Cybersecurity in the transportation
As transport operators continue to digitize their operations to improve communications, signaling, timetabling and passenger experience, they cannot afford to ignore the associated cybersecurity risks.
Organizations transporting goods and passengers across air, rail, road, and sea need to ensure they maintain a strong cybersecurity posture by proactively identifying and addressing risks plus detecting and responding to threats swiftly and effectively.
Key challenges faced by organizations in the transport sector include:
• Maintaining continuity and safety of essential services and operations
• Improving aging and fragmented network infrastructure
• Protecting the personal data of passengers and clients
• Reducing cyber risks across the supply chain
• Balancing smart innovations and security
Key security questions for transport operators
Security questions organizations in the transportation sector should be asking:
How often is digital infrastructure tested for vulnerabilities?
Are suitable controls in place to defend against targeted attacks?
Are systems able to identify threats that bypass the perimeter?
Is there a plan in place to detect, remediate and report breaches?
What systems and controls are in place to mitigate insider threats?
How are security risks in the supply chain managed?
Cybersecurity compliance in transportation
As the transportation sector moves to digitize their processes, companies are also looking into safeguarding their systems against hacking and other malicious attempts to disrupt freight rail operations. Those efforts to address cybersecurity are partly because federal regulations, not just in the U.S. but also for other countries, are starting to require companies to tackle the issue.
Airlines, train operators and other private and public transport organizations that accept card payments also need to comply with the requirements of the PCI DSS. These include maintaining a secure network, implementing robust security policies, proactive threat monitoring and vulnerability management.
Meanwhile, government efforts to address cybersecurity in transportation include the Transportation Security Administration’s initiatives to disseminate information on cybersecurity and a federal working group involving several agencies to address cybersecurity research and development among several sectors, including transportation.
Any transport operator that processes personal information must also make efforts to protect it from unauthorized processing, loss or destruction under the requirements of the GDPR and DPA 2018. Non-compliance and failure to report breaches within 72 hours could lead to a large fine.