As our world becomes more digital and connected, cyberattacks are also on the rise. The threat situation has intensified and become more complex, according to the latest status report on IT security in Germany from the Federal Office for Information Security (BSI). Critical infrastructures (Kritis) are also increasingly being targeted by hackers. This includes the transportation and traffic sector. It plays an important role for the general economy, because without mobility our economy based on the division of labor would no longer function. We depend on it to transport components, raw materials or food from A to B. If there are disruptions to the supply chain, there would be a lack of medicines in hospitals, food in supermarkets and production machines would grind to a halt. People also need a functioning transport infrastructure to get to their workplace. If local public transport breaks down in large cities, chaos ensues.

How hackers are paralyzing transport infrastructures
The threat of cyber attacks on the transport sector is real. There have already been several examples in recent years. In May 2018, the Danish state railroad was the victim of a distributed denial of service attack (DDoS). Hackers provoked an overload in the IT infrastructure, paralyzing the ticket system, the app and the state railroad's website. Email and telephone services also stopped working for several hours. A year earlier, Deutsche Bahn was affected by a cyber attack. In May 2017, the WannaCry ransomware attacked the company's IT systems and disabled display boards, ticket machines and video surveillance at several train stations. Only a short time later, there was a global wave of attacks with the crypto Trojan NotPetya, which infected the systems of shipping company Maersk and Fedex subsidiary TNT Express, among others. While ships could no longer be loaded or unloaded and container terminals came to a standstill, the Maersk Group reported losses of around 200 to 300 million US dollars.

Challenges for IT security
Protecting transportation infrastructures from cyber attacks is anything but trivial. Increasing digitalization means that there are now many networked systems, devices and applications. They originate not only from IT, but also from operational technology (OT). The ticket booking system, the signaling system on the track, the passenger information system or the app on the customer's smartphone - they are all potential points of attack.

The fact that IT and OT are networked and exchange data means that vulnerabilities in one area can also affect the other. Both must therefore be considered equally in a comprehensive security concept. This is made more difficult by the fact that OT systems usually come from different generations and often have no integrated security. In transportation, security must also be in harmony with safety, i.e. physical safety, so that people are not injured.

Many industrial control systems (ICS) in OT today are just as easy to attack as any PC. They have embedded versions of MS Windows or Linux and have integrated TCP/IP for Internet communication. It also happens that control system signals as well as company data and telephony are transmitted via the same communication infrastructure. A hacker can then undermine all three areas with a single attack. For example, they could block ICS signals, manipulate traffic light circuits or light signals on tracks and thus cause serious accidents.

Cyber resilience is more than just IT security
Companies in the transportation sector are therefore faced with a difficult starting position. Increasing networking means the attack surface is growing. The risk of cyber attacks is increasing and the damage could be immense. At the same time, transportation infrastructures require complex protection. Against this backdrop, it is no longer enough to operate security reactively. Instead, sustainable prevention is required.

Companies must achieve a state of sustainable cyber resilience. Cyber resilience goes one step further than security and is a comprehensive, more strategic concept. It aims to harden IT and OT through suitable technical and organizational measures in order to minimize the attack surface. At the same time, in the event of a cyberattack, it must be ensured that the company can still function and achieve its business objectives.

In order to establish cyber resilience, companies must first identify and assess risks. They should clarify what their most important assets are, what damage an attack on these assets could cause and how high the probability of such an attack is. Vulnerability Management (VM) plays an important role in this process. A VM solution scans all systems connected to the network - whether IT or OT - for vulnerabilities.

If it finds any, it evaluates the security gaps based on their impact and probability of occurrence. It then initiates processes to eliminate the vulnerabilities. Information on the findings and their elimination is documented. A vulnerability management solution also works with other security systems such as intrusion detection and intrusion prevention systems (IDS/IPS) and firewalls, shares its findings with them and helps to optimize settings. Vulnerability management is a process that runs continuously and is never complete.

Conclusion
Cyber attacks on the transportation sector have so far mainly had an economic impact. Companies should not wait until things get worse and human lives are at stake. In order to protect themselves and their customers against the growing threat of cyber attacks in the long term, they need to develop their security concepts further: from IT security to sustainable cyber resilience. Vulnerability management is an important building block for this. as