TRANSPORT CYBERSECURITY TOOLKIT

Transport Cybersecurity Toolkit training



Overview

The European Commission published on 16 December 2020 its Transport Cybersecurity Toolkit, a repository of tips and recommended practices to enhance cybersecurity and cyber-resilience in the transport sector.

Cybersecurity is becoming a growing concern for the transport industry. Yet, many employees remain insufficiently aware of the risks, and their actions may sometimes inadvertently open the door to attackers.

Against this background, the transport cybersecurity toolkit aims at contributing to greater levels of cyber-awareness and cyber-hygiene, with a specific focus on the transport sector. It addresses transport organisations, regardless of their size and domain of activity.

Concretely, the toolkit contains basic information on four threats that may affect transport organisations: malware diffusion, denial of service, unauthorised access and theft, and software manipulation.

For each of those threats, the toolkit lists good mitigating practices, which are relevant for all transport staff, regardless of their occupation.

The toolkit also contains a more advanced level, which provides information that is particularly relevant for security and cybersecurity professionals in transport organisations. This advanced level is organised by transport mode: air, maritime and land. For each transport mode, the toolkit provides guidance on identifying, protecting, detecting, and responding to cyber-threats.

We tailor the program to meet specific requirements. You may contact us to discuss your needs.


Target Audience

The Commission's Directorate-General for Mobility and Transport, which is responsible for EU policy on mobility and transport, has contracted the development of the Transport Cybersecurity Toolkit to enhanse the awareness and preparedness of transport stakeholders to cyber threats.

The Transport Cybersecurity Toolkit provides insights for understanding cyber threats and mitigating their impact on transport services, systems, and operations. This toolkit provides alternative awareness paths targeting:

- All transport staff. It targets all staff of transport organisations, from staff in transport service operations to administrative staff. It provides guidance towards an increased understanding and awareness of the most common cyber threats targeting transport services and systems. Additionally, it provides insights on how to deal with potential cyber threats, including identifying, reporting, and mitigating them by cybersecurity good practices.

- Transport decision-makers in cybersecurity across the different transport modes. It targets staff who have decision-making responsibilities for cybersecurity in transport organisations. This path highlights good practices tailored to the different transport modes for enhancing cybersecurity posture of transport organisations. In particular, it provides good practices in order to identify, protect, detect, and respond to emerging cyber threats targeting transport organisations.

The program is also beneficial to suppliers and service providers of the transport and logistics industry.


Duration

One hour to one day, depending on the needs, the content of the program and the case studies. We always tailor the program to the needs of each client.


Instructor

Our instructors are working professionals that have the necessary knowledge and experience in the fields in which they teach. They can lead full-time, part-time, and short-form programs that are tailored to your needs. You will always know up front who the instructor of the training program will be.


Course synopsis

Transport threat landscape.

- The cyber threat landscape is dynamic and continuously evolving. Nevertheless, it is possible to identify cyber threats, which all transport modes face in operations of services and systems.

- Emerging cybersecurity threats affecting different modes of transport.

Threat actors.

- Individuals or organisations that may potentially impact safety and security of transport services and systems.

Emerging cyber-threats.

- Selected cyber-threats that may potentially represent attack vectors impacting safety and security of transport services and systems.

- The most significant malicious actors intentionally targeting transport organisations: Cyber criminals, insiders, nation states and state-sponsored groups.

There are a substantial number of cyber threats targeting transport:

- distributed denial of service,

- denial of service,

- data theft,

- malware diffusion,

- phishing,

- software manipulation,

- unauthorised access,

- destructive attacks,

- falsification or bypassing of security operator decision process,

- masquerading of identity,

- abuse of access privileges,

- social engineering,

- defacement,

- eavesdropping,

- misuse of assets, and

- hardware manipulation.

The most pressing emerging cyber threats affecting transport are: Malware, (Distributed) Denial of Service, Unauthorised Access and Theft, and Software Manipulation.

Threat #1: Malware.

- Malicious software that may potentially affect individuals or organisations across transport modes.

Threat #2: (Distributed) Denial of Service.

- Cybersecurity attacks preventing individuals or organisation access relevant transport services and resources.

Threat #3: Unauthorised Access and Theft.

- Unauthorised access, appropriation, and exploitation of critical assets.

Threat #4: Software Manipulation.

- Cybersecurity attacks targeting software in order to modify its behaviour and conducting specific attacks.

Good practices against malware.

You can help to protect your organisation by following good practices for identifying and preventing the diffusion of malware, such as:

- Follow security policies such as scanning storage media and files for viruses, avoiding opening and emailing specific types of files (e.g. executable files such as .exe, .bat, .com, etc.), installing only authorised software, ensuring software (including antivirus) is up to date and functioning properly, and other policies.

- Backup your data regularly into secure (and authorised) data storage devices or services, which should support encryption mechanisms in order to protect data at rest and being available for data restore procedures.

- Protect with suitable security measures (e.g. password, encryption, etc.) all systems including mobile and endpoint devices, and remember to lock (physically and digitally) securely all systems if unattended.

- Avoid opening attachments and clicking on hyperlinks contained in unexpected emails and suspicious web browser popup windows with a strange body text or from unknown senders and internet domains.

- Avoid inserting into your computer untrusted or unknown removable devices such as USB sticks, hard disks, and other storage devices.

- Avoid disabling malware security measures (e.g. antivirus, software, content filtering software, firewall, etc.).

- Update installed software regularly to the latest available versions (which information security officers or system administrators may release with regular updates).

- Avoid using privileged (e.g. administrator-level) accounts and credentials for regular activities and operations.

- Report to information security officers or system administrators any suspicious email or unexpected system behaviour.

- Focus attention on information security among daily routine work in order to recognise IT security concerns and respond accordingly.

Good practices against Denial of Service.

You can help in protecting your organisation by identifying Distributed Denial of Service (DDoS) and Denial of Service (DoS) attacks. You should contact immediately your security and IT teams if you detect or experience any of the following indicators of potentially ongoing DDoS and DoS attacks for your services or systems:

- Increasing requests consuming network capacity (perceived as slow services and responses) resulting in service or system failures due to overload.

- Increasing demand of memory resources usage without an obvious reason.

- Unexpected behaviours of services and systems, frequent crashes, and strange error messages due to malicious consumptions of computational resources or network connections.

- Degraded performances of devices, long executions for trivial tasks and noticeable activities (e.g. noisy fan while devices performing slowly).

- Unexpected internet connections or loss of connections to services and systems.

- Subtle behavioural changes of operation controls or technologies resulting in physical damages.

- Denials of accesses to privileged or administrative accounts in order to block incident response procedures from recovering.

Good practices against Unauthorised Access and Theft.

In order to prevent attacks involving unauthorised access and theft, it is necessary to follow principles such as ‘need to know’ and ‘security and privacy by default’, which emphasise that sensitive and confidential assets (including personal and sensitive data, transport systems, etc.) should be accessible only to whom has the right to access them in order to perform their duties. You can help in protecting your organisation by following good practices for identifying and preventing unauthorised access and theft, such as:

- Follow security organisational policies.

- Avoid sharing and publishing online credentials and personal data, including pictures that may contain such information.

- Avoid using or transmitting credentials and personal data (and other sensitive data) to untrusted and unsecure networks, devices, or web services (e.g. websites that use unsecure protocols or addresses http:// and not secure ones https.//).

- Never reveal to anyone your credentials (e.g. login and password) even via email or phone.

- Protect sensitive data typed on keyboards or shown on screens (including on mobile devices) from unauthorised individuals, install privacy screens, and avoid working from public places with private devices, and avoid leaving any device unlocked and unattended.

- Use complex passwords (e.g. sufficiently long password combining alphanumerical and special characters) complying with relevant organisational security policies in order to prevent unauthorised access.

Good practices against Software Manipulation.

You can help in protecting your organisation by following good practices for identifying and preventing software manipulation, such as:

- Avoid installing unreliable software on systems and devices (including personal computers, servers, peripherals, network devices, smartphones, etc.).

- Always install software and updates from official sources and websites (e.g. producers, corporate repositories, etc.).

- Avoid downloading software and applications (and any file) from illegal sources.

- Uninstall unnecessary or not recently used software, and disable unnecessary connections (e.g. network protocols and services) including access to remote services (e.g. cloud storage services).

- Scan any software or storage devices with a reliable and updated antivirus.

- Download safe industrial software (e.g. updates, patches, new products, etc.) from trusted suppliers using white station principle.

- Update all installed software in compliance with organisational policies and practices.

Good practices tailored to Air Transport.

Aviation organisations need clear understandings on emerging threats in order to define management policies and processes to govern their approaches in order to enhance cybersecurity of services and systems in operations, including Information Technology (IT) and Operational Technology (OT).

Examples of services and systems in air transport: Those accessible to employees (e.g. personal computers, mobile phones, office peripherals, etc.) as well as passengers (e.g. public Wi-Fi routers and connections, etc.).

Examples of OT are Supervisory Controls and Data Acquisition (SCADA) systems, heating, ventilation, and air conditioning (HVAC) systems, security checkpoints for cabin baggage, baggage handling systems (BHS), access control, monitoring, surveillance, alarm response, screening technology, airfield lighting control systems, radar systems and sensors, Global Positioning Systems (GPS) systems, Air Traffic Management (ATM) systems, Communication, Navigation and Surveillance systems (CNS), Aeronautical Information Systems, Meteorological Systems, Security Operation Centre Systems, airline on-board systems, and others.

Good practices tailored to Land Transport.

Organisations in land transport (rail and road) need clear understandings on emerging threats in order to define management policies and processes to govern their approaches in order to enhance cybersecurity of services and systems in operations, including Information Technology (IT) and Operational Technology (OT).

Examples of services and systems in land transport: Those accessible to employees (e.g. personal computers, mobile phones, office peripherals, etc.) as well as passengers (e.g. public Wi-Fi routers and connections, etc.).

Examples of OT are Supervisory Controls a, and Data Acquisition (SCADA) systems, heating, ventilation, \ and air conditioning (HVAC) systems, Global Positioning Systems (GPS) systems, access control, monitoring, surveillance, alarm response, and screening technology.

Specific systems for rail transport are, for example: operational (control and command systems) including signaling systems, the European Rail Traffic Management System (ERTMS), on-train systems, maintenance systems.

Good practices tailored to Maritime Transport.

Organisations in maritime transport need clear understandings on emerging threats in order to define management policies and processes to govern their approaches in order to enhance cybersecurity of services and systems in operations, including Information Technology (IT) and Operational Technology (OT).

Examples of services and systems in maritime transport: Those accessible to employees (e.g. personal computers, mobile phones, office peripherals, etc.) as well as passengers (e.g. public Wi-Fi routers and connections, etc.).

Examples of OT are Supervisory Controls and Data Acquisition (SCADA) systems, heating, ventilation, and air conditioning (HVAC) systems, Global Positioning Systems (GPS) systems, access control, monitoring, surveillance, alarm response, screening technology, on-board navigation systems, SafeSeaNet, bridge systems, cargo handling and management systems, propulsion and machinery management and power control systems, access control systems, passenger servicing and management systems, passenger facing public networks, administrative and crew welfare systems, communication systems, and others.

Closing remarks and questions.

For more information, you may contact us.