Cyber security in the public transport sector – the big unknown!?

17 December 2015  •  Author(s): Thomas Kritzer, Member of the UITP Security Commission

Thomas Kritzer, Member of the UITP Security Commission, discusses how and why cyber security is becoming a prominent issue within the public transport sector, and explores the ways to overcome this threat.

Cyber security in the public transport sector

To suggest that cyber security is an upcoming topic is wrong; it has already existed for a number of years, and nowadays with the advanced development of IT systems, cyber security is now a big issue for the public transport sector.

Cyber security is affecting public transport, like most other business sectors, but it is a threat that is manifesting itself in a way that the public transport sector and security managers are not used to.

The first question approaching the challenge might be: what is cyber security? And what is the threat? Cyber security can be defined as the protection of computers or IT networks from attack, damage or unauthorised access. A more detailed analysis of this includes the reduction of threat and vulnerability, possible deterrence measures, (inter)national engagement, incident response procedures and capabilities, resilience, recovery policies and activities. Looking at it on a wider perspective, it includes computer network operations, information assurance, law enforcement, diplomacy, military and intelligence missions, as they all relate to the security and stability of global information and communications infrastructure.

A different IT landscape

A good approach to the cyber threat is knowing what will be protected. A few years ago, it was relatively easy to describe the sensible IT systems used in public transport systems. For example, the core of a rail system was, or is the most isolated signalling system and is the backbone of the IT side. Isolated means that there is no (IT) interface to the outer world. Various IT systems were used in the entire company, as in many other business sectors, also with IT safeguards in place. Having analysed this architecture it was relatively easy to describe the landscape and possible threats to the IT system.

The rest of this content is restricted to logged-in subscribers. Login or register (it's free!) to view the full content.

Leave a reply