News

img

Driving Down Cybersecurity Risk in the Transportation Sector

Transportation is an old business. Most legacy systems can’t keep up with modern cybersecurity risks. Even when systems are updated, it’s usually to improve efficiency, not cybersecurity.

However, improving cybersecurity is more important than ever for transportation systems. Public-facing applications and Internet of Things (IoT) devices, both increasingly common, mean new entry points for bad actors.

Common cyber risks include:

Need to improve cybersecurity of smart and IoT devices

The development of smart cities has increased the use of IoT devices— and the need for new cybersecurity measures— in transportation. Any device not properly configured, patched, and updated on a regular basis is an easy entry point for a hacker.

Weak controls over user authentication

A common oversight in transportation and other operational technology (OT) environments is a lack of domain controllers for user authentication on servers and workstations. Without proper authentication controls, anyone with basic credentials can infiltrate a system.

Bad passwords and ghost accounts

Password security is fundamental but often overlooked. No matter how old the system, passwords should be held to a high standard and changed often. Organizations should be equally vigilant when employees and contractors leave. Deleting old accounts is critical. Otherwise, attackers may use stolen credentials to access the system and escalate privileges.

Lack of a transportation-centric cybersecurity risk management program

Most cybersecurity control standards provide a general framework applicable to various industries. This can make it difficult for organizations with specialized needs and technology to efficiently and effectively implement the security measures best suited to them.

To help reduce cyber risks, the transportation sector can use the Transportation Systems Sector Cybersecurity Framework Implementation Guidance, which helps align organizations with the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF), a proven best practice standard.

How the transportation sector can improve cybersecurity

The expanded attack surface, created by growing interconnectivity, greatly increases the risk of a costly and damaging cyber attack. For this reason, continually evaluating IT security and updating policies and procedures is a must for all organizations. Cybersecurity is particularly important in the transportation sector, though, which impacts millions of lives.

To learn how your organization can beat cyber risks, contact Securance for a free consultation.