Transportation is one of those industries that affects everyone in the world just about every day of the year. It encompasses motor vehicles, roadways, bridges and tunnels; planes and airports; trains, tracks and stations; boats, ships and ports—basically any entity that helps get people and things from point A to point B or beyond.
So it goes without saying that ensuring the security of systems, networks, applications and data that support or maintain the transportation infrastructure in any way is critical to the protection of individuals and the well being of society.
An information security breakdown in the transportation sector can cause delays, impact the economy and even put peoples’ safety at risk. The government is largely responsible for mandating industry practices that keep travelers safe, but it’s also up to transportation companies such as airlines and shipping lines to ensure they have effective security technologies and policies in place.
The Intelligent Transportation Society of America (ITS America), the largest U.S. organization dedicated to advancing the research, development and deployment of intelligent transportation systems (ITS) to improve the nation’s surface transportation system, noted in a report that long-term vision for the industry requires a comprehensive and sober assessment of the threats to safety and mobility systems in transportation.
“Although there are no instances in highway transportation where cyber attacks resulted in a system failure that lead to a death or injury, the specter of such outcomes is frightening,” the report says. “The potential objectives that may drive attackers to exploit vulnerabilities and compromise transportation systems may vary widely, but the overall outlines for attack are conceivable in most transportation products and services.”
And securing some aspects of transportation are clearly becoming more complex. Along with the emerging Internet of Things will come next-generation vehicles that are designed to communicate with each other as well as with other entities; and an intelligent highway infrastructure.
In a recent report, “Connected Vehicle Assessment—Cybersecurity and Dependable Transportation,” ITS America noted that it’s likely that more than a billion connected machine-to-machine (M2M) devices will be in highway transportation, of which more than half will be road vehicles.
“Securing M2M applications, and preventing mischief and mischance, will be major tasks for the transportation sector,” the report states. “The connectivity of billions of new vehicle- or infrastructure-based sensors and ‘big data’ analytics promises to bring new insights into how transportation assets are currently utilized, and how safety and mobility outcomes might be improved. However, there are concerns about the security of these devices and the potential for compromise and misuse.”
The growth of M2M in the automotive sector will likely be more rapid than anticipated, ITS America says, as mobile devices will be “aftermarketed” by technology companies onto the end of the automotive supply chain. Expectations of consumers and businesses will lead to the introduction of bring your own device (BYOD) to vehicles, since road users will want to take advantage of useful mobility, logistics and infotainment applications and services.
Transportation is not only becoming more connected, the ITS America report says, but increasingly dependent on complex computing systems and software. Current automotive electronics and highway advanced traffic management systems (ATMS) and their component field devices such as traffic signals, roadside sensors and dynamic message signs include computing hosts, electronic microcontrollers and application software that are networked to each other but generally isolated from the rest of the connected world.
“Security controls for these kinds of systems, in particular for older legacy technologies, typically focused on the simple necessity of reducing the risk of physical product tampering or theft,” the study notes. “However, the security and threat environment is beginning to shift around transportation systems as they become externally connected to the wider world.”
While most enterprises have adopted commodity computing platforms and common networking standards, vehicle and traffic management systems have for the most part maintained costly legacy architectures built upon decades of sector-specific experience, practice and product development, ITS America says. These systems were assumed to be too obscure to garner any unwanted attention from potential adversaries.
But the days of “security through obscurity” have likely passed, the report says, as transportation systems become more connected.
“Automotive manufacturers, fleet managers and road operators see huge potential efficiencies in increasing centralized remote automated monitoring and control of systems to reduce maintenance or operations costs or increase road user convenience,” it says.
There have been several documented attacks on transit and road operators, such as the hacking of Web sites and in-the-field traffic control devices, ITS America says.
Interested in how we tackle security in other sectors? Browse through our vertical series.