As transportation becomes an increasingly connected industry, cyber-based vulnerabilities make the infrastructure that supports it weak and prone to exploitation, according to ABI Research.
In a report, Critical Infrastructure Security: Transportation, the technology market intelligence company suggests that digitization and internet connectivity are changing the nature of transportation.
From driverless cars, to automated trains, and more recently connected aircraft, the transition to connectivity is inevitable, but it comes with benefits. Businesses that manage large fleets are now able to better track and manage their vehicles to reduce expenditure thanks to IoT-based locations technology; airlines are looking to connected technologies like ingestible sensors to improve the passenger experience; and freight companies are connecting their assets in order to simplify global supply chains.
“Underlying this is a gradual transition from closed legacy systems that operate in siloed obscurity to open, modern platforms connecting to all kinds of assets,” ABI Research said. “This evolution, however, is fraught with obstacles, notably around security” due to vulnerable infrastructure. Japanese automotive company Honda was recently forced to halt production at one of its manufacturing plants due to an infection by the WannaCry ransomware virus that appeared in May, for example.
Lucrative but vulnerable
ABI Research estimates that roadways will account for most of cybersecurity spending in the transport sector, with $5 billion estimated by 2022. Aviation and railways will follow closely, with $3.9 billion and $3.5 billion respectively, and maritime will account for the smallest share with $1.4 billion. Collectively, that’s almost $14 billion in spending by 2022. It’s a lucrative opportunity.
To realize this, industrial control systems (ICS), which manage and regulate the devices or connected machines in a system, will play an increasingly crucial role in connecting these operational technologies (OT) in the transportation sector. Previously, closed transportation systems did not always require manufacturers or operators to apply digital security. With internet connectivity, however, security is paramount.
“The new generation of ICS is internet-enabled, using commercial off-the-shelf software and leveraging a range of non-proprietary protocols,” says Michela Menting, research director at ABI Research. “They are increasingly automated, highly integrated, and interconnected with a vast range of different devices in both IT and OT.
“While the transportation sector places heavy reliance on functional safety and physical security, the cyber protection of connected OT is currently inadequate and will require some significant work.”
“Transport stakeholders will have to implement digital security if they want to successfully realize the efficiencies and cost savings that connected OT promises to deliver,” concludes Menting. “This will require forethought and planning, and collaboration between cybersecurity experts and IT professionals, OT specialists, engineers, control system manufacturers, and process operators, within the modes, across the sectors, and with private and public stakeholders internationally.”
ABI Research suggests that a different mindset will need to be adopted by OT management. The company has sounded the death knell for “static, checklist-based maintenance” in favor of real-time intelligence, facilitated by IoT tools. Above all else, however, cybersecurity must be considered as one of the core components in any digital transformation strategy.
Minimizing the risk
Naturally, the move to connect the previous unconnected opens up doors for vendors to sell their cybersecurity wares. However, Javvad Malik, security advocate at cybersecurity company AlienVault, told Internet of Business that securing connected devices in the transportation sector has “proven to be a challenge.”
“Transportation faces many risks, that if realized, could result in serious impact to human life,” Malik said.
“Recent events have shown that it’s not just the core systems that need to be impacted to cause major disruption. A DDoS or similar attack against the network can render systems unavailable with no manual workaround.
“The biggest danger is that no matter how many preventative controls are put in place, once systems are publicly connected, there will always be attacks that can bypass controls. As such, it becomes essential to not only detect, but be able to respond in a timely manner. For example, if a vehicle is compromised while travelling on the motorway, there is little to no time for an alert to be investigated by an analyst that can then take action. As such, automation and orchestration is vital to respond to attacks in near real-time to minimize the success of attacks.”
The concerns Malik raises resonate with consumers. A recent survey by enterprise information management company, OpenText, found that 46 percent of consumers would not feel comfortable being a passenger in a driverless car.
Nevertheless, the potential benefits mean that connectivity is set to transform the transportation sector, anyway, it seems. The challenge of securing these systems is being dealt with along the way.