While the majority of attacks on T&L firms were ransomware attacks focused on stealing financial and other business-related information (such as the 2018 attack on Cathay Pacific and many more), some attacks were aimed directly at OT operations, often using the IT-OT barrier as the gateway into the OT network.
That said, ships, planes, trains and automobiles can be hacked: in 2017 DHS demonstrated how a commercial jetliner can be hacked; and the same goes for autonomous vehicles. The logistics sector is constantly targeted by attempts to manipulate cargo systems, to redirect shipping containers and even make them disappear. We’ve witnessed attacks on rail systems, bus networks and more. The conventional wisdom, which T&L operators should embrace, is that every industrial automation network will be attacked at one point or another.
However, even with the writing clearly apparent on the wall, the T&L industry has not put in place adequate mechanisms to tackle cyber attacks. According to a 2020 SJSU/MTI study, about half of all transit companies surveyed experienced a cyber attack of some sort (either by directly phishing for information, data breaches, ransomware or through their supply chain). Yet, only 60% actually have a cybersecurity preparedness program; 43% do not believe they have the resources necessary for cybersecurity preparedness; and only 47% audit their cybersecurity program at least once per year.
Download Transportation & Logistics Use Case
As recent cyberattacks on T&L companies reveal, by and large the T&L industry is ill-equipped to handle the risks it’s facing, due largely to three factors:
- Inadequate regulation (compared to other national-critical infrastructure like power generation)
- Lack of awareness among decision makers
- The overarching shortage of OT-security experts.
As mentioned, the transition to IIoT-based automation, communications and operation management systems has increased the attack surface in the T&L sector. This is due to the large amount of data and interconnected systems that they handle, which makes them prime targets for hackers. For example, the International Maritime Organization’ (IMO) strategic transition to e-navigation allows continuously collecting, integrating, and analyzing ship and container information to track ships’ locations, cargo details, maintenance issues and more; this means that a breach into the e-navigation system would affect the entire spectrum of shipping operations, rather than disrupting on area of operations.
As for regulation, despite the sector’s global operations—or perhaps because of them—regulators have had a hard time agreeing or focusing on a set of cybersecurity standards that T&L companies should follow wherever they operate. Among the regulations proposed or already established are the EU’s Network and Information Security (NIS) directive and the soon-to-be-implemented CLC/TS 50701 and EN 50126 standards for railroads, as well as a series of rules for ships promulgated by the International Maritime Organization.
Whether protecting a rail system’s switching system or protecting autonomous vehicles, the framework for efficient protection is the same:
- Visibility into the network: in order to protect the network you need to know what it’s made of. Ideally you’ll have a detailed network visualization maps that provide easy access to each device’s properties, state, vulnerabilities and potential inter-zone attack vectors.
- Risk assessment: by simulating breach and attack scenarios (using threat intelligence for attackers and attack tactics), and accounting for the specific characteristics of the network, T&L operators can get a clear picture of their exposure to risk, and which mitigation measures provide the best level of protection.
- Implementation: the results of the risk assessment serves as the basis for a prioritized protection plan, for the OT-IT network. The plan should allow for optimization based on budget and operational needs.
- Long-term security management: cyber-protections installed on the T&L network only protect against current threats. Continuous monitoring is required to provide adequate network protection to account for the ever-changing threat environment, device vulnerabilities and operational needs.
Radiflow Solutions for T&L
Radiflow offers a complete suite of cyber security solutions especially designed for OT systems, which along with our in-depth understanding of the unique challenges of securing transportation and logistrics facilities ensure the best path to mitigating down-time losses:
- SEE (VISUALIZE): Radiflow’s iSID industrial threat detection and monitoring system generates a visual model of the entire industrial network including all assets, connections, protocols and vulnerabilities.
- KNOW: Radiflow’s CIARA industrial risk assessment and management platform uses the iSID-generated digital image of the network, along with MITRE ATT&CK and other threat intelligence resources, to determine the most impactful threat actors and attack tactics and the effectiveness of corresponding mitigation measures, based on each network’s unique characteristics. (Using a digital network image eliminates the innate potential harm of running simulations on the live network.) CIARA’s risk assessment is fully IEC62443-compliant.
- ACT – Preparation and implementation of a security roadmap based on your long-and short-term security preferences (e.g. strengthening a single business unit vs. reducing overall risk) and budgetary constraints.
- MONITOR – Detection of abnormal behavior indicating breach attempts and changes to variousICS components and continuously monitoring the network at the corporate or cloud-based OT security provider’s (OT-MSSP) SOC.
Designed especially for OT, Radiflow’s solutions support most relevant OT protocols (e.g. BACnet, Profibus) for accurate modeling and anomaly detection (new devices, topology changes, abnormal memory access, and firmware changes).