article

Combatting today’s cyber threat in transport

Posted: 11 February 2017 | | No comments yet

It’s an exciting time for the transport sector: supersonic flight is back on the agenda; the use of drones as delivery mechanisms is becoming a real possibility; and driverless cars are venturing onto our roads. However, as technology evolves, so too does the risk of cyber attacks. Russell Goodenough, Client Managing Director – Transport Sector in UK & Ireland at Fujitsu, explores the escalation of cyber threats in this fast developing arena.

Elon Musk has set a very high bar for how ambitious people can be when it comes to transport technology and with solutions more advanced than ever before, digital technology plays a huge role in every mode of travel.

One of the biggest trends we will continue to see in 2017 is the increased emphasis on cyber security. Whether it’s tighter regulation of drones flying close to airports; physical measures to prevent theft from trackside; or cyber security to prevent high-profile hacks on urban transport systems, the trend toward increasing security of the transport system is unlikely to diminish.

Technology has an important role to play, often in preventing hitherto unseen threats. So how can urban transport networks use technology to fend off cyber risks? Firstly, they need to utilise their data more efficiently, then they need to ensure they are cyber resilient.

Using data to work more efficiently

On a daily basis transport operators are challenged to make better use of technology to deliver passenger centric services. There have already been lots of developments in this area and in the future we can expect the transport sector to be more intelligent and mobile than ever before through the use of Internet of Things (IoT) and data communications services.

This digital transformation will provide ways for customers to optimise their journey by using applications and services that can process real-time conditions and provide accurate instantaneous information about various locations of interest. It will also help with capacity, increase efficiency and create a more sustainable network.

However, in order to reach this intelligent future, transport operators need to be smarter about how they use data. Every day transport operators are gathering massive amounts of data from passengers travelling through the network – whether by means of surveillance or the monitoring of rail/bus passes. However, as such data is collected it is segregated and only sits with the individual service providers, rather than shared with other suppliers to benefit the entire network. This is not the connected, smart experience that passengers want – instead it is very much disconnected.

Developments in transport technology is great for both operators and passengers but it also increases                                the need for security

Creating a convergence of data

By creating a convergence of this data in one place, transport operators can achieve greater visibility of their networks and also have better awareness allowing them to respond to passenger trends. For example, this could be useful to emergency services: by integrating the transport network’s data with these services, ambulances and fire crews can respond to incidents much faster as the data will inform them when there is an issue. If someone were to fall ill on a metro train, for instance, surveillance can see it immediately and quickly inform the ambulance services via the Internet. This would be a far more efficient process than waiting for a citizen to call 999. 

Building an integrated security approach

The key challenge for operators is to build a convergence of suppliers, whilst ensuring the data remains secure. It was only recently that we saw a ransomware attack take San Francisco’s light-rail transit system ticket machines offline for a day during one of the busiest shopping weekends of the year.

To be successful, transport operators need an integrated security approach that blends the physical and logical and aims to build security in rather than trying to ‘bolt it on’. A digital agenda actually demands this approach since the latter will inherently be unsuccessful due to the exploded and ephemeral nature of digital models. This has to start with a clear articulation of the risks and threats to the organisational objectives in order to then apply rigour to implement prudent protective measure. Protection is never fool-proof, however, so effective monitoring, alerting and proven incident response planning and execution is critical. Finally, deployment of an effective ‘identify, authenticate and access’ model is required, in order to enable the passengers, staff, systems and suppliers to interact within a digitalised rail system with little security risk.

Ensuring data privacy

It is also important for the transport sector to consider the data security aspects of a connected transport network. Citizens are sharing more data than ever before in order to create a personalised travel experience. When a user moves through the city they expect data sharing to occur; otherwise it is an inconvenience to add the same travel details repeatedly across the network. As such, it is key for transport operators to consider the data privacy elements within their networks.

In addition to this, with the EU General Data Protection Regulation growing ever closer, ensuring a compliant business environment that will help protect the company and its employees needs to be the number one priority.

The future of transport

Digital transformation is already providing ways for customers to optimise their journey in a number of different areas and we can expect this to improve over the next few years. In terms of innovation we can expect to see more drones in the air; an increase in autonomous vehicles; and also better connected transport networks across the country.

However, as the use of technology grows in the industry, the cyber risks also increase. Urban transport networks must use data more effectively and implement an integrated security approach to defend against today’s growing cyber risks. Failure to do so means they face becoming the latest victim of an attack.

Russell Goodenough is responsible for managing Fujitsu’s relationship with both Public and Private Sector transport customers, including the Department for Transport (DfT) and its agencies, Transport for London (TfL), Network Rail and the UK’s Train Operating Companies. Since joining Fujitsu in 2007, Russell has undertaken a number of business management roles across Transport, Central Government, Healthcare and Defence. Prior to joining Fujitsu Russell spent 15 years in the defence industry with both BAE Systems and Marconi across a range of system integration projects.

Related topics

Related cities