The author will be writing a monthly article throughout 2019 on Cybersecurity across various market segments. Be sure to watch for it to see how your business may benefit from this important information. Good reading and see you next month.
Defending a critical infrastructure like transportation is essential to a country’s security and public health. Disruption of transportation systems or assets can create a domino effect to operations in other sectors like food, agriculture, and emergency services, thus compounding the threat and the negative effects. The Department of Homeland Security (DHS) describes cyber threats as “the growing reliance on cyber-based control, navigation, tracking, positioning, and communication systems, as well as the ease with which malicious actors can exploit cyber systems serving transportation.” [1]
Due to technological innovation in information and communication technology (ICT), the transportation industry has experienced increased safety, physical security, and efficiencies. However, this increasing reliance on ICT technology supports the use of onboard technology, third party vendor software and hardware, and rapid integration of autonomous systems. This may reform and modernize the transportation sector, but it also increases the cybersecurity risks.
Many companies are focusing on compliance and risk management, but there are real obstacles. Commercial off-the-shelf software is being employed by aircraft and ships for operating engine and flight control functions, electronic positioning systems, chart displays, and navigation systems. This requires patch management, a vitally important process that involves acquiring, testing, and installing multiple patches (code changes) on existing software applications and tools. Having a strong patch management strategy is key to organizational cybersecurity.
Because the transportation sector has unique cyber risks that differ from other industries, more actions must be taken to adopt proactive cybersecurity risk management solutions to eliminate exposure to these vulnerabilities.
[1] https://www.dhs.gov/sites/default/files/publications/nipp-ssp-transportation
A. Elisabeth Tolsdorf is author of this article and the Director of NIST SP 800-171 Compliance for Hawk Technologies, a woman-owned firm located in Houghton, Michigan. Hawk is the Upper Midwest’s primary source for NIST SP 800-171 Compliance services. Additional information about NIST SP 800-171 and Hawk’s CAD services capabilities can be found at www.hawktechinc.com.