december 2021-january 2022 - 14

[
SAFETY & SECURITY
]
Think Mass Transit is Ready for
Cybersecurity Breaches? Time to Think Again.
The more connected companies and systems become,
the greater the risk is of a potential security breach.
A
Chris Barker
Secuvant Executive Board
Member, Transportation &
Smart Cities Advisor
Jason Stokes
CISO and Vice President,
Security Services
CCORDING TO A STUDY BY THE UNIVERSIty
of Maryland, a cyberattack happens every
39 seconds, often preventable attacks when the
correct measures are in place. As mass transit
systems become more IP enabled and connected
to the internet, these attacks are on the rise.
Transportation relates to more than just moving
people. With COVID-19, transportation services
were increasingly relied upon for delivering
everything from food, medicine and other vital
services. COVID-19 also forced companies to pivot
to remote work and a culture of working from
anywhere. This transition required remote worker
access to critical company computing systems via
Virtual Private Networks (VPNs) and internet of
things (IoT) portals, which opened up an array of
gateways for hacking incidents to occur.
While
transportation
network systems
are becoming
increasingly IP
connected, they
often use overthe-counter
virus
and cybersecurity
software and
firewalls that
don't offer
the security
protection they
need.
Recent Transportation Cyberattacks
and Lessons Learned
At the heart of any functioning transportation
system is reliable access to fuel. The recent cyberattack
on the Colonial Pipeline, one of the largest
private fuel pipeline operators in the United
States and the supplier of approximately 45 percent
of the fuel on the East Coast, highlighted
the problem. A compromised network password
led to a ransomware attack and shutdown of the
pipeline creating fuel shortages that greatly impacted
East Coast transportation operations.
The attackers targeted the business side of the
pipeline operations: making it clear that their
motivation was money. Had they targeted the
operations side of the business, the crisis could
have stretched beyond a single week. While a
third-party security organization was hired to
determine the source of the breach, the company
paid $5 million to the attackers to restore systems.
Following the Colonial Pipeline incident, the
Department of Homeland Security (DHS) issued
new cybersecurity standards but some of these
standards will take time and money to implement,
which Colonial says it is doing.
The Colonial Pipeline hack is just one of many
recent incidents impacting the North American
transportation system. The San Francisco
14 | Mass Transit | MassTransitmag.com | DECEMBER 2021/JANUARY 2022
Municipal Transportation Agency suffered a
ransomware attack on 2,000 computers. Toronto
suffered a similar attack on its subway
system, directly impacting control operations.
And Martha's Vineyard ferry service endured a
ransomware attack in June of 2021.
The largest takeaway from these attacks? Mass
transit systems responsible for transporting 34
million passengers a day are targets for increased
cyberattacks and offer hackers and other bad actors
a potential gold mine of opportunity.
Prevention and New Guidelines
One of the issues for transportation organizations
is a lack of funding and internal/external
staffing resources required for deploying a robust
cybersecurity plan and defense against unwanted
cyberattacks. While transportation network
systems are becoming increasingly IP connected,
they often use over-the-counter virus and cybersecurity
software and firewalls that don't offer
the security protection they need.
As a result, the Cybersecurity and Infrastructure
Security Agency (CISA) has instituted new
rules: All pipeline operators need to have a cybersecurity
coordinator who can be reached 24/7
in the event of any incident. In June 2021, all
pipeline operators had to report to CISA and the
Transportation Security Administration (TSA)
on the current state and protection of their systems
and what their plans were for correcting
any deficiencies.
By October, TSA also went beyond mandates
for pipelines and implemented guidelines for all
the major rail systems, including Amtrak and
larger transit and subway systems like those
in New York, Washington, D.C., and Chicago.
Regulations include the requirement to have a
cybersecurity response contact, that all breaches
be reported to CISA and have an incident
recovery plan.
Some feel that these regulations don't go far
enough. Bad actors continue to develop more
sophisticated ways to attack vulnerable systems,
and they include not only nation-states
who intend to threaten national confidence and
http://www.MassTransitmag.com

december 2021-january 2022

Table of Contents for the Digital Edition of december 2021-january 2022

Editor’s Notebook
People & Places
Metro Transit Credits Constant Collaboration with Law Enforcement Partners as Key to Security Success Trend results include crime
Think Mass Transit is Ready for Cybersecurity Breaches? Time to Think Again.
2021 Transit Safety & Security Report
Implementing Zero- Emission Technology
APTA Expo 2021 Recap
Mass Transit Supplier Directory Company Listings
Mass Transit Supplier Directory Product Category Listings
Products
The Scheduling Conundrum
december 2021-january 2022 - 1
december 2021-january 2022 - 2
december 2021-january 2022 - 3
december 2021-january 2022 - 4
december 2021-january 2022 - 5
december 2021-january 2022 - Editor’s Notebook
december 2021-january 2022 - 7
december 2021-january 2022 - People & Places
december 2021-january 2022 - 9
december 2021-january 2022 - 10
december 2021-january 2022 - 11
december 2021-january 2022 - Metro Transit Credits Constant Collaboration with Law Enforcement Partners as Key to Security Success Trend results include crime
december 2021-january 2022 - 13
december 2021-january 2022 - Think Mass Transit is Ready for Cybersecurity Breaches? Time to Think Again.
december 2021-january 2022 - 15
december 2021-january 2022 - 2021 Transit Safety & Security Report
december 2021-january 2022 - 17
december 2021-january 2022 - 18
december 2021-january 2022 - 19
december 2021-january 2022 - 20
december 2021-january 2022 - 21
december 2021-january 2022 - Implementing Zero- Emission Technology
december 2021-january 2022 - 23
december 2021-january 2022 - 24
december 2021-january 2022 - 25
december 2021-january 2022 - APTA Expo 2021 Recap
december 2021-january 2022 - 27
december 2021-january 2022 - 28
december 2021-january 2022 - 29
december 2021-january 2022 - Mass Transit Supplier Directory Company Listings
december 2021-january 2022 - 31
december 2021-january 2022 - 32
december 2021-january 2022 - 33
december 2021-january 2022 - 34
december 2021-january 2022 - 35
december 2021-january 2022 - 36
december 2021-january 2022 - 37
december 2021-january 2022 - 38
december 2021-january 2022 - 39
december 2021-january 2022 - 40
december 2021-january 2022 - 41
december 2021-january 2022 - 42
december 2021-january 2022 - 43
december 2021-january 2022 - 44
december 2021-january 2022 - 45
december 2021-january 2022 - 46
december 2021-january 2022 - 47
december 2021-january 2022 - Mass Transit Supplier Directory Product Category Listings
december 2021-january 2022 - 49
december 2021-january 2022 - 50
december 2021-january 2022 - 51
december 2021-january 2022 - 52
december 2021-january 2022 - 53
december 2021-january 2022 - 54
december 2021-january 2022 - 55
december 2021-january 2022 - 56
december 2021-january 2022 - Products
december 2021-january 2022 - The Scheduling Conundrum
december 2021-january 2022 - 59
december 2021-january 2022 - 60
https://www.nxtbook.com/endeavor/masstransit/march-april-2024
https://www.nxtbook.com/endeavor/masstransit/january-february-2024
https://www.nxtbook.com/endeavor/masstransit/november-december-2023
https://www.nxtbook.com/endeavor/masstransit/mass-transit-at-the-show-2023
https://www.nxtbook.com/endeavor/masstransit/september-october-2023
https://www.nxtbook.com/endeavor/masstransit/july-august-2023
https://www.nxtbook.com/endeavor/masstransit/may-june-2023
https://www.nxtbook.com/endeavor/masstransit/march-april-2023
https://www.nxtbook.com/endeavor/masstransit/february-2023
https://www.nxtbook.com/endeavor/masstransit/december-2022-january-2023
https://www.nxtbook.com/endeavor/masstransit/november-2022
https://www.nxtbook.com/endeavor/masstransit/september-october-2022
https://www.nxtbook.com/endeavor/masstransit/july-august-2022
https://www.nxtbook.com/endeavor/masstransit/june_2022
https://www.nxtbook.com/endeavor/masstransit/april-may_2022
https://www.nxtbook.com/endeavor/masstransit/march_2022
https://www.nxtbook.com/endeavor/masstransit/february_2022
https://www.nxtbook.com/endeavor/masstransit/at-the-show-2021
https://www.nxtbook.com/endeavor/masstransit/december-2021-january-2022
https://www.nxtbook.com/endeavor/masstransit/november-2021
https://www.nxtbook.com/endeavor/masstransit/september-october_2021
https://www.nxtbook.com/endeavor/masstransit/july-august_2021
https://www.nxtbook.com/endeavor/masstransit/mass_transit_june_2021
https://www.nxtbook.com/endeavor/masstransit/aprilmay2021
https://www.nxtbook.com/endeavor/masstransit/december2020january2021
https://www.nxtbook.com/endeavor/masstransit/november2020
https://www.nxtbook.com/endeavor/masstransit/septemberoctober2020
https://www.nxtbook.com/endeavor/masstransit/julyaugust2020
https://www.nxtbook.com/endeavor/masstransit/june2020
https://www.nxtbook.com/endeavor/masstransit/aprilmay2020
https://www.nxtbook.com/endeavor/masstransit/Mass_Transit_March_2020
https://www.nxtbook.com/endeavor/masstransit/february2020
https://www.nxtbook.com/endeavor/masstransit/december2019january2020
https://www.nxtbook.com/endeavor/masstransit/november2019
https://www.nxtbook.com/endeavor/masstransit/Mass_Transit_September_2019
https://www.nxtbook.com/endeavor/masstransit/julyaugust2019
https://www.nxtbook.com/endeavor/masstransit/2019railproductguide
https://www.nxtbook.com/endeavor/masstransit/june2019
https://www.nxtbook.com/endeavor/masstransit/2019busandparatransitproductguide
https://www.nxtbook.com/endeavor/masstransit/aprilmay2019
https://www.nxtbook.com/endeavor/masstransit/march2019
https://www.nxtbook.com/endeavor/masstransit/february2019
https://www.nxtbookmedia.com