Why Mass Transit Could Be the Next Big Cyber Target — SecurityWeek
Data Breach , Incident Response Industry
by Walker Banerd - April 17, 2018

A new article by Stan Engelbrecht, Director of D3’s Cyber Security Practice, is currently featured on SecurityWeek. Cyber attacks can cluster around certain industries for a period of time, once a particular method of attack has proven to be successful. Examples in recent years include ransomware in healthcare and user data breaches in tech. In this SecurityWeek article, Stan describes why mass transit could become a common target in the near future. In the following excerpt, Stan outlines the potential for terrorist or criminal attacks against transit systems, due to their reliance on vulnerable systems.

Unlike most industries, where the potential consequences of poor cybersecurity are largely financial or privacy-driven, an attack on a public transit system has the potential to be lethal. Vulnerable SCADA systems could be hijacked by terrorists or cyber-criminals to cause derailing or collisions. While this nightmare scenario has not yet occurred, there have been numerous incidents involving mass transit and other SCADA-dependent industries that paint a clear picture of how it could happen:

  • In late 2016, riders of San Francisco’s Muni transit system rode for free for a weekend, after a ransomware attack against the San Francisco Municipal Transportation Agency (SFMTA). On the surface, this was a relatively benign incident, but if a single hacker looking to make a quick buck could penetrate a major transit authority’s system, you can expect a state-sponsored or cyberterrorist attack to be much more severe.
  • In 2016, there were separate attacks against the SCADA systems of a utility in Michigan and a dam in New York in 2013.
  • In 2016, there were multiple attacks against metro and train control systems in South Korea, suspected to be from North Korean hackers.
  • In December 2015, a Massachusetts Bay Transportation Authority train travelled five stations without an operator controlling it. Hacking was never confirmed to be the cause but is widely suspected.
  • In December 2015, attackers in Ukraine cut off electricity to more than 230,000 people. Once inside the system, they overwrote the controls, rendering them unusable. This incident demonstrates the possibility for hackers to target both a system and the means for recovering it.

This article originally appeared on SecurityWeek. To continue reading, please click here to access the article in its entirety

Social Icon
Walker Banerd

Walker is D3 Security's Director of Content Marketing. He leads the writing of D3's blog, as well as white papers, industry briefings, and other thought leadership. Walker's expertise is translating technical concepts into easily understandable content, with a focus on software, cybersecurity, and compliance solutions.