As the world’s leading provider of onboard Internet connectivity solutions for mass transit, cybersecurity is a vital consideration for Icomera. We work closely with our partners, offering expert knowledge and powerful tools for securing their online systems, across tens of thousands of Buses, Coaches, Trams and Trains worldwide.
Integrated networks undoubtedly offer a vast range of benefits, however greater connectivity increases the ‘attack surface’ i.e. the number of potential entry points hackers can target. If a single vulnerability in one system is discovered, all other networked systems may also be exploited.
Earlier this year, local Senators penned a letter of caution urging the Washington Metropolitan Transit Authority (Metro) to take stronger steps in guarding the subway cars it plans to buy from China, from electronic spying.
Experts seem to agree that a deal with state-owned China Railway Rolling Stock Corp. (CRRC) to build up to 800 of Metro’s 8000-series rail cars – a contract likely to be worth more than $1 billion – could present the possibility of video and conversation monitoring, as well as passenger safety concerns, if adequate safeguards are not put in place.
As the world moves toward the future of a more connected “Internet of Things” against an increasingly uneasy global political backdrop, it is imperative that U.S. transit operators take necessary steps to protect passengers and assets from individuals acting for financial gain, as well as state-sponsored initiatives looking to exploit critical national infrastructure.
Knowledge is Power
Developing knowledge of how attacks work is the first step in building preventative frameworks for cybersecurity.
Two critical questions to ask today are:
“How would you know if your systems were being hacked?” and;
“How long would it take to audit your systems if you suspected a breach?”
If you are not entirely sure how to answer these questions, one of the best courses of action you can take is to go out and talk to your system suppliers, companies you partner with, and understand how they approach cybersecurity and how they mitigate your overall risk.
Timing is Key
Despite the common misconception that cyber-attacks are single discrete events, hacks may take many months to complete, with hackers undertaking reconnaissance, preparation, and coding of tools before being able to compromise systems.
A key point to note is that the magnitude of financial damage from a hack increases over time, resulting in wider service disruption, more affected systems, lower confidence of staff and customers, and a higher likelihood of data theft and reputational harm.
Breaking the Chain
Time is therefore critical in defeating attacks, as an entire chain of events must fall into place for them to prove successful. Stopping hacks involves breaking these chains, with early discovery allowing for hacks to be stopped in their tracks with minimal financial impact.
Seeking Reliable Partners
The sign of a good supplier of onboard Internet connectivity solutions is their ability and willingness to provide their certifications, independent assessment reports, and to demonstrate a solid security-conscious culture embedded in their company.
Through implementing a robust, process-based, and risk-driven approach to information security management, Icomera has received ISO 27001 certification, allowing us to better protect our digital partners.
When it comes to cybersecurity for our customers, there is no “one-size-fits-all” solution. That’s why Icomera offers bespoke consultancy services to mass-transit operators and authorities connected with our systems – focusing on industry-specific risks, system configuration, goals/requirements, as well as budgetary or structural limitations.
In the second instalment of this series, we offer an in-depth look at the processes used to prevent and stop security breaches.