Tackling the challenges posed by a cyberattack on the transport sector
The transport and logistics sector is a critical driver of the global economy, facilitating the movement of goods and people while contributing significantly to national GDPs. It is also becoming an attractive target for cybercriminals. In the last two years transportation has been one of the most attacked sectors after manufacturing. The consequences of these incidents, from data breaches to operational disruptions, show the urgent need for robust cybersecurity measures.
Several recent, notable cyberattacks have targeted transport
There are several types of cyberattack in the transport sector, ranging from ransomware attacks to data breaches, Distributed Denial-of-Service (DDoS) attacks, and supply chain vulnerabilities. According to the European Union Agency for Cybersecurity (ENISA), ransomware is the most prominent threat, targeting critical infrastructure and causing widespread service disruption.
Several high-profile incidents illustrate the scale and impact of these threats:
- Network Rail (United Kingdom) faced a cyberattack in September 2024 that disrupted public Wi-Fi services at 19 railway stations across London, Reading, Leeds, and Glasgow Central. The attackers displayed terror messages to users, resulting in the suspension of Wi-Fi services for several days.
- Transport for London (TfL) was attacked in September 2024, exposing customer banking details and leading to the suspension of multiple services. The breach affected travel information feeds and booking services. It required 30,000 in-person password resets for staff, causing severe operational delays and financial losses.
- In August 2024, the Port of Seattle, which operates Seattle-Tacoma International Airport, was targeted by the Rhysida ransomware group. The attack disrupted baggage-sorting systems, flight and baggage information displays, and forced manual check-ins.
- JAS Worldwide, a global freight forwarder, experienced a ransomware attack in August 2024 that crippled its business systems and customer portal. Customers were unable to track shipments in real time, leading to widespread disruptions.
The impact of these attacks is not limited to data theft or financial loss; they also paralyse operations, compromise safety, and erode public trust.
Cyberattacks on transport operators have wide consequences
While some incidents primarily involve data theft, others result in direct service disruption. Polish Railways in August 2023 exemplifies the latter, with hackers exploiting unsecured radio frequencies to trigger emergency stops for around 20 trains near Szczecin. This act of sabotage showcased how easily critical transport systems can be manipulated, causing public safety concerns and operational chaos.
Similarly, Auckland Transport suffered two cyberattacks in September 2023, including a ransomware incident that disrupted ticketing systems and a subsequent DDoS attack targeting online services. The financial and operational toll was substantial.
The ramifications of such incidents extend beyond immediate financial losses. Personal data breaches, as seen with TfL, can expose customers and employees to identity theft and fraud, while compromised infrastructure details may enable future attacks.
Moreover, attacks that target supply chains or disrupt interconnected systems, such as the NotPetya attack on Maersk (back in 2017), highlight the cascading effects that can ripple across the global economy.
Addressing cybersecurity shortcomings in transport is essential
Despite the escalating threat landscape, the transport sector remains inadequately prepared to defend itself against cyberattacks. While 73% of companies claim to possess the information needed to devise cybersecurity strategies, only 60% have formal response plans, according to a study by the Mineta Transportation Institute (MTI). The gap between awareness and effective preparedness leaves many organisations vulnerable.
Building a strong cybersecurity position starts with adopting a zero-trust model to ensure no device or user is trusted by default. Access controls, multi-factor authentication, and continuous monitoring are essential.
Consider the example of Elron, Estonia’s national rail carrier. A trusted third party (operating the ticketing system) was targeted by a DDoS attack in 2023, allowing passengers of Elron to travel for free. Such breaches underscore the need for proactive monitoring of trusted third-party and rapid incident-response capabilities.
Unique challenges need a comprehensive approach
The transport sector's complexity, with its layers of interlaced systems, managed by different entities, presents unique cybersecurity challenges. Attacks can have cascading effects, as demonstrated by attacks on infrastructure, which isolated operations and disrupted services.
To mitigate these risks, a comprehensive security strategy is required. This involves not only securing individual systems but also conducting cross-system analyses to identify potential vulnerabilities.
