed on a regular
and verified the schedule.
Implement encryption. End-to-end encryption offers the most security to protect video streams and data as they travel from the physical security device to a management system for viewing. Also, ensure that encryption protects these files and data while in storage. Enhance access defences. Strengthen the security of user and device access with a multilayer strategy that includes multifactor access authentication and defined user authorisations. Improve update management. One management function that can be overlooked when teams are separate is the installation of software updates and patches. When the teams are joined, define who has responsibility for maintaining awareness of when updates are available. Then, define who has responsibility for vetting, deploying and documenting updates on all eligible devices and systems.
The future of transport cybersecurity
The transport sector faces a persistent and growing risk of cyberattacks that can disrupt operations, compromise passenger safety and lead to substantial financial losses. A proactive approach, encompassing robust cybersecurity measures and comprehensive physical security strategies, is imperative to safeguard the transport industry against evolving threats. By prioritising cybersecurity, promoting collaboration and investing in employee education, transport organisations can fortify their defences and ensure the secure and efficient movement of people and goods.