Cyber ​​incidents in the transport sector are on the rise. This was reported by the ENISA report, the result of a two-year analysis. There are dangers, but organizations and companies often prefer not to let anyone know.

Threats are widespread transport cybersecurity. Planes, railways, ships and cars: no sector is safe. Ramsomware and, overall, malware, DoS and DDoS attacks, phishing are the main forms of cyber threats and attacks that also affect this segment. To understand how widespread the problem is, the recent report by the European Cybersecurity Agency (ENISA), the result of an almost two-year analysis of the transport sector in the EU, is useful.

Why this sector is important and delicate is easy to understand if one thinks that total transport turnover in Europe has reached 1.3 trillion eurosstates Statista. The transport industry directly employs around 10 million people and represents around 5% of European GDP. Let’s get to the individual sectors in 2021, passenger air transport in the EU-27 amounted to around 373.7 million people; three years earlier, eight billion people traveled on the EU-27 national rail networks, recalls Eurostat.

Let’s add the transported goods: in 2019, approximately 3130 billion Tkm (ton-kilometre) was reported through the European rail network, making it the second largest rail freight region in the world.

From here it is clear to understand how much the cybersecurity risk can affect transport. ENISA in the period between January 2021 and October 2022, analyzed a total of 98 publicly reported incidents. Few, one might say. Indeed they are. But the report indicates that these are publicly disclosed incidents and “they are only the tip of the iceberg”, notes the Agency itself. In this regard he writes that:

«In general, cyber attacks are rarely reported, especially those with little significant impact. Most organizations prefer to address the issue internally and avoid bad publicity.”

Takeaway

Cybersecurity in transport: what is happening in Europe

How are cyber attacks configured in Europe? Air, sea, rail and road transport have faced threats of various kinds. The top ones identified were ransomware attacks (38% of cases), followed by “data threats” (30%) and malware (17%). Denial-of-Service, Distributed Denial-of-Service (DDoS), and Ransom Denial-of-Service attacks make up 16%, followed by phishing and spear phishing (10%), and supply chain attacks (10%).

These cybersecurity threats, mostly have been conducted to extort or obtain money, in 38% of cases. More than half (55%) of the incidents observed in the reporting period are attributed to cybercriminals. According to the authors of the ENISA report, the transport sector is considered a profitable business for criminals: customer data is a valuable commodity as is proprietary information. A quarter of the attacks are linked to “hacktivist” groups (23%) who pursue social, political or religious ends. In their case, the reasons for the attacks must be linked to geopolitical issues and aimed at operational disruptionwith consequent loss of data for the victims (20%) or for ideological reasons (6%).

Main cybersecurity threats in transport (source: ENISA)

Given these data, what risks do they run – do we run – as potential or real air, rail and naval passengers? In this regard, ENISA reports that during the period under study, it did not receive reliable information on a cyber attack affecting transport security. Most attacks on the transportation sector target IT systems. But it is good to ask ourselves whether cybersecurity in transport can undermine people’s safety and be the cause of accidents with relative victims. The report says the aftermath of the attacks may have caused operational disruption, but OT systems are rarely targeted. However, he is of the opinion that the groups responsible for ransomware «they will likely target and disrupt OT operations in the near future».

Air, rail, naval, road transport: risks and impacts

Which sector is most sensitive to cybersecurity risk in transport? According to data from the ENISA report, in the almost two years of study, 27 accidents concerned the aviation sector (28%), 24 road transport (24%) 21 the railway sector (21%) and 18 accidents concerned the maritime sector ( 18%). In addition to these, there are eight accidents (8%) which have affected the transport sector as a whole or institutional entities.

Let’s start from aviation sector. The top threats to the industry come from data related threats (45%), followed by ransomware (36%) and malware (23%). The data is valuable and this is evident from the malicious interest of cyber criminals to be able to steal it. In the specific sector, airport operators are the most affected by ransomware attacks.

The report does not lack episodes of cyber attacks: for example, in May 2022, a group of pro-Russian hackers launched an attack on the websites of Italian ministries and also against some Italian airports. Another example is the one that involved the French defense and aerospace giant Thales Group last October. Ransomware group LockBit 3.0 (the most active gang in the cyber underworld in Q2 2022) claimed to have stolen data, but the transalpine group said it had not received any ransom demands.

Il maritime sector it is particularly sensitive to politically motivated cyber attacks. As the report notes, it:

«suffers ransomware, malware and phishing attacks targeting port authorities, port operators and manufacturers. State-sponsored attackers often carry out politically motivated attacks that lead to operational disruptions in ports and ships.

Also in this case several episodes are reported: among these, the case (in May 2022) of the Port of London authority is exemplary, the largest in the United Kingdom, which handles more than 45 million tons of goods every year, employs more than 40,000 people and contributes over £3 billion to the national economy. It was hit by a DDoS attack, which temporarily disabled the port website.

Ransomware e data related threat are the main threats targeting the railway sector, followed by DDoS attacks, on the rise. As ENISA explains, ransomware and “data threats” are closely interconnected, as a ransomware attack is often followed by loss or exfiltration (unauthorized copying and/or transfer) of data.

Also in this case there are several examples, one of which concerns our country and precisely Ferrovie dello Stato, the victim (in March 2022) of a ramsomware attack which prevented customers from buying train tickets and for which it was requested a ransom of $5 million in bitcoin.

Ransomware is also the main threat of the industry road transport (in 43% of cases), but other dangers have manifested themselves over time.

Perspectives: from ransom to politically motivated attacks

What will happen in the sphere of cybersecurity for transport? The risk feared by ENISA is that Threat actors will increasingly conduct ransomware attacks for more than monetary reasons. They “will target and disrupt OT operations in the near future,” the report authors note. OT technologies focus on the management and control of existing and active physical devices. Geopolitical issues (in particular, the invasion of Ukraine) will only exacerbate this prospect.

Certainly, cyber threats have a significant economic impact for the realities that suffer them. We still remember the cyber attack suffered in 2017 by the Danish naval expeditionary AP Moller which cost him an estimated loss of 200 and 300 million dollars. But all sectors are at risk.

Of course, it will be good to know more about the phenomenon. To date, cyber attacks are rarely reported. The authors of the report themselves underline that most organizations prefer to address the issue internally and avoid bad publicity. However, the lack of reliable data from the targeted organizations makes it very difficult to fully understand the problem or even know how many cyber-attacks on the transportation sector actually occur. Knowledge is essential to increase the possibility of tackling them with targeted tools and solutions. In the case of IT security in the transport sector, it assumes even more strategic importance, considering the risk to people as well as to the infrastructures and goods involved.

