Cybersecurity training for the transport and logistics industry


The Transportation Systems Sector consists of seven key subsectors, or modes:

1. Aviation includes aircraft, air traffic control systems, airports, heliports, and landing strips. They provide commercial aviation services at civil and joint-use military airports, heliports, and sea plane bases. In addition, the aviation mode includes commercial and recreational aircraft (manned and unmanned) and a wide-variety of support services, such as aircraft repair stations, fueling facilities, navigation aids, and flight schools.

2. Highway and Motor Carrier encompasses millions of miles of roadway, bridges, and tunnels. Vehicles include trucks, including those carrying hazardous materials; other commercial vehicles, including commercial motorcoaches and school buses; vehicle and driver licensing systems; traffic management systems; and cyber systems used for operational management.

3. Maritime Transportation System consists of coastline, ports, waterways, and intermodal landside connections that allow the various modes of transportation to move people and goods to, from, and on the water.

4. Mass Transit and Passenger Rail includes terminals, operational systems, and supporting infrastructure for passenger services by transit buses, trolleybuses, monorail, heavy rail—also known as subways or metros—light rail, passenger rail, and vanpool/rideshare.

5. Pipeline Systems consist of pipelines carrying natural gas and hazardous liquids, as well as various chemicals. Above-ground assets, such as compressor stations and pumping stations, are also included.

6. Freight Rail consists of carriers, smaller railroads, freight cars, locomotives.

7. Postal and Shipping moves letters and packages each day and includes large integrated carriers, regional and local courier services, mail services, mail management firms, and chartered and delivery services.

Risks to critical transportation infrastructure include natural disasters as well as manmade physical and cyber threats. Manmade threats include terrorism, vandalism, theft, technological failures, and accidents. Cyber threats are increasingly important because of the growing reliance on cyber-based control, navigation, tracking, positioning, and communications systems, as well as the ease with which malicious actors can exploit cyber systems serving transportation.

Examples of other sectors’ dependence on transportation security and resilience include:

- The Chemical, Commercial Facilities, Critical Manufacturing, Defense Industrial Base, and Energy Sectors rely on transportation for the movement of raw materials, feed stocks, and products;

- The Commercial Facilities and Financial Services Sectors depend on postal and shipping to move essential paper transactions;

- The Emergency Services Sector depends on resilient transportation networks to respond effectively to emergencies;

- The Food and Agriculture Sector depends on the security of truck, rail, and maritime shipments to protect the Nation’s food supply chain; and

- The Healthcare and Public Health Sector depends on transportation, particularly postal and shipping services, for delivery of medical supplies, medicines, and organs, often in urgent circumstances.

Many cyber systems, such as control systems or data centers, are shared between multiple transportation entities. Cyber attacks that disrupt these systems could create consequences for critical infrastructure owners and operators across multiple modes. These interdependencies require special consideration of the potential consequences from cascading effects of an incident.

Customers and employees of the transport and logistics industry expect that the same level of protection extends to the digital assets that reside on transport and logistics systems, including their personal and financial information. The industry is obliged to respect this expectation, especially after the new privacy regulations, including the General Data Protection Regulation (GDPR).

The transport and logistics industry must comply with cyber security and privacy laws and regulations, and must follow international standards and best practices that protect customers and employees.

A new cybersecurity culture is necessary. It refers to the knowledge, beliefs, perceptions, attitudes, assumptions, norms, values, and expectations of customers regarding cybersecurity. Managers and employees must be involved in the prevention, detection, and response to deliberate malicious acts that target systems, persons, and data.

Recommended training modules for the tailored training


- Transport and logistics stakeholders must strike a balance between operational requirements, business competitiveness and cybersecurity.

- Important developments in the transport and logistics industry after the new privacy regulations, including the General Data Protection Regulation (GDPR).

- Understanding the challenges.

An overview of some of the attacks described below, that are suitable for the objectives of the training. At the end of the presentation we will cover one or more of these attacks in depth.

- November 2016, attack compromised systems at the San Francisco Municipal Transportation Agency, locking operators out of computers and customers out of kiosks.

- September 2020, French shipping company CMA CGM SA saw two of its subsidiaries in Asia hit with a ransomware attack that caused significant disruptions to IT networks, though did not affect the moving of cargo.

- June 2017, NotPetya ransomware attack shut down the port terminals of Danish shipping giant Maersk for two days, causing an estimated $300 million in associated costs.

- February 2022, multiple oil terminals in some of Europe’s biggest ports across Belgium and Germany fell victim to a cyberattack, rendering them unable to process incoming barges. A ransomware strain associated with a Russian-speaking hacking group was used to disrupt the ability of energy companies to process payments.

- 2018, a cyber attack against Cathay Pacific, 9.4 million breached records.

- June 2015, a cyber attack against Polish airline LOT disrupted the airline's ground-control computers, leaving it unable to issue flight plans and forcing it to cancel or delay flights.

- May 2020, cyber espionage targeted air transportation and government actors in Kuwait and Saudi Arabia.

- March 2022, the Italian State Railways (FS) and its subsidiaries Trenitalia and Italian Rail Network (RFI) suffered a ransomware cyber-attack which disrupted ticket sales at stations, passenger information screens and tablets used by railway staff.

- 2017, a major wave of ransomware infections hits media organizations, train stations, airports, and government agencies in Europe. The malware used leaked NSA-linked exploits. Ukrainian police reported that the ransomware was a cover for a phishing campaign undertaken by the same actor to gain remote access to financial and confidential data.

- 2015-2016, United Kingdom, four cyberattacks, considered as part of a reconnaissance operation before an APT (Advanced Persistent Threat) attack, probably led by a national state threat actor.

- May 2017, Deutsche Bahn was a victim of the WannaCry ransomware.

- October 2017, attack that affected the Sweden Transport Administration (Trafikverket) via its two internet service providers, TDC and DGC. The attack reportedly affected the IT system that monitors trains' locations. It also took down the federal agency's email system, website, and road traffic maps. Customers during this time were unable to make reservations or receive updates on the delays.

- March 2020, United Kingdom, the email addresses and travel details of about 10.000 people who used the free Wi-Fi provided in UK railway stations have been exposed online. The database contained 146 million records, including personal contact details and dates of birth.

Who is the “attacker”?

- Countries, competitors, criminal organizations, small groups, individuals, employees, insiders, service providers.

- Hacktivists and the transport and logistics industry.

- Professional criminals and information warriors.

- Cyber-attacks against passengers, baggage, cargo, catering, systems, staff, and all persons having authorized access to systems and data.

How do the adversaries plan and execute the attack?

- Step 1 – Collecting information about persons and systems.

- Step 2 – Identifying possible targets and victims.

- Step 3 – Evaluation, recruitment, and testing.

- Step 4 - Privilege escalation.

- Step 5 – Identifying important clients and VIPs.

- Step 6 – Critical infrastructure.

Employees, and their weaknesses and vulnerabilities.

- Employee collusion with external parties.

- Blackmailing employees: The art and the science.

- Romance fraudsters and webcam blackmail: Which is the risk for the transport and logistics industry?

Social Engineering.

- Reverse Social Engineering.

- Common social engineering techniques

- 1. Pretexting.

- 2. Baiting.

- 3. Something for something.

- 4. Tailgating.

Phishing attacks.

- Spear-phishing.

- Clone phishing.

- Whaling – phishing for executives.

- Smishing and Vishing Attacks.

Cyber Hygiene.

The online analogue of personal hygiene.

- Preparing and maintaining records.

- Entering and retrieving data into computer systems and devices.

- Researching and compiling reports from outside sources.

- Maintaining and updating files.

- Responding to emails and questions by telephone and in person.

- Ensuring that sensitive files, reports, and other data are properly tracked.

- Dealing with personnel throughout the company as well as external parties, customers, suppliers, service providers.

Case studies.

We will discuss the mistakes and the consequences in one or more of the following case studies:

- November 2016, San Francisco Municipal Transportation Agency.

- September 2020, French shipping company CMA CGM SA.

- June 2017, Danish shipping giant Maersk.

- February 2022, multiple oil terminals across Belgium and Germany.

- 2018, Cathay Pacific.

- June 2015, Polish airline LOT.

- May 2020, Kuwait and Saudi Arabia.

- March 2022, the Italian State Railways (FS).

- 2017, wave of ransomware infections hits media organizations, train stations, airports, and government agencies in Europe.

- 2015-2016, United Kingdom.

- May 2017, Deutsche Bahn, WannaCry ransomware.

- October 2017, Sweden Transport Administration.

- March 2020, United Kingdom.

- What has happened?

- Why has it happened?

- Which were the consequences?

- How could it be avoided?

Closing remarks and questions.

Target Audience

The program has been designed for all managers and employees working in the transport and logistics industry that have authorized access to systems and data.

The program is beneficial to suppliers and service providers to the transport and logistics industry.


One hour to half day, depending on the needs, the content of the program and the case studies.

Delivery format of the training program

a. In-House Instructor-Led Training,
b. Online Live Training, or
c. Video-Recorded Training.


Our instructors are working professionals that have the necessary knowledge and experience in the fields in which they teach. They can lead full-time, part-time, and short-form programs that are tailored to your needs. You will always know up front who the instructor of the training program will be.

George Lekatis, General Manager of Cyber Risk GmbH, can also lead these training sessions. His background and some testimonials:

Terms and conditions

You may visit:

Contact us

Cyber Risk GmbH
Dammstrasse 16
8810 Horgen
Tel: +41 79 505 89 60


We process and store data in compliance with both, the Swiss Federal Act on Data Protection (FADP) and the EU General Data Protection Regulation (GDPR). The service provider is Hostpoint. The servers are located in the Interxion data center in Zürich, the data is saved exclusively in Switzerland, and the support, development and administration activities are also based entirely in Switzerland.