Preventing Cybercrime on Connected Transport: Defense in Depth

Previously we discussed why robust cybersecurity is important and the ramifications that mass-transit operators and authorities face without it, along with the first steps in preventing and stopping security threats.

Knowledge of threat patterns and basic security routines is an ideal starting point; however, more must be done in order to effectively fortify a system.


A Secure Future for U.S. Infrastructure

Through the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework, the U.S. Department of Commerce enables innovation by providing the means of keeping technological advancements in infrastructure sectors secure against vulnerabilities.

While adoption of the framework is currently voluntary, there is a clear shift toward tighter regulatory oversight where cybersecurity is concerned and rules that currently apply to Federal Agency Heads may soon trickle down to all business owners, particularly those with as much national supply chain integration as mass-transit operators.

Additionally, it should be noted that Directors and Officers may still find themselves open to civil liability suits if their unpreparedness is found to be in breach of duty to their customers.

It is therefore vital that all mass-transit operators and authorities plan ahead, adopting long-term thinking where their cyber-risk management policies are concerned.


A Wall is Not Enough

Mass-transit operators must remember that a single line of defense is not enough. Instead, operators should think of the process as the construction of a multi-layered fortress around their networks, using the NIST’s framework of: Identify, Protect, Detect, Respond, Recover.

The best engineering can only go so far without active monitoring, real-time detection and risk-control policies being put in place, which is why Icomera’s solutions are designed to help operators follow the NIST’s framework and Identify potential risks, Protect against them, Detect, then Recover from attacks.


Detect, Respond, Recover

Cyber-attack methods that were once thought to be purely theoretical are now practically possible, due to the increase in the size of potential attack areas; so monitoring systems should be able to focus on known attack types, as well as completely new ones.

Effective detection systems must therefore be attuned to what is “normal” for each operator’s systems, with a focus on anomaly detection and continuous learning as integrated systems develop over time, along with the attacks that threaten them.

Pre-prepared incident response plans should be deployed if anomalous activity is detected. Remediation processes should also exist to regain control of systems, shutdown exploited entry-points and re-establish compromised networks as soon as possible.

In addition, effective cybersecurity is better achieved through collaboration, with suppliers and partners being just as vital to the process as the operators themselves.


Security at the Heart of Everything

As part of our commitment to the security of our customers and their passengers, Icomera networks are designed from the ground up with security in mind, per our ISO 27001 certification for information security management. We work together with independent cybersecurity specialists and 3rd party solution providers to ensure unrivalled protection for our customers.

Icomera systems are installed with a broad range of effective built-in defenses, including but not limited to: Firewall defenses, system configuration according to best practices, access control, content filtering, VLAN traffic segregation, system logs, automatic recovery and automatic updating of security and vulnerability patches deployed simultaneously to the entire fleet.