The transportation industry appears to be waking up to a renewed specter of threats following a series of distributed denial-of-service (DDoS) attacks that temporarily took down several U.S. airport websites. These sorts of targeted hacks on critical infrastructure often precede necessary and crucial advancements in the application of cybersecurity best practices. While strong security measures have always been an objective, the airline industry now looks to emphasize backup plans, threat exercises, and visibility as a response to the system outages caused by these types of attacks. The October outages for Los Angeles International Airport (LAX), Chicago O’Hare (ORD), and Atlanta Hartsfield-Jackson International appear to be part of ongoing pro-Russian cyberattacks escalation of a recent campaign protesting the U.S. government’s support for Ukraine in its war with Russia. Unfortunately, the general media have minimized the urgency these threats truly pose. There are a lot more on the way.
Major Incidents Come in Chains
Cyber-attacks on airport systems, websites, and the entire transportation ecosystem could be just a taste of something larger than ever thought possible. These most recent attacks appear to be inconvenient disruptions on the surface, but once you understand how the ecosystem of attackers operate, you cannot eliminate the possibility that today’s technology inconvenience is a Phase 1 component of a grander attack.
As a matter of methodology, hackers will test the perimeter of any means. That includes human chain events and every matter of technical circumvention possible. Any weakness that can be detected and exploited to map, obtain data, or distract will be gathered, strategized on, scaled up, and delivered. What compounds the problem is that in the sub-culture of hacking, most hackers will share their findings on the dark web with the hacker community, even if their interests do not fully align.
A Little Bit of Disruption, But a Major Amount of Fail
Halfway through 2021, a small group of hackers launched an attack on the Colonial Pipeline. This pipeline network connects the United States with refined petroleum products and gasoline for delivery throughout most parts of the east coast; when it shut down its main lines (which could be compromised by cyberattacks), nearly half our country’s fuel supply became disrupted. Drivers drained supplies in gas stations across the southeastern United States, airlines had to reroute flights around impacted airports, traders were rocked by unexpected price volatility, and logistics companies tried to desperately locate new sources rapidly enough to prevent things from becoming even worse.
The Colonial Pipeline hack is a sobering reminder that we all live in dangerous times. Attacks against transportation, fuel supply, and major utilities are urgent matters that prescribe awareness, preparation, and a shift toward pre-emptive thinking that begs the question: What’s next?
When the Worst is First
In order to put ourselves into a pre-emptive mindset, we must think of the worst possible scenario first. In the airline industry, air traffic controls are one of the most vulnerable and critical types of systems that could face a crippling attack. From there, the targets could be commercial airplanes themselves. The next 9/11-style hijacking could conceivably be a cyber-takeover of passenger liners.
Over the last several years, security researchers have demonstrated the vulnerabilities of in-flight systems with ethical hackers being able to take over a commercial plane’s engine operations. Several of these reports indicate that a dependence on legacy technologies served as an exploitable weakness, with some ethical hackers even successfully hacking a plane from the ground through various communication systems. As experienced in the Colonial Pipeline incident, a small, seemingly innocuous event can be all that is needed to cripple an entire portion of the country. Considering how catastrophic the aftermath of one of these attacks has proven it can be, a proactive response for preventing a cyber incident should be a top priority.
Readiness and response capabilities are the prerequisites to any critical infrastructure security strategy. All these components are measurable in accordance with the sequencing, severity, and impact of a ‘minor’ attack. In the wake of major incidents, we can trace the chain of events to a finite point of reconnaissance that was ultimately used to conduct the broader attack.
These industries need continued, perpetual modernization. We should never hear about legacy technologies being a technical obstacle to the health and security of systems that drive needed and required services. Flexible, rapidly updatable technology is a must, but by the same token, great care must be put into the integrity of the update process and the validation of critical systems.
A Proactive Future
To ensure the integrity of their business-critical assets and services, organizations need a thorough understanding of the technology that powers them. This includes seeing all sides objectively in an incident as well being able monitor for potential threats and cyberattacks from anywhere at any time.
Responding to the rapidly changing security landscape, organizations must now move from a mature level of cybersecurity towards an advanced and adaptable proactive posture. To do so will require adopting foundational capabilities that focus on risks that matter and incorporating customers into a resilience management that emphasizes next generation processes and technologies. While an advanced security posture is not a small feat due to the massive cyber talent shortages and evolving sophistication of cyberattacks, it is achievable when partnerships are properly leveraged.