fbpx
January 27, 2023
by Mary Grlic
aruba

Transportation Cybersecurity: Keeping Critical Infrastructure Safe

By Mary Grlic Transportation is critical infrastructure that helps us move goods and people safely, quickly, and securely. We rely on a lot of forms of transportation in today’s day…...
"

Start reading

By Mary Grlic

Transportation is critical infrastructure that helps us move goods and people safely, quickly, and securely. We rely on a lot of forms of transportation in today’s day and age, like boats, trucks, trains, cars, and planes. Even if we don’t think about it, there’s a lot of technology that comes with transportation, anywhere from the digital bookkeeping methods to a GPS (global positioning system) inside of cars and trucks. With all of that technology comes a few unfortunate risks and the need to always be cyber safe in the world of transportation. Threats for cyberattacks are increasing in all industries, including transportation, making transportation cybersecurity a worthwhile consideration.

There’s a lot of hardware and software specifically meant for the transportation industry. When thinking about the information technology and systems behind transportation, there are a few key factors to look at. This includes the internet, wireless connections, future technology, and mobility. The reliance on the internet in transportation spans far and wide – from simple use of applications like Google Maps to find destinations, to electronic logging and more. This intersects with the need for wireless connectivity and mobility; considering how “mobile” transportation is, having a stable connection is essential. Tech is always evolving, and monitoring those changes is critical for the transportation industry to stay efficient in today’s day and age. Ever think about how much a simple GPS has changed in the last few years? We’ve transitioned from using physical GPS devices to cell phone applications like Waze to help us reach our destination. 

Electronic Logging Devices

ELDs (electronic logging devices) are meant to make work in the transportation industry easier, safer, and more efficient. On December 16, 2019, a new mandate went into effect, requiring that any commercial driver who must maintain records of duty status (RODs), must have an ELD in their vehicle. An ELD is a piece of hardware that records driving times for transportation employees. ELDs sync with a vehicle’s engine in order to automatically record driving time easily and accurately.

ELDs rely on mobile networks like 5G, so keeping these systems up to date is important to make sure that drivers can continue using them. About a year ago, for example, cellular carriers stopped supporting 3G networks to make room for more advanced services. Many older ELDs relied on 3G connectivity, so when carriers stopped supporting 3G, those ELDs became obsolete. Keeping ELDs up to date is imperative to make sure drivers can keep using them, even with new mobile updates. The US Department of Transportation also provides a list of registered ELDs that are compliant with the ELD rule. 

Having an electronic logging device is relevant because it’s essential for compliance. It can also help with maintenance, safety, security, dispatching and routing. Because ELDs are physically connected to vehicle engines, they can also extract critical engine data to alert drivers of maintenance needs. Higher-end ELDs also have integrated GPS systems that provide real-time information to better assist drivers. 

Transportation Management System

A transportation management system (TMS) uses technology to optimize and plan the movement of goods. This software allows companies to:

  • Plan network needs
  • Optimize routes
  • Manage carriers
  • Track shipments
  • Automate processes
  • Handle payments

A TMS helps the transportation industry to plan, execute, and optimize delivery – but how? A TMS can be standalone or integrated with an existing cloud system that the company utilizes. The business can select the most optimal mode of shipment and best carrier, based on research about cost, efficiency, and proximity. A TMS can also offer some further insight into the trends of the supply chain and global trade, including information about any tariffs, taxes, and even delays. With these systems in place, businesses can plan the most cost effective and time efficient method to transport goods. Transportation management systems help with execution by matching loads and communicating with respective carriers. The documentation and tracking of shipments is handled by the TMS, allowing for quick processing and minimal human error. A TMS will also analyze, measure, and track performance in order to optimize it.

Dispatch Systems/Software 

With transportation dispatch systems, organizations can manage their carrier fleets, keep track of drivers, and manage logistics in one place. These systems can help the transportation company organize and keep track of who, or what, is going where at specific times. Dispatch systems are important for all modes of transportation – from trucks to taxi cabs. It can help with sending loads, goods, or even just vehicles and people. 

Critical Uptime for Transportation

For most industries, uptime is critical, and transportation is no exception. Even if just one system fails, that can mean a lot of things. Packages or shipments might not go out on time. Flights or trains will be delayed. Goods will not reach their destination when expected. This can eventually impact the supply chain itself. Keeping uptime “up” while still staying compliant, maintaining driver satisfaction, and eliminating extra costs can be a challenge. Maximizing uptime for transportation spans from traffic concerns to the tech side of things.

While some things depend on more than just technology, ensuring that all tech and IT infrastructure is always operating will help with uptime.

The right TMS can also boost growth and efficiency, which is good for uptime as well. Availability and reliability are fundamental for the transportation sector, making uptime a key priority.

Transportation Security

Like with any industry, protecting digital systems helps safeguard companies from security threats. Systems face the risk of cyber attacks or even just system failure, with bugs, glitches or other internal problems that can hinder proper functionality. 

CISA, the Cybersecurity and Infrastructure Security Agency, provides guidelines regarding transportation cybersecurity in the National Infrastructure Protection Plan (NIPP) Transportation Sector Specific Plan (2015). The document applies to all areas of the transportation sector: aviation, maritime, freight rail, highway & motor carrier, pipeline, postal & shipping, and mass transit. It goes to recognize the interdependence of transportation with other sectors, like information technology, critical manufacturing, emergency response, and energy, just to name a few. Section 3.1 of the 2015 plan details some of the risks that the sector faces, including terrorism, aging infrastructure, natural disasters (like fires), and global climate change. 

Cybersecurity in Transportation 

Section 3.3.2 further mentions cybersecurity in transportation. The use of technology in transportation operations is commonplace. Technology can be helpful to increase efficiency, improve customer service, enhance behind the scenes controls, and provide better security. Some technologies that the transportation sector relies on include positioning, navigation, tracking, routing, system controls, signaling, communications, and business management.

Risks in tech continue to amplify, so having a good plan to counter these threats is paramount. The DHS and DOT work together to be more effective when it comes to analyzing and understanding cyber risks. The Transportation Systems Sector Cybersecurity Working Group (TSSCWG), for example, works to maintain and improve awareness and act in response to cyber threats. The transportation sector’s cybersecurity goals are to:

  • Maintain continuous cybersecurity awareness, education and training
  • Improve and expand voluntary participation in cybersecurity efforts
  • Define the conceptual environment
  • Enhance intelligence and security information sharing
  • Ensure sustained coordination and strategic implementation

Executive Order 13636, from February 2013, first set forward policies that would help to address cyber threats for critical infrastructure. Now, 10 years later, these sorts of organizations still adopt similar actions to prevent any cyber attacks. For example, adhering to recommendations from NIST and the FBI. A Cybersecurity Evaluation Program is meant to analyze current IT infrastructure and take proactive steps to keep organizations safe. A good cybersecurity plan would include a comprehensive risk assessment and action plan with regard to any threats the assessment discoveries. For transportation, this is particularly significant, as regulations and technology are changing so frequently. To learn more, there are several sectors within the 2015 Sector Specific Plan that go into further detail regarding cybersecurity in transportation. 

Transportation Cyber Attacks

We’re likely all familiar with the Metropolitan Transportation Authority (MTA), whether we rely on it daily or just once in a blue moon. Did you know that New York’s MTA is actually the largest public transit authority in the entire country?

The MTA serves 12 counties in Downstate New York, as well as, two counties in southwestern Connecticut. The New York counties include:

  • New York County (Manhattan)
  • Richmond County (Staten Island)
  • Kings County (Brooklyn)
  • Queens County (Queens)
  • Nassau County (Long Island)
  • Suffolk County (Long Island)
  • Rockland County
  • Bronx County
  • Orange County
  • Dutchess County
  • Putnam County
  • Westchester County

On an average weekday, the MTA carries over 11 million passengers, as well as over 850,000 vehicles on its seven toll bridges and two tunnels. That’s a tremendous amount of people and vehicles in motion, with lots of ground to cover.

A cyberattack in 2021 threatened three of the MTA’s computer systems for several days. The MTA claims that no customer data was stolen, and that the attack didn’t tamper with their critical system but there are still lingering questions about the impact of this cyber attack.

Even though the effects weren’t seemingly harmful, the fact that cyber criminals still managed to penetrate the MTA is staggering. Such an incident is evidence of the very real and potential danger of leaving your systems vulnerable. This was an example of a cyber attack very close to home, right here in New York, with a critical organization that many New Yorkers count on every day.

Recently, hackers also tried to scam the taxi cab dispatch system at JFK airport. Two men from Queens, NY, hacked into the dispatch system and changed the order in which taxi cab drivers would leave the lot. Drivers paid $10 to avoid the long lines and go straight to the front; the men gathered thousands of dollars a day. 

To learn more about it, check out our article about it here:

JFK Taxi Scheme – Dispatch System Gets Hacked

0 Comments

aruba

Pick your next post

Why Every Organization Needs Managed IT Services

Why Every Organization Needs Managed IT Services

When your computer battery dies, how do you get it to work? If your internet connection fails, how will it get back up? If you need to access storage from a lost or damaged device, how do you find it? With so much of our organizations relying on technology, it is...

read more
How Many IP Addresses Are There?

How Many IP Addresses Are There?

An Internet Protocol address (IP) uniquely identifies each device connected to the Internet. Computers connected to the Internet share information with a particular location using IP addresses. An IP address has two distinct versions. The older of the two Internet...

read more
What is Remote Desktop Protocol (RDP)?

What is Remote Desktop Protocol (RDP)?

Remote Desktop Protocol (RDP) is a secure layered network communication protocol developed by Microsoft that enables network administrators to diagnose problems that users encounter remotely and provide users secure remote access to their physical work desktop...

read more
What is a Brute Force Attack?

What is a Brute Force Attack?

A brute force attack is a hacking method where it uses the trial and error method to crack passwords, login credentials, and encryption keys. It is a simple but effective and reliable method for gaining access to individual account and organization systems and...

read more