In our nation, the intricate interconnection between public and private entities extends across communities and the cyber domain. Among these connections, the critical infrastructure sector of transportation stands out prominently. This sector serves as a vital link in the collective cyber-attack surface, where both public and private stakeholders are increasingly targeted by cybercriminals, particularly those orchestrating lucrative ransomware attacks. The 2022 Internet Crime Report by the Federal Bureau of Investigation (FBI) sheds light on this alarming trend, revealing that 32 ransomware attacks reported to their Internet Crime Complaint Center (IC3) in the past year have directly impacted critical infrastructure organizations within the transportation sector.
Amidst the backdrop of costly and incapacitating ransomware attacks, it becomes imperative for the transportation critical infrastructure sector to fortify their assets, systems, and networks. What strategies are proving effective in safeguarding these entities and the security of the communities they serve? What approaches are falling short? And ultimately, what elements contribute to an impregnable defense?
An Insight into Current Cybersecurity Threats on Transportation Critical Infrastructure
The 2022 FBI report underscores several key data points that demand attention:
- Out of a total of 2,385 ransomware attacks reported to the FBI last year, a substantial 870 targeted critical infrastructure organizations. It’s important to note that this figure encompasses only attacks reported to the IC3, suggesting the actual count could be higher.
- Among the 16 critical infrastructure sectors, 14 had at least one member that suffered a ransomware attack in 2022, according to IC3 reporting.
- The top three ransomware variants responsible for victimizing members of the transportation critical infrastructure sector were Lock bit (149 incidents), ALPHV/Blackcoats (114), and Hive (89).
- While ransomware incidents across all sectors led to adjusted losses exceeding $34 million in 2022, this marked a decrease from the $49 million reported in 2021.
Although there was a decrease in adjusted losses resulting from ransomware attacks compared to the previous year, ransomware continues to be a prevalent, debilitating, and financially burdensome threat to the transportation critical infrastructure sector. What amplifies the severity of these threats is the realization that the compounding effect of multiple attacks could result in exponential harm. Operating under the assumption that cyber attacks will occur one after another is a grave misconception that could lead to severe repercussions.
Recognizing the Potential for a “Perfect Storm” of Cyber Attacks
To grasp the challenges faced by the transportation critical infrastructure sector, it’s useful to draw parallels between the cyber world and the physical realm. Analogous to the preparations made when a major hurricane approaches landfall, communities within the potential impact zone take preemptive measures. As the hurricane’s path becomes clearer, these preparations intensify – involving activities such as optimizing transportation routes, securing supply chains, ensuring efficient logistics, and enhancing connectivity. Once the hurricane makes landfall, a concerted effort ensues to aid the most affected areas and provide assistance to those in dire need. In this process, local resources are initially relied upon, with federal, state, and local reinforcements arriving later.
This scenario parallels the impact of ransomware and other cyber attacks on critical infrastructure within the transportation sector. An attack on a transportation system, a logistics network, or a fleet management platform triggers a chain reaction that affects interconnected assets within both public and private domains. For instance, consider the disruption caused by cyberattacks on major shipping companies or airline reservation systems. The initial responders to a cyber incident are individuals closely associated with the affected asset, supported by incident response experts within affected organizations and communities.
At the state level, the Adjutants General Association comprising 54 members, representing states, territories, and the District of Columbia, plays a crucial role. With access to National Guard Cyber Defense Teams, these entities are capable of responding to cyber incidents. While federal resources like the U.S. Cyber Command (USCYBERCOM) also exist, their capacity is limited.
Extending the analogy, envision the chaos that ensues when two storms strike two different coasts simultaneously. Under such circumstances, the limited federal resources are further stretched and delayed. Given the continuous onslaught of ransomware attacks across the nation, it’s unrealistic to expect swift availability of federal cyber response resources when needed. Thus, the onus largely falls on local communities to mount responses to cyber attacks.
Effective Approaches: Mitigating and Responding to Attacks through Collaboration
Successful cybersecurity defense mechanisms often revolve around collaborative efforts to counter threats and respond to attacks. Such collective endeavors, involving the exchange of expertise, technology, and information, wield substantial defensive power. These collaborative communities that work in tandem with governmental entities can serve as formidable barriers against cyber threats.
Numerous instances bear testament to the efficacy of collaboration. For instance, the TeamWorx Security Hive-IQ collaboration platform serves as a hub for cyber professionals to engage in hundreds of thousands of conversations, facilitating the sharing of insights across industries. This proactive exchange often results in the identification of threats before government partners are even aware, thwarting potential attacks. The power of a localized defense strategy lies in its ability to tailor defenses according to available resources. States, for instance, may customize their critical infrastructure asset definitions and defenses, aligning with their unique circumstances.
This tailored approach accomplishes two vital objectives. Firstly, defenses are more potent as they are founded on practical support and execution capabilities. Secondly, the diversity of customized plans and protocols across the nation complicates matters for cyber adversaries. If standardized plans were universally adopted, attackers could exploit a single tactic or technique with repeated success. However, with each community developing unique defense structures, a complex web of defense mechanisms is woven, bolstering national resilience.
Challenges and Pitfalls: Overdependence on Technology
While various cutting-edge cybersecurity technologies are available to identify, isolate, and counter cyber threats, an overreliance on technology can prove detrimental. This is particularly true when organizations and communities allocate inadequate resources to manage their cybersecurity programs or establish networks for information sharing. This approach leads to isolated efforts incapable of anticipating threats or mounting effective responses. When a ransomware attack strikes, it’s too late to gather the necessary resources and information to mount a counteraction.
Underprepared organizations often find themselves compelled to pay ransoms to regain access to their data, a step discouraged by the FBI. However, the urgency created by devastating attacks leaves little choice. In fact, an estimated 83% of victim organizations end up paying a ransom at least once.
Earlier this month, the transportation sector faced a significant cybersecurity breach as the Akira Ransomware infiltrated the systems of the Belt Railway of Chicago, the largest switching and terminal railroad in the United States. This breach sent shockwaves through the industry, highlighting the vulnerability of critical transportation infrastructure to cyber threats. The incident disrupted crucial operations, emphasizing the pressing need for robust cybersecurity measures within the transportation sector to ensure the continuous and secure flow of goods and services.
“Stronger Together” is More Than a Slogan
In the realm of cyber resilience for the transportation critical infrastructure sector, the phrase “stronger together” transcends mere rhetoric. It underscores a fundamental truth: the power of collaborative cybersecurity. Cyber defense is inherently a collective endeavor, with the effectiveness of our defense hinging on seamless collaboration. The dynamic cyber landscape demands constant adaptation, with no room for complacency. Technologies like generative artificial intelligence exemplify this dynamism, accelerating both positive and negative potentials within the cyber domain. Navigating the realm of AI, harnessing its benefits, and defending against its perils necessitate joint efforts across communities, encompassing national and international boundaries.Amidst these challenges, optimism prevails. The emergence of customized playbooks for each community is a positive development. Furthermore, the practice of cross-industry collaboration and engagement within and across adjacent communities, fostering connections between people, technology, and information, constitutes a powerful amalgamation that culminates in an indomitable defense.
Chris’s career spans the military, government, and academia. As CEO of TeamWorx Security, Chris spends his time growing and nurturing a team that supports the best customers in the world. As a military veteran, he is passionate and supports military veterans and military veteran entrepreneurs. As an engineer, he loves designing, building, and creating solutions that reside at the intersection of government and commercial industry. Chris is a former lecturer at the Johns Hopkins University Department of Engineering and an adjunct of Advanced Cyber Intelligence at the University of South Florida. Chris received his master’s degree from Norwich University and is a graduate of the Army’s prestigious Ranger School. Chris has spent most of his military career with the Army Rangers, 10th Special Forces Group, and the Intelligence Community.