The transit sector is seeing rapid growth in the number of cyberattacks, with sophisticated hackers taking advantage of its security vulnerabilities and gaining access to sensitive data.
Hackers are increasingly targeting the transit sector, including transportation like public and private rail systems, airports, ferries, buses, and trucking. Their interest is not surprising given the size of the industry and its reliance on technology to operate effectively and efficiently.
Hackers are taking advantage of new vulnerabilities in transit technologies like WiFi systems to gain access to sensitive data or implant malware that could cause significant service disruptions.
The growth of the Internet of Things (IoT) and its connection to systems used in transit have opened up a new attack vector for hackers. The number of connected devices being added to the internet daily is growing exponentially, going from 35.82 billion in 2021 to an expected 75.44 billion in 2025.
These are small, usually inexpensive devices that connect and exchange data over local networks, the internet, or both.
"An attacker can use these devices as a bridge into the broader information ecosystem, allowing them to sniff traffic or monitor keystrokes and access files and data," said Jason Polcari, an individual investor at Cantor Fitzgerald.
However, the growth of IoT in business-critical areas like rail transportation is not a cause for concern alone, according to many experts. Allies of the sector believe that IoT will improve transportation systems like self-tracking cargo vehicles are seen as an important step forward in terms of safety and efficiency.
"There are benefits of connected vehicles, and security technologies are becoming more effective," said Justin Lowe, Cybersecurity Services Leader at PwC.
But few companies in the sector have anti-hacking measures in place to protect themselves against these cyber attacks. Only 12 percent of companies in the rail transportation sector have an incident response plan in place should a cyberattack occur. Only 18 percent had a vendor risk management process for third-party vendors, according to a survey conducted by PwC.
The United States is seeing a more focused form of cyber attacks targeting the transit sector. In 2016, the US Department of Energy (DOE) found a 400 percent increase in cyberattacks involving malware. The DOE also found a 64 percent increase in publicly exposed data from transportation systems, with rail being the most targeted at 100 percent.
These attacks are still lower than the 500 percent increase announced by HPE last year, which highlighted the high level of awareness of hackers in the sector. While these numbers are not directly comparable, they highlight the growing nature and importance of cyber threats to transit operators across the country.