Planes, Trains and Automobiles (and More): No Shortage of Attack Targets in Transportation

In the U.S., the transportation sector is defined to include a number of subsectors such as aviation, highway infrastructure, maritime transportation, mass transit and passenger rail, pipeline systems, freight rail, and postal and shipping. This is an extensive network of transportation systems that span the globe, offering attackers a multitude of targets in numerous geographies.

According to the 2015 version of the “Transportation Systems Sector-Specific Plan,” the transportation sector is increasingly vulnerable to cyberthreats as a result of “the growing reliance on cyber-based control, navigation, tracking, positioning and communications systems, as well as the ease with which malicious actors can exploit cyber systems serving transportation.”

Why Attack the Transportation Industry?

IBM’s “Know Your Cyber Enemy” report highlighted a variety of motives behind these attacks but stated quite clearly that “direct financial gain is the aim of profit-motivated attacks and the driver behind the most active areas of cybercrime.” This is evident in the types of security incidents disclosed in the last few years across the transportation industry, many of which involved stolen personally identifiable information (PII) and credit card data.

For example, in 2014, the Chinese national train reservation system was the target of attackers who stole customers’ personal data. Last year, sensitive passenger data including travel manifests was stolen from a major U.S. airline, Bloomberg reported. Frequent flier accounts of several airlines were also targeted in recent years. Attackers likely leveraged stolen logins, obtained through other data leaks and password reuse, to steal miles from these accounts, which could then be used or converted into gift cards or other tangible goods.

Addressing the Challenges

Scaling security with the growing demands on transportation’s infrastructure and systems is challenging. Adding to this challenge is the trend towards privatization: Each individual owner or operator is responsible for identifying critical cyber infrastructure and applying remediation. Vulnerable systems could include navigation equipment, air traffic control and tracking and communication systems.

However, patch management policies may vary widely from one organization to the next. Security and risk professionals will have to identify the weak points in their organizations and then apply the most effective remediation and mitigation practices. As daunting as these security challenges may seem, transportation organizations willing to invest in cybersecurity can be in a strong position to prevent attacks.

For more information, read the IBM report “Security Trends in the Transportation Industry,” which provides insights regarding the types of cyberattacks targeting the transportation sector as well as recommendations on how it can address these security challenges.

IT security risks to transportation: Defending a critical infrastructure segment

Share this Article:
Michelle Alvarez

Threat Researcher and Editor, IBM Managed Security Services

Michelle Alvarez is a Threat Researcher and Editor for IBM's Managed Security Services; she brings more than 10 years of industry experience to her role. In this role she focuses communications efforts around threat research and mitigation. Michelle joined IBM through the Internet Security Services (ISS) acquisition, where she served as an Analyst on the X-Force Vulnerability Database Team.