Search

What Are the Cybersecurity Risks for Transportation Operators?

2019-11-20
214
0

We are witnessing the rapid adoption of digital technology across industries. The number of devices connected to the Internet is growing at an exponential rate, laying the foundations for the development of Smart Cities. With the technology landscape moving so quickly, what does it mean for a crucial industry such as transportation?

After all, Smart Cities are surely going to require ‘Smart Transportation’ to allow the smooth flow of passengers and cargo — not to mention that of critical data, which will help to improve operating efficiency. However, as our transportation networks become smarter, they will also become exposed to the ever-present threat of cyberattacks — a risk highlighted in our recent whitepaper.

This is not a problem that can be simply ignored or wished away. The earlier that transportation operators get serious about cybersecurity, as they move into the smart transportation era, the sooner they can secure their systems.

Cyber risk 1: The constant stream of data

To serve the needs of future Smart Cities, transportation networks will need to be constantly connected, to allow data to flow seamlessly across multiple networks, applications, and systems. This free-flowing movement of data will enable the synchronization of schedules between public transportation and feeder buses, for example, allowing commuters to better plan their journey.

However, this is also a double-edged sword: Management of heavy data flows can distract operators from spotting vulnerabilities until it’s too late, allowing cyber criminals to use high data traffic to mask attempted probes and attacks on transportation systems.

To handle this threat, operators will have to remain constantly vigilant. Data gives operators real-time visibility over their physical infrastructure; this visibility also applies when it comes to digital networks.

With the right data-monitoring solutions, operators can map their entire network for high-risk vulnerabilities, and use that information to craft appropriate cyberattack response strategies, minimizing the risk of widespread disruption. This is a constant process, but it gets easier over time, with the right systems and mindset in place. Plus, as operators continue to fortify their network, the network will become increasingly resilient to new threats.

Cyber risk 2: The blurring between operational safety and cybersecurity

Unfortunately, many operators run the risk of regarding cybersecurity as a unique layer — one that exists separately from physical operations. Yet the increasing dependency on Traffic Management Systems (TMSs) to route vehicles and manage signaling, or on data to optimize traffic throughout an entire route, simply renders this thinking untrue.

As the interdependency between operational safety and cybersecurity grows, operators will face the twin pressures of ensuring the safety of passengers and cargo while guarding the digital infrastructure that their operations increasingly run on.

Operators, however, shouldn’t see this as a need to choose between the two worlds; instead, security and safety should be treated as parts of the same whole. This approach focuses on blending both safety and security into future transportation systems, co-designing and co-testing for both aspects in every element of the network.

For example, operators could try to understand the extent of how the operation — or failure — of different parts within a system will impact both the safety and security of its whole. Doing this would lead to systems with intentionally designed safety and security measures that complement each other, or automatically isolate one from the other, in the event of a breach.

Cyber risk 3: Cybersecurity risk becomes a business blind spot

In their efforts to improve their security, operators also risk becoming overwhelmed by growing digital complexity. They may be inundated by rising technical complexity — such as hardware conflicts or different standards of security — even as they continue to digitize existing routes or scale operations to meet increasing urban demand. Just as in any other business, operators can reduce this inevitable level of complexity and pressure by partnering with the right set of vendors and service providers.

Indeed, as they continue to digitize and connect more elements of their operation, operators should adopt solutions such as HUAWEI CLOUD, which have security built into their core from the edge right up to the data center, with functions and services safeguarding an operator’s data flows every step of the way.

Huawei also guides customers to optimize systems, applications, and networks linked to HUAWEI CLOUD, further bolstering security and allowing businesses to shift their focus toward improving their operations and performance.

Cyber risk 4: Standardization and independent assessments

Supported by governments, operators should work closely with vendors to ensure effective assurance testing for equipment, systems, and software, as well as to support specific evaluation arrangements. With the growing threat of cyberattacks, industry is constantly evolving and pushing greater levels of standardization, certification, and the common processes — especially independent assessment — of supplier products and solutions.

The new approaches should increase understanding across all areas, including engineering and design processes, ongoing product support, and vulnerability remediation. The assessment and evaluation of products from different vendors should be the same, as each supply chain will carry the same level of risk.

Cyber risk 5: Cybersecurity isn’t a workforce ‘culture’

Even with secure digital infrastructure, cyberattacks and breaches can still occur if the people using those systems do not view security as a priority. Without proper instruction, some personnel may regard cybersecurity solely as the IT department’s responsibility, and continue to exhibit behaviors that can become indirect vectors of attack for cyberattacks and malicious actors. Just imagine what would happen if a vehicle operator interfaced their unsecured device with mission-critical infrastructure, like the TMS, for instance.

Remedying this will require operators to infuse cybersecurity into the very fabric of their workforce, and the best way to perform this is by amplifying the growing safety-security relationship — that is, associating cybersecurity with the stringent employee safety measures already in place in most transportation networks.

To enforce this, operators must also rewrite their safety rulebook, ensuring cybersecurity measures are included in every operational procedure, process, or guideline. But most importantly, they must give their people the space, time, and support to understand the importance of cybersecurity and its impact on their daily workflows.

Operators shouldn’t view, or raise, cyber risk as a reason to delay digitization; they must view it as a strong motivation to continuously improve the integrity and robustness of their networks. Only then can they ensure their continuous relevance to both the needs of future customers and the development of future Smart Cities — while guaranteeing the safety, efficiency, and reliability of their day-to-day operations.

TOP