TRANSPORT CYBERSECURITY

Cybersecurity training for the transport and logistics industry



Overview

The Transportation Systems Sector consists of seven key subsectors, or modes:

Aviation includes aircraft, air traffic control systems, airports, heliports, and landing strips. They provide commercial aviation services at civil and joint-use military airports, heliports, and sea plane bases. In addition, the aviation mode includes commercial and recreational aircraft (manned and unmanned) and a wide-variety of support services, such as aircraft repair stations, fueling facilities, navigation aids, and flight schools.

Highway and Motor Carrier encompasses millions of miles of roadway, bridges, and tunnels. Vehicles include trucks, including those carrying hazardous materials; other commercial vehicles, including commercial motorcoaches and school buses; vehicle and driver licensing systems; traffic management systems; and cyber systems used for operational management.

Maritime Transportation System consists of coastline, ports, waterways, and intermodal landside connections that allow the various modes of transportation to move people and goods to, from, and on the water.

Mass Transit and Passenger Rail includes terminals, operational systems, and supporting infrastructure for passenger services by transit buses, trolleybuses, monorail, heavy rail—also known as subways or metros—light rail, passenger rail, and vanpool/rideshare.

Pipeline Systems consist of pipelines carrying natural gas and hazardous liquids, as well as various chemicals. Above-ground assets, such as compressor stations and pumping stations, are also included.

Freight Rail consists of carriers, smaller railroads, freight cars, locomotives.

Postal and Shipping moves letters and packages each day and includes large integrated carriers, regional and local courier services, mail services, mail management firms, and chartered and delivery services.

Risks to critical transportation infrastructure include natural disasters as well as manmade physical and cyber threats. Manmade threats include terrorism, vandalism, theft, technological failures, and accidents. Cyber threats are increasingly important because of the growing reliance on cyber-based control, navigation, tracking, positioning, and communications systems, as well as the ease with which malicious actors can exploit cyber systems serving transportation.

Examples of other sectors’ dependence on transportation security and resilience include:

- The Chemical, Commercial Facilities, Critical Manufacturing, Defense Industrial Base, and Energy Sectors rely on transportation for the movement of raw materials, feed stocks, and products;

- The Commercial Facilities and Financial Services Sectors depend on postal and shipping to move essential paper transactions;

- The Emergency Services Sector depends on resilient transportation networks to respond effectively to emergencies;

- The Food and Agriculture Sector depends on the security of truck, rail, and maritime shipments to protect the Nation’s food supply chain; and

- The Healthcare and Public Health Sector depends on transportation, particularly postal and shipping services, for delivery of medical supplies, medicines, and organs, often in urgent circumstances.

Many cyber systems, such as control systems or data centers, are shared between multiple transportation entities. Cyber attacks that disrupt these systems could create consequences for critical infrastructure owners and operators across multiple modes. These interdependencies require special consideration of the potential consequences from cascading effects of an incident.

Customers and employees of the transport and logistics industry expect that the same level of protection extends to the digital assets that reside on transport and logistics systems, including their personal and financial information. The industry is obliged to respect this expectation, especially after the new privacy regulations, including the General Data Protection Regulation (GDPR).

The transport and logistics industry must comply with cyber security and privacy laws and regulations, and must follow international standards and best practices that protect customers and employees.

A new cybersecurity culture is necessary. It refers to the knowledge, beliefs, perceptions, attitudes, assumptions, norms, values, and expectations of customers regarding cybersecurity. Managers and employees must be involved in the prevention, detection, and response to deliberate malicious acts that target systems, persons, and data.


Target Audience

The program has been designed for all managers and employees working in the transport and logistics industry that have authorized access to systems and data.

The program is beneficial to suppliers and service providers of the transport and logistics industry.


Duration

One hour to one day, depending on the needs, the content of the program and the case studies. We always tailor the program to the needs of each client.


Instructor

Our instructors are working professionals that have the necessary knowledge and experience in the fields in which they teach. They can lead full-time, part-time, and short-form programs that are tailored to your needs. You will always know up front who the instructor of the training program will be.


Course synopsis, recommended training modules

Introduction.

- Transport and logistics stakeholders must strike a balance between operational requirements, business competitiveness and cybersecurity.

- Important developments in the transport and logistics industry after the new privacy regulations, including the General Data Protection Regulation (GDPR).

- Understanding the challenges.

Who is the “attacker”?

- Countries, competitors, criminal organizations, small groups, individuals, employees, insiders, service providers.

- Hacktivists and the transport and logistics industry.

- Professional criminals and information warriors.

- Cyber-attacks against passengers, baggage, cargo, catering, systems, staff, and all persons having authorized access to systems and data.

How do the adversaries plan and execute the attack?

- Step 1 – Collecting information about persons and systems.

- Step 2 – Identifying possible targets and victims.

- Step 3 – Evaluation, recruitment, and testing.

- Step 4 - Privilege escalation.

- Step 5 – Identifying important clients and VIPs.

- Step 6 – Critical infrastructure.

Employees and their weaknesses and vulnerabilities.

- Employee collusion with external parties.

- Blackmailing employees: The art and the science.

- Romance fraudsters and webcam blackmail: Which is the risk for the transport and logistics industry?

What do we need? How can it be exploited?

- a. Speed and convenience.

It is difficult to balance speed, convenience, and security.

- b. Effective and efficient access to the web site, computers, and systems.

Examples of challenges and risks.

- c. Great customer service.

Example - how it can be exploited.

- d. A nice facility and great housekeeping.

Example - “The cleaning staff’s hack”.

- e. Food, drinks, and entertainment.

Point-of-sale (POS) fraud and challenges.

Credit card cloning.

- f. Internet access.

Honeypots, rogue access points, man-in-the middle attack.

- g. Security.

Unauthorized access is a major problem, and social engineering is a great tool for attackers.

- h. Privacy.

The transport and logistics industry is considered one of the most vulnerable to data threats.

- i. Money (if they can sue the service provider for negligence).

What must be protected?

- Best practices for all employees that provide services and have authorized access to systems and data.

- What to do, what to avoid.

- From client satisfaction vs. cyber security, to client satisfaction as the result of cyber security.

Malware.

- Trojan Horses and free programs, games, and utilities.

- Ransomware.

Social Engineering.

- Reverse Social Engineering.

- Common social engineering techniques

- 1. Pretexting.

- 2. Baiting.

- 3. Something for something.

- 4. Tailgating.

Phishing attacks.

- Spear-phishing.

- Clone phishing.

- Whaling – phishing for executives.

- Smishing and Vishing Attacks.

Cyber Hygiene.

The online analogue of personal hygiene.

- Preparing and maintaining records.

- Entering and retrieving data into computer systems and devices.

- Researching and compiling reports from outside sources.

- Maintaining and updating files.

- Responding to emails and questions by telephone and in person.

- Ensuring that sensitive files, reports, and other data are properly tracked.

- Dealing with personnel throughout the company as well as external parties, customers, suppliers, service providers.

Case studies.

- What has happened?

- Why has it happened?

- Which were the consequences?

- How could it be avoided?

Closing remarks and questions.


For more information, you may contact us.



Transport Cybersecurity Toolkit training


Overview

The European Commission published on 16 December 2020 its Transport Cybersecurity Toolkit, a repository of tips and recommended practices to enhance cybersecurity and cyber-resilience in the transport sector.

Cybersecurity is becoming a growing concern for the transport industry. Yet, many employees remain insufficiently aware of the risks, and their actions may sometimes inadvertently open the door to attackers.

Against this background, the transport cybersecurity toolkit aims at contributing to greater levels of cyber-awareness and cyber-hygiene, with a specific focus on the transport sector. It addresses transport organisations, regardless of their size and domain of activity.

Concretely, the toolkit contains basic information on four threats that may affect transport organisations: malware diffusion, denial of service, unauthorised access and theft, and software manipulation.

For each of those threats, the toolkit lists good mitigating practices, which are relevant for all transport staff, regardless of their occupation.

The toolkit also contains a more advanced level, which provides information that is particularly relevant for security and cybersecurity professionals in transport organisations. This advanced level is organised by transport mode: air, maritime and land. For each transport mode, the toolkit provides guidance on identifying, protecting, detecting, and responding to cyber-threats.

We tailor the program to meet specific requirements. You may contact us to discuss your needs.


Target Audience

The Commission's Directorate-General for Mobility and Transport, which is responsible for EU policy on mobility and transport, has contracted the development of the Transport Cybersecurity Toolkit to enhanse the awareness and preparedness of transport stakeholders to cyber threats.

The Transport Cybersecurity Toolkit provides insights for understanding cyber threats and mitigating their impact on transport services, systems, and operations. This toolkit provides alternative awareness paths targeting:

- All transport staff. It targets all staff of transport organisations, from staff in transport service operations to administrative staff. It provides guidance towards an increased understanding and awareness of the most common cyber threats targeting transport services and systems. Additionally, it provides insights on how to deal with potential cyber threats, including identifying, reporting, and mitigating them by cybersecurity good practices.

- Transport decision-makers in cybersecurity across the different transport modes. It targets staff who have decision-making responsibilities for cybersecurity in transport organisations. This path highlights good practices tailored to the different transport modes for enhancing cybersecurity posture of transport organisations. In particular, it provides good practices in order to identify, protect, detect, and respond to emerging cyber threats targeting transport organisations.

The program is also beneficial to suppliers and service providers of the transport and logistics industry.


Duration

One hour to one day, depending on the needs, the content of the program and the case studies. We always tailor the program to the needs of each client.


Instructor

Our instructors are working professionals that have the necessary knowledge and experience in the fields in which they teach. They can lead full-time, part-time, and short-form programs that are tailored to your needs. You will always know up front who the instructor of the training program will be.


Course synopsis

Transport threat landscape.

- The cyber threat landscape is dynamic and continuously evolving. Nevertheless, it is possible to identify cyber threats, which all transport modes face in operations of services and systems.

- Emerging cybersecurity threats affecting different modes of transport.

Threat actors.

- Individuals or organisations that may potentially impact safety and security of transport services and systems.

Emerging cyber-threats.

- Selected cyber-threats that may potentially represent attack vectors impacting safety and security of transport services and systems.

- The most significant malicious actors intentionally targeting transport organisations: Cyber criminals, insiders, nation states and state-sponsored groups.

There are a substantial number of cyber threats targeting transport:

- distributed denial of service,

- denial of service,

- data theft,

- malware diffusion,

- phishing,

- software manipulation,

- unauthorised access,

- destructive attacks,

- falsification or bypassing of security operator decision process,

- masquerading of identity,

- abuse of access privileges,

- social engineering,

- defacement,

- eavesdropping,

- misuse of assets, and

- hardware manipulation.

The most pressing emerging cyber threats affecting transport are: Malware, (Distributed) Denial of Service, Unauthorised Access and Theft, and Software Manipulation.

Threat #1: Malware.

- Malicious software that may potentially affect individuals or organisations across transport modes.

Threat #2: (Distributed) Denial of Service.

- Cybersecurity attacks preventing individuals or organisation access relevant transport services and resources.

Threat #3: Unauthorised Access and Theft.

- Unauthorised access, appropriation, and exploitation of critical assets.

Threat #4: Software Manipulation.

- Cybersecurity attacks targeting software in order to modify its behaviour and conducting specific attacks.

Good practices against malware.

You can help to protect your organisation by following good practices for identifying and preventing the diffusion of malware, such as:

- Follow security policies such as scanning storage media and files for viruses, avoiding opening and emailing specific types of files (e.g. executable files such as .exe, .bat, .com, etc.), installing only authorised software, ensuring software (including antivirus) is up to date and functioning properly, and other policies.

- Backup your data regularly into secure (and authorised) data storage devices or services, which should support encryption mechanisms in order to protect data at rest and being available for data restore procedures.

- Protect with suitable security measures (e.g. password, encryption, etc.) all systems including mobile and endpoint devices, and remember to lock (physically and digitally) securely all systems if unattended.

- Avoid opening attachments and clicking on hyperlinks contained in unexpected emails and suspicious web browser popup windows with a strange body text or from unknown senders and internet domains.

- Avoid inserting into your computer untrusted or unknown removable devices such as USB sticks, hard disks, and other storage devices.

- Avoid disabling malware security measures (e.g. antivirus, software, content filtering software, firewall, etc.).

- Update installed software regularly to the latest available versions (which information security officers or system administrators may release with regular updates).

- Avoid using privileged (e.g. administrator-level) accounts and credentials for regular activities and operations.

- Report to information security officers or system administrators any suspicious email or unexpected system behaviour.

- Focus attention on information security among daily routine work in order to recognise IT security concerns and respond accordingly.

Good practices against Denial of Service.

You can help in protecting your organisation by identifying Distributed Denial of Service (DDoS) and Denial of Service (DoS) attacks. You should contact immediately your security and IT teams if you detect or experience any of the following indicators of potentially ongoing DDoS and DoS attacks for your services or systems:

- Increasing requests consuming network capacity (perceived as slow services and responses) resulting in service or system failures due to overload.

- Increasing demand of memory resources usage without an obvious reason.

- Unexpected behaviours of services and systems, frequent crashes, and strange error messages due to malicious consumptions of computational resources or network connections.

- Degraded performances of devices, long executions for trivial tasks and noticeable activities (e.g. noisy fan while devices performing slowly).

- Unexpected internet connections or loss of connections to services and systems.

- Subtle behavioural changes of operation controls or technologies resulting in physical damages.

- Denials of accesses to privileged or administrative accounts in order to block incident response procedures from recovering.

Good practices against Unauthorised Access and Theft.

In order to prevent attacks involving unauthorised access and theft, it is necessary to follow principles such as ‘need to know’ and ‘security and privacy by default’, which emphasise that sensitive and confidential assets (including personal and sensitive data, transport systems, etc.) should be accessible only to whom has the right to access them in order to perform their duties. You can help in protecting your organisation by following good practices for identifying and preventing unauthorised access and theft, such as:

- Follow security organisational policies.

- Avoid sharing and publishing online credentials and personal data, including pictures that may contain such information.

- Avoid using or transmitting credentials and personal data (and other sensitive data) to untrusted and unsecure networks, devices, or web services (e.g. websites that use unsecure protocols or addresses http:// and not secure ones https.//).

- Never reveal to anyone your credentials (e.g. login and password) even via email or phone.

- Protect sensitive data typed on keyboards or shown on screens (including on mobile devices) from unauthorised individuals, install privacy screens, and avoid working from public places with private devices, and avoid leaving any device unlocked and unattended.

- Use complex passwords (e.g. sufficiently long password combining alphanumerical and special characters) complying with relevant organisational security policies in order to prevent unauthorised access.

Good practices against Software Manipulation.

You can help in protecting your organisation by following good practices for identifying and preventing software manipulation, such as:

- Avoid installing unreliable software on systems and devices (including personal computers, servers, peripherals, network devices, smartphones, etc.).

- Always install software and updates from official sources and websites (e.g. producers, corporate repositories, etc.).

- Avoid downloading software and applications (and any file) from illegal sources.

- Uninstall unnecessary or not recently used software, and disable unnecessary connections (e.g. network protocols and services) including access to remote services (e.g. cloud storage services).

- Scan any software or storage devices with a reliable and updated antivirus.

- Download safe industrial software (e.g. updates, patches, new products, etc.) from trusted suppliers using white station principle.

- Update all installed software in compliance with organisational policies and practices.

Good practices tailored to Air Transport.

Aviation organisations need clear understandings on emerging threats in order to define management policies and processes to govern their approaches in order to enhance cybersecurity of services and systems in operations, including Information Technology (IT) and Operational Technology (OT).

Examples of services and systems in air transport: Those accessible to employees (e.g. personal computers, mobile phones, office peripherals, etc.) as well as passengers (e.g. public Wi-Fi routers and connections, etc.).

Examples of OT are Supervisory Controls and Data Acquisition (SCADA) systems, heating, ventilation, and air conditioning (HVAC) systems, security checkpoints for cabin baggage, baggage handling systems (BHS), access control, monitoring, surveillance, alarm response, screening technology, airfield lighting control systems, radar systems and sensors, Global Positioning Systems (GPS) systems, Air Traffic Management (ATM) systems, Communication, Navigation and Surveillance systems (CNS), Aeronautical Information Systems, Meteorological Systems, Security Operation Centre Systems, airline on-board systems, and others.

Good practices tailored to Land Transport.

Organisations in land transport (rail and road) need clear understandings on emerging threats in order to define management policies and processes to govern their approaches in order to enhance cybersecurity of services and systems in operations, including Information Technology (IT) and Operational Technology (OT).

Examples of services and systems in land transport: Those accessible to employees (e.g. personal computers, mobile phones, office peripherals, etc.) as well as passengers (e.g. public Wi-Fi routers and connections, etc.).

Examples of OT are Supervisory Controls a, and Data Acquisition (SCADA) systems, heating, ventilation, \ and air conditioning (HVAC) systems, Global Positioning Systems (GPS) systems, access control, monitoring, surveillance, alarm response, and screening technology.

Specific systems for rail transport are, for example: operational (control and command systems) including signaling systems, the European Rail Traffic Management System (ERTMS), on-train systems, maintenance systems.

Good practices tailored to Maritime Transport.

Organisations in maritime transport need clear understandings on emerging threats in order to define management policies and processes to govern their approaches in order to enhance cybersecurity of services and systems in operations, including Information Technology (IT) and Operational Technology (OT).

Examples of services and systems in maritime transport: Those accessible to employees (e.g. personal computers, mobile phones, office peripherals, etc.) as well as passengers (e.g. public Wi-Fi routers and connections, etc.).

Examples of OT are Supervisory Controls and Data Acquisition (SCADA) systems, heating, ventilation, and air conditioning (HVAC) systems, Global Positioning Systems (GPS) systems, access control, monitoring, surveillance, alarm response, screening technology, on-board navigation systems, SafeSeaNet, bridge systems, cargo handling and management systems, propulsion and machinery management and power control systems, access control systems, passenger servicing and management systems, passenger facing public networks, administrative and crew welfare systems, communication systems, and others.

Closing remarks and questions.

For more information, you may contact us.