Few verticals in the global economy cover quite as much ground as the transportation sector. The organizations that comprise this essential part of every nation’s critical infrastructure range from government agencies to household names, but one thing unites them all: a desire to use advances in digital technologies to become safer and more efficient, reduce costs, improve environmental sustainability and enhance the passenger experience.
This digital transformation offers a fantastic opportunity for organizations to differentiate and grow on the back of improved services. But it also offers hackers unprecedented opportunities to extort money, steal lucrative data and even sabotage key services. This should matter to transport and logistics firms not only because of the potentially catastrophic impact on corporate finances and brand reputation, but because the sector is now regulated by the NIS Directive.
Digital transformation drives risk
There are some important reasons why organizations around the world are adopting emerging technologies to support their business needs. The Internet of Things (IoT), for example, offers supply chain logistics firms new ways to make more efficient use of resources. Big data analytics and machine learning might help to analyze traffic patterns to predict areas of congestion for drivers to avoid. Sensors fitted to trains offer real-time information to engineers and controllers, providing early warning on potentially faulty rolling stock and enabling a smoother service.
Digital transformation and IoT in transport
Our infographic explores investment and risk in IoT within the transport and logistics industry
When done well, digital transformation in transport ultimately benefits the customer, whether that’s because they get their Amazon parcel delivered quicker, or because they can use their smartphone as train ticket and boarding pass.
Yet as these organizations build out their digital infrastructure they’re also broadening the corporate attack surface, whilst at the same time becoming more reliant on technology and therefore increasing their risk exposure. Panasonic Business claims there can be in excess of 20 connected systems across modern train rolling stock, but warns that “connected systems will only be as secure as the weakest link”.
But the risks aren’t just theoretical. Maersk suffered losses estimated at $300m following the global NotPetya ransomware worm. That campaign was famously indiscriminate, but many other attacks will be specially crafted at individual transport firms, whether they’re designed to extort money from ransomware, or even steal data, as happened when an unauthorised intrusion hit shipping firm Clarksons.
Trust is everything for transportation and logistics cyber security
Cyber security is therefore important, not only to protect key services, but to preserve corporate reputation and consumer confidence. Nearly a third of travellers already believe transport systems are at high risk from cyber attacks, while only a quarter would trust such an organisation again were it to suffer a breach.
To get back on the front foot, IT leaders in the sector need to understand the potential business impact of a serious cyber attack, and then take time to reacquaint themselves with their DNS infrastructure. Because it is this that sits at the heart of the cyber security challenge, and potentially also offers a solution.
Cyber security in transport and logistics sector
Find out how DNS deep packet inspection can drive digital transformation in the transport and logistics sector
Why DNS, why now?
DNS is crucial to any organization, as it provides essential digital signage so humans and machines can find each other on the web, converting the domain names we type into the address bar to IP addresses that computers use to contact each other. Take it away and no organisation could operate effectively online.
Yet DNS is a challenge because it was built without security in mind. Hackers know this, and they can take advantage by attacking DNS servers to redirect users to phishing or malware sites; by smuggling stolen data out of organizations in whitelisted DNS traffic; or by using DNS packets to control compromised hosts inside the organization.
According to the National Cyber Security Centre (NCSC), DNS is used at some point in nearly all attacks. But because it is near ubiquitous in this way, it can also be used to positive effect.
Nominet’s NTX platform can spot the tell-tale signs of malicious code hidden in large volumes of legitimate DNS traffic. That means IT teams can detect and block attacks and clean-up any infected machines before they’ve even had a chance to impact the organization. As digital transformation continues to drive new and better ways for transport and logistics firms to do business, they must also consider the extra risks it generates. DNS-based security is a great starting point for a more proactive, preventative approach to threat mitigation.