Cybersecurity protects our nation's transportation infrastructure and the industries it supports. As the transportation world becomes more sophisticated, the security measures used to protect it must also evolve.
Cybersecurity professionals play an important role in keeping transportation systems safe. Security managers, penetration testers, incident responders, and vulnerability assessors all help prevent future cyberattacks.
Discover common cyberthreats to transportation, current vulnerabilities, emerging opportunities, and the transportation industries that are most connected to security.
Where Transportation and Cyberthreats Collide
The transportation sector remains particularly vulnerable to cybersecurity threats due to its dependence on technology. Traffic lights, toll booths, air traffic control towers, and vehicle-to-vehicle communication devices depend on technology to operate safely and effectively.
Transportation can also be lucrative for hackers. It holds massive amounts of valuable products, including merchandise and commodities. In addition, infrastructure supports large numbers of people. A successful attack on a pipeline, a port, or an air freight carrier can disrupt supply chains and threaten human lives.
Hackers recognize transportation's value as a target and continue to escalate their attacks. In 2022, for example, the Port of Los Angeles deflected 40 million attacks per month, and the number ramped up after conflict erupted in Ukraine.
In response to these vulnerabilities, the federal government has passed the Infrastructure Investment and Jobs Act, which included $2 billion for the Department of Transportation (DOT) to expand its cybersecurity initiatives. State, local, and private agencies can address current vulnerabilities and prepare to meet emerging opportunities.
Current Vulnerabilities
-
Ransomware: Hackers use ransomware to lock down a company's network until they receive a ransom payment. Research from IBM indicates that one in every four cyberattacks is a ransomware attack. Most of these attacks succeeded through phishing or vulnerability. Professionals can help stop these attacks by educating front-line employees. -
Aging Infrastructure: Transportation companies with aging technological infrastructure face a higher risk of attack. Vendors rarely support outdated systems, leaving companies without up-to-date software packages or antivirus patches. -
Insufficient Security Assessment: In a security assessment, professionals for weaknesses and vulnerabilities. When transportation companies fail to perform adequate security assessments, they do not know where their cyberdefenses can be breached and cannot address those fractures in their systems. -
Vehicle Links to IT Networks: Algorithms that connect cars to Wi-Fi allow the vehicles to communicate with other automobiles, traffic lights, and lane markings. This kind of smart road infrastructure and vehicle-to-vehicle communication provide drivers with safety assistance features. But they also offer hackers other opportunities to weaponize cars or steal data.
Emerging Opportunities
-
New Research: DOT supports research combining cybersecurity and transportation. Researchers are specifically looking for data-derived best practices and policies to recommend across the sector. -
Federal Funding: As part of the recent infrastructure law, state and local governments can now access federal funds for cybersecurity infrastructure development across industries and sectors. The Transit Security Grant program, administered by the Department of Homeland Security, provides millions of dollars to help transit agencies protect transportation infrastructure. -
Increased Regulations: In 2021, the federal government issued new regulations requiring detailed planning and assessment. The same policy also increased staffing numbers to meet cybersecurity needs in transportation. -
>Intelligent Automation: Sometimes called cognitive automation, this approach to secure technology blends artificial intelligence with business process management and robotic process automation. While intelligent automation can help support or replace drivers, it also presents hackers with fresh entry points to vehicles. Cybersecurity experts who can help secure intelligent automation may put their skills to work in transportation security. -
Security by Design: This security-first approach to software engineering eliminates software vulnerabilities at the foundational level.
Which Transportation Industries Use Cybersecurity?
Air
Following the 9/11 attacks, aviation has increased security efforts. However, criminals can now attempt to penetrate digital access to planes beyond physical means alone.
After hackers attempted to disrupt operations at several key airports in 2022, the Federal Aviation Administration increased its cybersecurity efforts. Cybersecurity engineers and aircraft systems analysts assess threats and partner across agencies to implement effective security solutions.
Rail
By federal law, trains operate using Positive Train Control (PTC), which helps prevent collisions and accidents due to human error.
While PTC controls select vulnerabilities, hackers could exploit the system, leaving food or farm produce to spoil and potentially injuring hundreds of passengers on a single train. Vulnerability assessors and incident responders can help protect railways' operational technology.
Marine
Ships transport billions of dollars of freight on inland waterways, the Great Lakes, and the oceans. Cyberincidents at ports and in ship-to-port communication can severely disrupt supply chains and passenger transportation.
In 2020, for example, cyberattacks on maritime transportation systems increased by 400%. Network security specialists can help create firewalls and manage software updates to help prevent these attacks from succeeding.
Trucking
Trucks move about 72.2% of freight in the U.S. Malevolent hackers who gain access to trucks could use them as weapons, steal their contents, or access private information.
These criminals can attack devices inside trucks, at stopping points, at the home office, or through drivers' web applications. Most vulnerabilities are human, not technological, in origin. Security managers can help educate and manage employee behavior, greatly reducing risk.
Warehousing
Commercial warehouse facilities contain approximately 1.9 billion square feet of space across the United States. Warehousing works closely with transportation by storing merchandise between shipments.
These warehouses contain rich stores of physical goods and data — ideal targets for cybercriminals. Penetration testers and vulnerability assessors can review and assess warehouse security for potential weaknesses.
Increasing Cybersecurity in Transportation Industries
Transportation hubs concentrate people and merchandise, making highways profitable targets for criminals. In particular, the growing interface between the digital world and physical infrastructure is creating new and lucrative opportunities for hackers.
Consequently, the federal government and private enterprise recognize the critical need for advanced protection in the transportation sector. Their recent investments in cybersecurity in transportation present new opportunities. Funding supports research, technology improvements, and enough staffing to keep transportation secure.
New cybersecurity experts can find secure, high-paying jobs helping transportation companies maintain security and freedom.
FAQ About Cybersecurity and Transportation
-
How critical is cybersecurity to the transportation sector?
As the digital and physical environments of transportation infrastructure become more interconnected, instability can lead to urgent national security threats. Cybersecurity threats can disrupt air, trucking, shipping, and rail freight companies, putting a sector that accounted for 8.4% of the 2021 U.S. gross domestic product at risk.
-
Which transportation industries need cybersecurity the most?
All transportation industries can benefit from enhanced cybersecurity. However, trucking and aviation have historically experienced the sector's largest and most focused digital attacks. Cybersecurity on planes presents a particularly high level of risk in a post-9/11 security environment.
-
What are the biggest security threats facing transportation?
Ideologically driven cybercriminals may attempt to disrupt social and economic life to achieve power for themselves or their group. Money-motivated hackers may use ransomware to disrupt supply chains until victims make payments.
-
How do I get into transportation cybersecurity?
Transportation cybersecurity professionals can work for state, local, national, or international employers representing public and private agencies. Positions in the field may require hands-on learning, certification, higher education, and real-world experience, depending on the nature of the job. Some cybersecurity degrees emphasize transportation, which may give graduates a leg up.
Recommended Reading
Take the next step toward your future.
Discover programs you’re interested in and take charge of your education.