Salted Hash Ep 14: Are mass transit systems the next big target?

This week we’re talking about the safety of transit systems

This week Salted Hash talks with Stan Engelbrecht, director of the cybersecurity practice at D3 Security, about the inherent flaws in security defenses for public transportation systems -- and what can be done.

Most transit systems were built during a time when security was something added after the fact, if it was a consideration at all.

"Depending on the threat actors, [transit systems] are a pretty juicy target. You're talking about being able to do a lot of damage with probably very little effort," Engelbrecht said, because security by design wasn't something in the forethought when these systems were being developed.

Some of the SCADA systems coordinating mass transit systems have been in operation since the 1970s, and while they were intended to be separate from other networked systems – convenience won out and pushed security to the back burner.

A 2015 transportation report from the Department of Homeland Security cited the aging infrastructure as a top risk, linking it to cyber-based risks due to the growing interconnection between systems.

"Cyber threats to the Sector are of concern because of the growing reliance on cyber-based control, navigation, tracking, positioning, and communications systems, as well as the ease with which malicious actors can exploit cyber systems serving transportation," the report said.

There isn't much that can be done to address all of the risks and problems (potential and existing) short of replacing much of the transit infrastructure. In the meantime, there has been a lot of focus on improving incident response and improving segmentation where possible.

For an audio podcast only, click play (or catch up on all earlier episodes) below. Or you can find us on iTunes, Google Play or Sticher where you can download episodes and listen at your leisure.

Happy listening, and please, send feedback or suggestions for future topics to us. We'd love to hear from you.

More on securing critical infrastructure:

Copyright © 2018 IDG Communications, Inc.

Subscribe today! Get the best in cybersecurity, delivered to your inbox.