Published on August 15th, 2022 📆 | 5159 Views ⚑
0Amid digitization of public infrastructure, cybersecurity is increasingly a challenge
The digitization of public infrastructure is a double-edged sword: While technology can streamline workflows and make systems run more efficiently, itâs also vulnerable to digital threats.Â
âThe integration of new technologies into the public transit industry has resulted in improved service offerings to customers. But while these new services provide important information and conveniences to transit customers, they may also provide access points for nefarious actors who want to disrupt or cripple operations,â reads a new report from the Mineta Transportation Institute at San JosĂŠ State University titled âAligning the Transit Industry and their Vendors in the Face of Increasing Cyber Risk: Recommendations for Identifying and Addressing Cybersecurity Challenges.â While the federal government has moved to strengthen the nationâs cyber defenses, the document highlights âa growing urgency for expanded regulatory guidance and directives regarding cybersecurity for U.S. critical infrastructure, including public transit.â
More focus is needed because of the evolving threat. When everyone suddenly started working from home at the start of the pandemic, cybercriminals adapted. Instead of focusing their efforts on large corporations, they began slipping into systems via unsuspecting end users who unwittingly followed a dangerous link or didnât secure their own systems well enough, according to Chris Hills, chief security strategist at BeyondTrust, a Georgia-based cybersecurity business.
âThe pandemic really caused what we referred to as the big bang,â Hills said, noting cybercriminals are ânot dumb, but they are lazy: theyâre going to take the pass of least resistance.â
As an increasing number of communities move toward digitization by linking legacy operating systems to the cloud, educating employees on the importance of maintaining digital hygiene is more important than ever.
âIt boils down to zero trust,â Hills said, highlighting the vulnerabilities that exist on some legacy systems. âAll of us know that thereâs a server, a Windows 2000 server sitting in a back room somewhere that everyone is deathly afraid to pull the plug on.â
To protect these existing systems, Hills said IT professionals should encapsulate vulnerabilities through a zero trust frameworkâone that continuously requires all users to be authenticated.Â
Creating a comprehensive digitization plan to address emerging threats is another important element because it informs decisions across the organization.
âThe adoption of a risk strategy inclusive of cyber threats enables an agency to articulate its expectations for vendorsâwhat a potential vendor needs to have in place in terms of security, how the organizationsâ respective risk programs can complement one another, and what gaps may exist that need to be addressed before contracts are signed,â the transportation report says.Â
But as administrators move to address the vulnerabilities in their communities, theyâre facing another big challenge: there isnât enough talent to fill positions.Â
Technology is outpacing talent, according to Hills. And itâs not a problem thatâs going to see a resolution anytime soon.
âI think weâre going to see this problem continue for some time,â Hills said, predicting that automation and artificial intelligence will fill gaps. âI absolutely believe we are on a path that the AI aspect of doing human tasks,â such as searching for anomalies or reviewing data.
Among the recommendations put forward in the transit report, analysts recommended that agencies integrate their cyber risk management program with their existing physical security program. Organizations should also identify and evaluate software and hardware, the report says. Notably, while itâs directed at transit agencies, the same principals can be applied to all public organizations.
âIn the last few years, cyber-attacks on transportation have increased, and transit agencies, along with every other sector of the economy have become a target for nefarious actors seeking to disrupt operations, be it for personal or political gain,â the report says. âThe avenues to exploit this vital infrastructure will continue to evolve along with the technology that enables the industry to meet its core operations and customer demands.â
Gloss