Transport threat landscape.
- The cyber threat landscape is dynamic and continuously evolving. Nevertheless, it is possible to identify cyber threats, which all transport modes face in operations of services and systems.
- Emerging cybersecurity threats affecting different modes of transport.
- Individuals or organisations that may potentially impact safety and security of transport services and systems.
- Selected cyber-threats that may potentially represent attack vectors impacting safety and security of transport services and systems.
- The most significant malicious actors intentionally targeting transport organisations: Cyber criminals, insiders, nation states and state-sponsored groups.
There are a substantial number of cyber threats targeting transport:
- distributed denial of service,
- denial of service,
- data theft,
- malware diffusion,
- software manipulation,
- unauthorised access,
- destructive attacks,
- falsification or bypassing of security operator decision process,
- masquerading of identity,
- abuse of access privileges,
- social engineering,
- misuse of assets, and
- hardware manipulation.
The most pressing emerging cyber threats affecting transport are: Malware, (Distributed) Denial of Service, Unauthorised Access and Theft, and Software Manipulation.
Threat #1: Malware.
- Malicious software that may potentially affect individuals or organisations across transport modes.
Threat #2: (Distributed) Denial of Service.
- Cybersecurity attacks preventing individuals or organisation access relevant transport services and resources.
Threat #3: Unauthorised Access and Theft.
- Unauthorised access, appropriation, and exploitation of critical assets.
Threat #4: Software Manipulation.
- Cybersecurity attacks targeting software in order to modify its behaviour and conducting specific attacks.
Good practices against malware.
You can protect your organisation by following good practices for identifying and preventing the diffusion of malware, such as:
- Follow security policies such as scanning storage media and files for viruses, avoiding opening and emailing specific types of files (e.g. executable files such as .exe, .bat, .com, etc.), installing only authorised software, ensuring software (including antivirus) is up to date and functioning properly, and other policies.
- Backup your data regularly into secure (and authorised) data storage devices or services, which should support encryption mechanisms in order to protect data at rest and being available for data restore procedures.
- Protect with suitable security measures (e.g. password, encryption, etc.) all systems including mobile and endpoint devices, and remember to lock (physically and digitally) securely all systems if unattended.
- Avoid opening attachments and clicking on hyperlinks contained in unexpected emails and suspicious web browser popup windows with a strange body text or from unknown senders and internet domains.
- Avoid inserting into your computer untrusted or unknown removable devices such as USB sticks, hard disks, and other storage devices.
- Avoid disabling malware security measures (e.g. antivirus, software, content filtering software, firewall, etc.).
- Update installed software regularly to the latest available versions (which information security officers or system administrators may release with regular updates).
- Avoid using privileged (e.g. administrator-level) accounts and credentials for regular activities and operations.
- Report to information security officers or system administrators any suspicious email or unexpected system behaviour.
- Focus attention on information security among daily routine work in order to recognise IT security concerns and respond accordingly.
Good practices against Denial of Service.
You can help in protecting your organisation by identifying Distributed Denial of Service (DDoS) and Denial of Service (DoS) attacks. You should contact immediately your security and IT teams if you detect or experience any of the following indicators of potentially ongoing DDoS and DoS attacks for your services or systems:
- Increasing requests consuming network capacity (perceived as slow services and responses) resulting in service or system failures due to overload.
- Increasing demand of memory resources usage without an obvious reason.
- Unexpected behaviours of services and systems, frequent crashes, and strange error messages due to malicious consumptions of computational resources or network connections.
- Degraded performances of devices, long executions for trivial tasks and noticeable activities (e.g. noisy fan while devices performing slowly).
- Unexpected internet connections or loss of connections to services and systems.
- Subtle behavioural changes of operation controls or technologies resulting in physical damages.
- Denials of accesses to privileged or administrative accounts in order to block incident response procedures from recovering.
Good practices against Unauthorised Access and Theft.
In order to prevent attacks involving unauthorised access and theft, it is necessary to follow principles such as ‘need to know’ and ‘security and privacy by default’, which emphasise that sensitive and confidential assets (including personal and sensitive data, transport systems, etc.) should be accessible only to whom has the right to access them in order to perform their duties. You can help in protecting your organisation by following good practices for identifying and preventing unauthorised access and theft, such as:
- Follow security organisational policies.
- Avoid sharing and publishing online credentials and personal data, including pictures that may contain such information.
- Avoid using or transmitting credentials and personal data (and other sensitive data) to untrusted and unsecure networks, devices, or web services (e.g. websites that use unsecure protocols or addresses http:// and not secure ones https://).
- Never reveal to anyone your credentials (e.g. login and password) even via email or phone.
- Protect sensitive data typed on keyboards or shown on screens (including on mobile devices) from unauthorised individuals, install privacy screens, and avoid working from public places with private devices, and avoid leaving any device unlocked and unattended.
- Use complex passwords (e.g. sufficiently long password combining alphanumerical and special characters) complying with relevant organisational security policies in order to prevent unauthorised access.
Good practices against Software Manipulation.
You can help in protecting your organisation by following good practices for identifying and preventing software manipulation, such as:
- Avoid installing unreliable software on systems and devices (including personal computers, servers, peripherals, network devices, smartphones, etc.).
- Always install software and updates from official sources and websites (e.g. producers, corporate repositories, etc.).
- Avoid downloading software and applications (and any file) from illegal sources.
- Uninstall unnecessary or not recently used software, and disable unnecessary connections (e.g. network protocols and services) including access to remote services (e.g. cloud storage services).
- Scan any software or storage devices with a reliable and updated antivirus.
- Download safe industrial software (e.g. updates, patches, new products, etc.) from trusted suppliers using white station principle.
- Update all installed software in compliance with organisational policies and practices.
Good practices tailored to Air Transport.
Aviation organisations need clear understandings on emerging threats in order to define management policies and processes to govern their approaches in order to enhance cybersecurity of services and systems in operations, including Information Technology (IT) and Operational Technology (OT).
Examples of services and systems in air transport: Those accessible to employees (e.g. personal computers, mobile phones, office peripherals, etc.) as well as passengers (e.g. public Wi-Fi routers and connections, etc.).
Examples of OT are Supervisory Controls and Data Acquisition (SCADA) systems, heating, ventilation, and air conditioning (HVAC) systems, security checkpoints for cabin baggage, baggage handling systems (BHS), access control, monitoring, surveillance, alarm response, screening technology, airfield lighting control systems, radar systems and sensors, Global Positioning Systems (GPS) systems, Air Traffic Management (ATM) systems, Communication, Navigation and Surveillance systems (CNS), Aeronautical Information Systems, Meteorological Systems, Security Operation Centre Systems, airline on-board systems, and others.
Good practices tailored to Land Transport.
Organisations in land transport (rail and road) need clear understandings on emerging threats in order to define management policies and processes to govern their approaches in order to enhance cybersecurity of services and systems in operations, including Information Technology (IT) and Operational Technology (OT).
Examples of services and systems in land transport: Those accessible to employees (e.g. personal computers, mobile phones, office peripherals, etc.) as well as passengers (e.g. public Wi-Fi routers and connections, etc.).
Examples of OT are Supervisory Controls a, and Data Acquisition (SCADA) systems, heating, ventilation, \ and air conditioning (HVAC) systems, Global Positioning Systems (GPS) systems, access control, monitoring, surveillance, alarm response, and screening technology.
Specific systems for rail transport are, for example: operational (control and command systems) including signaling systems, the European Rail Traffic Management System (ERTMS), on-train systems, maintenance systems.
Good practices tailored to Maritime Transport.
Organisations in maritime transport need clear understandings on emerging threats in order to define management policies and processes to govern their approaches in order to enhance cybersecurity of services and systems in operations, including Information Technology (IT) and Operational Technology (OT).
Examples of services and systems in maritime transport: Those accessible to employees (e.g. personal computers, mobile phones, office peripherals, etc.) as well as passengers (e.g. public Wi-Fi routers and connections, etc.).
Examples of OT are Supervisory Controls and Data Acquisition (SCADA) systems, heating, ventilation, and air conditioning (HVAC) systems, Global Positioning Systems (GPS) systems, access control, monitoring, surveillance, alarm response, screening technology, on-board navigation systems, SafeSeaNet, bridge systems, cargo handling and management systems, propulsion and machinery management and power control systems, access control systems, passenger servicing and management systems, passenger facing public networks, administrative and crew welfare systems, communication systems, and others.
Closing remarks and questions.
The program is beneficial to all persons working for the transport sector. It has been designed for all persons having authorized access to systems and data.
One hour to half day, depending on the needs, the content of the program and the case studies.
Delivery format of the training program
a. In-House Instructor-Led Training,
b. Online Live Training, or
c. Video-Recorded Training.
Our instructors are working professionals that have the necessary knowledge and experience in the fields in which they teach. They can lead full-time, part-time, and short-form programs that are tailored to your needs. You will always know up front who the instructor of the training program will be.
George Lekatis, General Manager of Cyber Risk GmbH, can also lead these training sessions. His background and some testimonials: https://www.cyber-risk-gmbh.com/George_Lekatis_Testimonials.pdf
Terms and conditions.
You may visit: https://www.cyber-risk-gmbh.com/Terms.html
Cyber Risk GmbH
Tel: +41 79 505 89 60
We process and store data in compliance with both, the Swiss Federal Act on Data Protection (FADP) and the EU General Data Protection Regulation (GDPR). The service provider is Hostpoint. The servers are located in the Interxion data center in Zürich, the data is saved exclusively in Switzerland, and the support, development and administration activities are also based entirely in Switzerland.