Razor Secure CEO Warns Transport Companies of More Cyber Threats
Following the recent ‘cyber-jacking’ of the San Francisco Municipal Transportation Agency (Muni), Alex Cowan, the CEO of transport cyber defence experts Razor Secure, has warned rail, aviation and car manufacturers and operators that many more attacks on their distributed IT assets and networks will happen in the coming new year.
The Muni hackers were able to use crypto-locker software to disable parts of their infrastructure, leaving the company unable to charge passengers for their journeys. But the financial costs may not stop there as the hackers also demanded a ransom to release the systems back to the company. Ransom attacks like this cause not only financial but also reputational damage, so the true cost is incalculable.
Presenting at the recent Hacktrain 3.0 (an event dedicated to developing new and innovative transport solutions, which Razor Secure helped judge) Alex described how cyber-attacks on transport networks were an ever-increasing threat to the safety of passengers.
He said; “Security vulnerabilities exist in the most unlikely places throughout all transports networks and since these networks are by definition on the move and distributed, they can be much harder to protect. They are characterised by weakness. Attacks on ‘non-critical’ networks, such as entertainment systems or passengers WiFi may seem no more than inconvenient at the time but they can be a path to much greater access for the hacker.”
No one yet knows how the hackers accessed the Muni network but Cowan’s point regarding the unlikely access points will become more relevant as more devices become connected and the Internet of Things expands. The proliferation of access points to ever bigger networks presents a huge challenge for those tasked with protecting our transport grids.
The threat cannot be overstated as the Chancellor, Philip Hammond recently highlighted when he announced that his government will be spending £1.9 billion on cybersecurity. “If we do not have the ability to respond in cyberspace to an attack which takes down our power network – leaving us in darkness or hits our air traffic control system grounding our planes – we would be left with the impossible choice of turning the other cheek, ignoring the devastating consequences, or resorting to a military response” he said.