Transportation: Aviation, Rail, Road & Maritime

Transportation, whether by air, land or sea, is critical to our day-to-day lives. If disruption occurs on these transportation systems then we may not immediately think that the problem is a cyber attack. However, from experience we know that it is possible for transportation to receive a cyber attack, and in fact it has happened and attacks (successful and unsuccessful) are commonplace.

The reasons for Critical National Infrastructure cyber attacks are many, but include:

  • State-based attacks

  • Corporate espionage

  • Disgruntled employees

  • Accidental/Unknowing actors

  • or a combination of any/all of the above

Why ARE transportation systems vulnerable to cyber attacks?

Transportation service providers, like many industrial organisations, want to see efficiencies in their automation systems. For this reason, they are investing in newer supervisory and data analysis systems which connect existing Operational Technology (OT) networks with Information Technology (IT) networks and Industrial Internet of Things (IIoT) networks.

Unfortunately, this opens up the OT network to increased threat of cyber attack. If disruption were to occur on OT systems, then business continuity could slow down to a complete halt. Leading to a lack of supply to society, and potential fines from regulators.


Cyber Security Regulation - Your responsibilities

Ask yourself

  • How are you managing cyber security risk?

  • How are you protecting against cyber attacks?

  • How are you detecting cyber security events?

  • How are you minimising the impact of those incidents?

There are regulations in place in many countries which attempt to ensure that Critical National Infrastructure providers are striving towards the highest levels of cyber security on both their IT and their OT systems. In the United Kingdom and throughout Europe we have the Network & Information Systems Directive on Security (“NIS Directive”) which was written into law across the European Union in 2018. In the United States of America, there are similar regulations in place which follow the NIST CSF. There are also sector specific regulations and standards, for example the UK Civil Aviation Authority (CAA) has produced the CAP 1574.

We can help you

We have years of experience in cyber security, digital forensics, incident response and software engineering. We also understand the unique challenges and requirements of Operational Technologies (OT). We develop software solutions from the ground up with these OT-specific challenges and requirements in mind, and we know that we cannot simply re-purpose (or rebrand) existing IT tools.

Perhaps you would like to make the whole NIS Directive auditing process a lot simpler, and a bit more collaborative - avoiding complex excel spreadsheets with dodgy versioning. Profile is built with the NCSC Cyber Assessment Framework (CAF) at its core, and supports CAP 1574. If this sounds of interest, then Profile is definitely for you.

Maybe you are looking for a more in-depth understanding of the OT assets and their vulnerabilities, but in a way that is automated but still safety and security critical. Dot currently has support for Modbus, Siemens S7, DNP-3, Ethernet-IP and more. If this sounds of interest, then Dot is for you.

Or perhaps you are looking for something a bit more bespoke, or require some consultancy. If we can help, we will. If we can’t help, then we will work with our partners to deliver the services and systems that you require.

Contact us today to get a quote, or to just chat about possibilities - with a guarantee of no hard-sell.
hello@awencollective.com