A growing number of sectors have experienced cyberattacks in 2021. The companies and organizations that suffered them have been diverse, including recent attacks on a meat producer and an oil pipeline. What is alarming here is these represent the nation’s critical infrastructure.
It is easy to take critical infrastructure for granted when it’s a mundane, routine part of life, such as purchasing groceries or filling up at a gas station. A disruption to any part of critical infrastructure could be a headache—or a nightmare scenario. Transportation is classified as such an asset to society.
In the spring of 2021, two transportation organizations on the East Coast were hit with cyberattacks. In April, New York’s Metropolitan Transportation Authority was hit, and in June Massachusetts’ Steamship Authority became a victim.
Critical Infrastructure
New York brings to mind a multitude of unique associations with its name, from its skyline and landmarks to its cuisine and culture. Among the associations with it is the city’s sprawling and extensive subway network, which has by far the highest ridership in the United States. A damaging interference with the system could be disastrous for New York.
Farther to the east on this Eastern Seaboard archipelago, two Massachusetts islands to the south of Cape Cod are frequently visited via ferry. The islands of Martha’s Vineyard and Nantucket are popular getaways for summer travelers. Transit by ferry is the most popular means for visitors to reach these two islands.
In both cases, transporting people means keeping the local economies going. In New York the subway system gets people to and from work and day-to-day activities. In Massachusetts, the ferries provide economic lifeblood to Martha’s Vineyard and Nantucket. In both cases, affecting transportation can have devastating consequences.
Systems Affected
The New York MTA breach managed to avoid disaster, though officials admitted the cyberattack could have been much worse. MTA uses 18 computer systems, three of which were compromised in this attack. Officials said they did not believe that either employee or customer information had been breached. Importantly, hackers did not access systems that control train cars. Fortunately, this means that rider safety was not affected during the attack.
The Steamship Authority in Massachusetts was more deeply impacted following the separate ransomware attack against it. While the attack did not stop passenger service between the mainland and two islands, nor did it affect radar or GPS, the provider’s systems were adversely affected. Nearly a week after the attack, the Steamship Authority’s booking system remained affected, as passengers could not go online or call in to book or change reservations. Instead, they could check an alternative website for schedules and purchase tickets from a terminal.
Both transportation organizations suffered this latest round of breaches, mostly affecting their computer systems. It is frightening to think that a hacker could breach a provider that could jeopardize public safety, going beyond the typical nuisances of data breaches.
Data Security System for Transportation
Transportation and mobility have been key to human civilization since the dawn of time, and protecting it has always been vital. Thieves have always seen vulnerabilities in these networks, from bandits and highwaymen who robbed trade routes and travelers, to pirates attacking merchant ships and treasure fleets, to a growing number of cyberattacks on transit systems in the 21st century.
As has always been the case, transportation requires protection, and in today’s world it is essential that providers update their security methods. Modern transportation requires logistics and expansive computer systems to function, but these systems can make transportation susceptible to cyberattacks.
SecureDrive external portable drives and SecureUSB flash drives are hardware encrypted drives that require passwords and user authentication to unlock. These two families feature the KP and BT lines, the latter of which works with Remote Management to allow greater restrictions and controls on when and where drives can be used. All drives work with SecureGuard, which limits USB port access on computers across the organization by blacklisting or whitelisting drives, providing a detailed report of USB devices used or attempted on computers, and more.