-
Industrial
- Healthcare
-
Commercial
- Public Sector
- Threat Research
- Partners
-
Resources
Featured Content
- Company
Blog / 11 min read
Automation, connectivity, and the rise of the extended internet of things (XIoT) have driven greater efficiency and sustainability in the transportation industry. However, these conditions are also fueling various transportation cybersecurity risks — especially to the operational technology (OT) environments that underpin the safety, availability, and integrity of the transportation infrastructure. Taking action to secure these critical OT environments from cyber attacks and adhere to industry regulations requires a unique approach. In this blog, we will outline how digitization has shaped the transportation industry, and provide you with guidance for adhering to the Transportation Security Administration (TSA) cybersecurity directive.
The transportation industry is categorized into various different segments, and although each segment has its unique characteristics, advantages, and challenges, they are all essential to the global supply chain. The three categories we will focus on throughout this blog post are as follows:
The rail transportation segment includes passenger trains, freight trains, and high-speed trains, all responsible for transporting large quantities of goods and people over long distances. This mode of transportation plays a critical role in the global economy and to national security as it is often used to transport military equipment, supplies, and personnel, and at times is used for emergency response and disaster relief efforts. As rail systems are becoming increasingly interconnected with other critical infrastructure, such as energy grids and communications networks, and automated to improve capacity, reliability, and energy efficiency, they have also become increasingly vulnerable to cyber attacks.
This segment includes all types of airplanes including commercial airlines, cargo planes, and private jets often used for long-distance travel, especially internationally. This mode of transportation is essential for global trade as it enables the movement of goods and materials between countries and continents in a fast and reliable manner. It is also often used for emergency response, much like train transportation, as it can quickly transport personnel, equipment, and supplies to an affected area. As air transportation systems have become increasingly digitized, including air traffic control, navigation systems, and communication systems, and increasingly connected to other areas of the global supply chain, it is essential they be protected from cyber threats.
Pipeline transportation typically consists of a network of interconnected pipes, pumps, and valves that are used to transport liquids, such as water and oil, gasses, and other materials from one location to another. Pipelines are crucial to the global supply chain and are often used in conjunction with other modes of transportation such as rail, road, and sea transportation, enabling large volumes of materials to be transported long distances quickly and efficiently. Much like the two other transportation industry segments we discussed, pipeline transportation is extremely vulnerable to cyber risks due technological advancements leading to increased automation and interconnectivity. These advancements have created an expanded attack surface for criminals, leaving pipelines vulnerable to threats that have the potential to disrupt operations, compromise sensitive data, or worse, cause physical damage. Pipeline operations are also subject to unique regulatory requirements that vary by region and country, which, at times, can be difficult to comply with.
The transportation industry plays a critical role in supply chain management, as all three segments above are responsible for moving goods, materials, and people between different locations. Due to these critical operations, the transportation industry is subject to supply chain risk, which can have a significant impact on the global supply chain beyond downtime or data leaks. Without reliable transport networks goods, materials, and people would be unable to move quickly and reliably from location to another. Transportation cyber threats such as hacking, malware, or ransomware attacks can cause disruption to operations or damage to goods, systems, or passengers.
Additionally, transportation companies are subject to various industry regulations and standards related to safety, security, and environmental protection. Non-compliance with these regulations can result in fines, penalties, and in some cases even criminal charges. This form of supply chain risk can cause disruptions and delays to the flow of goods and materials, as transportation providers struggle to keep up with the latest requirements. Overall, supply chain risk can have significant impacts on the global supply chain causing disruptions to the availability of goods and services, leading to increased costs for consumers and potential damages in the form of compromised data, disruption to operations, or worse, physical damage to a provider’s systems, networks, passengers, or staff. To prevent supply chain risk from disrupting operations, providers must implement effective risk management and mitigation strategies to ensure the supply chain is operating smoothing and efficiently, and to establish effective transportation cybersecurity solution.
As we’ve discussed, transportation cybersecurity is essential to mitigate supply chain risk but, how do we combat the global surge of ransomware attacks? Hitting a 93% increase year over year, with a 187% increase in the transportation sector, ransomware attacks are showing no sign of slowing down. This type of attack is being reported globally on nearly a daily basis, from various critical infrastructure organizations.
Most notably was the disruptive ransomware attack against the East Coast’s largest gasoline, diesel, and natural gas distributor, Colonial Pipeline. This incident is seen as one of the most significant attacks on critical national infrastructure in history, infecting the pipeline’s digital systems and shutting it down for several days. This shutdown disrupted the delivery of gasoline and other petroleum products across much of the southeast United States, affecting consumers and airlines alike. With jet fuel shortages for many carriers causing disruptions to air transportation, and fear of gas shortages leading to panic-buying at the pump amongst consumers, this incident affected multiple segments of the transportation industry, and highlighted the need for implementation of cybersecurity strategies and vulnerability management for providers. In response to this incident and the growing threat of ransomware, the Department of Homeland Security’s Transportation Security Administration (TSA) announced much needed transportation cybersecurity requirements. Below, we will highlight the requirements set for each transportation segment, and provide a guide on navigating compliance.
The TSA has issued cybersecurity directives for Rail, Air, and Pipeline Transportation. These directives are focused on performance-based measures to boost the cyber resilience of U.S. railroad operations, airport and aircraft operators, and critical pipelines. As a result of persistent transportation cyber threats against U.S. critical infrastructure, the TSA is taking emergency action by requiring the development of an implementation plan that describes the measures transportation providers are or will be taking to strengthen cybersecurity resilience and prevent operational disruption and infrastructure degradation. Providers also much proactively assess the effectiveness of these measures, which must include:
Developing network segmentation policies and controls to ensure operational technology (OT) systems can continue to operate safely in the event that an information technology (IT) system has been compromised, and vice versa.
Creating access control measures to secure and prevent unauthorized access to critical cyber systems.
Implementing continuous monitoring and detection policies and procedures to defend against, detect, and respond to cybersecurity threats and anomalies that affect critical cyber system operations.
Reducing the risk of exploitation of unpatched systems through the application of security patches and updates for operating systems, applications, drivers, and firmware on critical cyber systems in a timely manner using a risk-based methodology.”
Although each of these four measures must be followed by Rail, Air, and Pipeline Transportation companies, the specific criteria for each sector is varied:
In order to fulfill TSA’s requirements, airports and airlines must ensure the above measures are applied to all directly and indirectly connected assets. These range from the standard IT assets that control ticketing, navigation, and physical security information, to the OT and building management system (BMS) equipment that supports everything from baggage handling to aircraft maintenance, to the IoT and IIoT devices that power climate control, passenger tracking, and even aircraft safety processes, among countless others.
In addition to the above four requirements, pipeline owners and operators must establish and execute a Cybersecurity Implementation Plan explaining how they will achieve the above security outcomes, develop and maintain a comprehensive Cybersecurity Incident Response Plan and establish a Cybersecurity Assessment Program to regularly test and audit the effectiveness of cybersecurity measures.
Similar to pipeline owners and operators, rail transportation owners must establish a Cybersecurity Assessment Program and submit an annual plan to TSA. This plan should describe how the railroad will proactively test and regularly audit the effectiveness of cybersecurity measures, and identify and resolve device, network and/or system vulnerabilities.
By implementing a strong foundation for securing their critical infrastructure, airports and airlines, pipeline owners and operators, and rail carriers can prevent themselves from emerging transportation cyber threats. The difficulty, however, is where to begin.
In order to comply with the TSA cybersecurity requirements, providers must first gain complete visibility into all connected assets that underpin their critical operations. By establishing an asset inventory spanning their entire XIoT, organizations can gain a single source of truth as the foundation for protecting their operations, while adhering to this TSA directive along with other cybersecurity requirements. Once established, organizations can utilize their asset inventory to determine how assets are communicating with one another on the network. This baseline of communication will allow for the proper network segmentation policies to be enforced, allowing organizations to easily fulfill the first portion of TSA requirements.
Highly controlled yet frictionless remote access to critical systems is essential to operational continuity in the transportation sector. With a solution like Claroty’s Secure Remote Access, organizations can meet the TSA cybersecurity requirements for access control with respect to both onsite and remote, as well as both internal and third-party, users. The various transportation industry segments have a complex attack surface due to the combination of proprietary protocols used by XIoT assets and the escalation of cyber threats in recent years, making continuous monitoring and detection policies and procedures difficult to achieve. At Claroty, we have deep visibility and domain expertise that enables us to continuously monitor even the most obscure environments, alert organizations to real threats, and fulfill TSA’s third security measure.
Legacy systems and unpatched vulnerabilities are unfortunately the status quo in the transportation industry. Thankfully, Claroty understands the complex and consequential nature of these environments and has developed enterprise-wide visibility and domain expertise that defends our customers' environments against insecure protocols, common vulnerabilities and exposures (CVEs), and other security weaknesses. We also offer fully customizable risk scoring to help organizations understand the risk of each vulnerability and how to prioritize their remediation efforts. These capabilities and guidance allow the rail, air, pipeline transportation segments to both comply with TSA requirements and to drive cyber resilience across their critical operations and infrastructure.
By establishing security standards for the transportation industry the TSA aims to reduce the risk of cyberattacks on critical infrastructure and ensure the safety and security of passengers. As the XIoT becomes increasingly interconnected, we’ve seen implications from an attack on a specific segment, like the Colonial Pipeline incident, spill over to other critical operations and cause unprecedented disruption. Luckily, Claroty has developed a comprehensive portfolio that not only helps transportation organizations comply with the TSA cybersecurity directive and other industry standards and regulations, but supports use cases across the entire industrial cybersecurity journey. These extensive transportation cybersecurity solutions allow organizations to protect the systems that underpin their most critical operations and infrastructure — and, ensure cyber and operational resilience.
