Last month we released a research paper that delved into what sort of threats could possibly plague the fully automated, online-integrated transportation system of tomorrow. The research paper, titled “Cyberattacks Against Intelligent Transportation Systems,” includes our dissection of and observations on the multi-layered system that would soon be changing how we work, travel, and do business on a global scale. It also contains our findings on what security issues and incidents could arise from the integration and operation of such a system. Securing the physical and cyber infrastructure of an ITS is a huge undertaking for all stakeholders. What would it take to secure and protect such a massive system against cyber threats, especially for those who are or will be responsible for one (i.e., a Chief Information Security Officer [CISO])? The first step is to know what the threats are and which ITS components are high risk.
In our research paper, we enumerated three broad types of attacks that threaten an ITS: network attacks, wireless attacks, and physical attacks. Having rated various threats against ITS using the industry-standard DREAD (Damage Potential, Reproducibility, Exploitability, Affected Users, Discoverability) threat model, we concluded that network attacks pose the most serious threat to ITS, followed by wireless attacks and then physical attacks.
It’s not hard to see why this is the case. An ITS is made up of multiple systems that are not only online but are also composed of interconnected, IoT-capable devices. It stands to reason that network-based attacks could cause the most harm. Aside from causing operations downtime in an ITS due to a targeted disruption of service of the system’s devices, attacks on the network could also lead to information theft/data breaches, both of which can affect revenue. Many (if not all) potential attackers of systems similar to ITS such as nation states, criminal gangs, hacktivists, and terrorists are known for leveraging network-based attacks against their targets, making the threat of network attacks against ITS inevitable, not just possible.
The key to successfully securing an ITS infrastructure is to focus heavily on network security. By doing so, stakeholders can mitigate the worst attacks that can be launched against an ITS through the network vector as well as defend against the other threats that can use the other two vectors.
But how should those in charge of ensuring an ITS’s security go about this process? What kind of defense strategies should they employ and what security technologies should they procure for their overall defense plan?
Securing Transportation Networks
Defense strategies for ITS should be formulated with one key principle in mind: No defense is impregnable and it is safer to assume compromise and take countermeasures. As such, an ITS defense system and team should be able to do the following:
Quickly identify and respond to ongoing security breaches/cyberattacks
Contain the security breach and stop the loss of sensitive data/mitigate potential damage
Pre-emptively prevent attacks by securing all exploitable avenues
Apply lessons learned to further strengthen defenses and prevent repeat incidents
A defense system with these capabilities ensures not only protection that is quick to react and mitigate ongoing attacks but also one that evolves with the threats. It should also incorporate the following security technologies as a mandatory minimum:
Network segmentation — Splitting a network into multiple subnetworks reduces congestion, limits failures, and improves security. Putting all the ITS controllers on a dedicated network that is separate from the corporate network reduces risks of lateral movement and improves overall security.
Firewalls — Firewalls monitor both ingress and egress traffic from unknown and bad domains and identify applications or endpoints that generate or request bad traffic. They are an essential staple in network defense, and as such, should be applied in an ITS infrastructure setup.
Next-generation firewalls/Unified Threat Management (UTM) gateways — Network security products that unify multiple systems and services into a single engine or appliance. They can incorporate firewalls, Intrusion Prevention System/Intrusion Detection System (IPS/IDS), anti-virus, web filtering, application control, and other solutions all in the same appliance.
Anti-malware — Software that scans files to detect, block, and remove malware such as viruses, Trojans, worms, keyloggers, ransomware, rootkits, and so on, from the system. Anti-malware uses heuristics, generic, and specific signatures to detect known and unknown malware. With how commonly malware is used in cyberattacks, anti-malware technology is essential in ITS defense.
Anti-phishing solutions — Email-filtering products that scan for and block incoming spam and phishing emails. Spear phishing is one of the top infection vectors. Some anti-phishing solutions also use message sandboxes to screen for potentially malicious attachments.
Breach Detection Systems (BDS) — Security solutions focused on detecting intrusions caused by targeted attacks and other sophisticated threats designed to harvest information from the compromised systems. BDS analyzes complex attacks out-of-band, detecting rather than preventing network breaches.
IPS/IDS — Network security systems that examine traffic flow to detect and prevent network attacks. IDS are passive systems that generate a report when a known bad event is identified. IPS rejects the packet when a known bad event is identified. IPS/IDS monitor the entire network for suspicious traffic by analyzing protocols and doing deep packet inspection.
Encryption technologies — Software for the encryption and decryption of data in the form of files, email messages, or packets sent over a network. Encrypted network traffic will defeat Man-in-the-Middle (MitM) network-sniffing data theft attacks.
Patch management (physical or virtual) — Patch management software keeps endpoints, servers, and remote computers updated by applying the latest security patches and software updates. Virtual patch management uses a security enforcement layer to prevent malicious traffic from reaching vulnerable systems. In a large IT environment where patches need to be thoroughly tested before applying it to all nodes in the network, virtual patching provides the stopgap measure of filtering out malicious traffic attempting to exploit known vulnerabilities.
Vulnerability scanner — An automated tool that scans endpoints, servers, networks, and applications for security vulnerabilities that an attacker can exploit. One of the tried-and-tested ways malware does lateral movement is by exploiting vulnerabilities on the target machine it wants to infect. A vulnerability scanner scans and identifies unpatched vulnerable endpoints, servers, and applications, which the IT administrator can then patch.
Shodan scanning — Shodan is a search engine for internet-connected devices. Shodan provides an easy one-stop solution to conduct Open-Source INTelligence (OSINT) gathering for different geographic locations, organizations, devices, services, etc. Software and firmware information collected by Shodan can potentially help identify unpatched vulnerabilities in the exposed cyber assets. ITS operators should monitor their IP ranges in Shodan to ensure their managed devices and systems are not exposed on the internet.
These already-available security technologies have been proven to help protect against cyberattacks and could have defended against the real-world attacks against ITS that we’ve seen wreaked upon ITS components (e.g., hacked signboards and public utilities infected with ransomware). For example, the WannaCry ransomware that recently infected computerized transportation systems could have been detected and blocked by anti-malware solutions. Virtual patch management could also have resolved the SMB vulnerability (MS017-010) that the WannaCry variant uses to propagate as well as infect systems.
Protection Through Collaboration and Cooperation
In addition to setting up proven security technologies, CISOs and decision-makers in charge of developing and maintaining ITS infrastructure should consider working with the myriad government and public and private institutions and organizations — which will either benefit from a secure ITS or contribute to its construction and maintenance, or both — in securing the ITS itself. The widest net should be cast: from manufacturers, national authorities, police agencies and insurance companies, to political organizations and, most importantly, the primary users of the ITS itself, the drivers.
Such involvement and collaboration will enable the development of useful legislation and technology that will aid in the future infrastructure’s security. The soon-to-be-implemented General Data Protection Regulation (GDPR) is a good example of a security-centric legislation and policy, one that will no doubt benefit future ITS infrastructure with its focus on state-of-the-art technology and data protection. The International Organization for Standardization (ISO) has a technical committee (TC 204) tackling standardization of ITS technology pertaining to information, communication, and control systems — with organizations and experts in Europe, the US, and Asia taking part. In terms of security, one of the standardization efforts is WG (Working Group) 1’s development of guidelines for protecting privacy in the development of ITS standards and systems (TR 12859). WG 5 also has data security-focused work items which aim to create security frameworks for electronic fee collection (EFC) systems (TS 19299). No doubt more will be created in the future as more ITS technology gets developed and rolled out into production.
With all of this, protecting an ITS must seem like a herculean task. But an essential and interconnected infrastructure system such as an ITS warrants it. If we start thinking about cybersecurity as early as now, then we can ensure that we reap all the benefits of the roads of tomorrow — convenience, safety, and revenue.