Over the last year, there have been multiple instances where cybercriminals have targeted the U.S.’ transportation infrastructure. These include attacks against ferries, railways, and even oil supply chains. These attacks cause widespread disruption in the lives of ordinary citizens. A committee of lawmakers from the Department of Homeland Security will discuss industry-wide measures to improve cybersecurity for the transport sector and prevent attacks of such scale and magnitude.
Colonial Pipeline Attack and Need for Better Cybersecurity for the Transport sector
This comes after hackers breached the Colonial Pipeline in May. The attack compromised the billing system, leading to a halt in pipeline operations. The company had to shut down the pipeline as a precaution because the attackers may have obtained information allowing them to carry out further attacks on vulnerable parts of the pipeline.
The attackers had also stolen close to 100 gigabytes of data and then threatened to release it on the internet if a ransom was not paid. In the days that followed the incident, fuel shortages began to occur at filling stations, caused by panic buying. States like Alabama, Georgia, Florida, North, and South Carolina reported gas shortages. In some cases, 71% of filling stations ran out of fuel. American Airlines changed flight schedules temporarily after the shortage hit Charlotte Douglas International Airport. Following which President Joe Biden declared a state of emergency, removing limits on the transport of fuels by road.
In the aftermath of the incident, several lawmakers questioned the federal government’s strategy to protect industries from modern cyber threats.
“Inaction isn’t an option,” said Rep. Bonnie Watson Coleman, D-N.J., chairwoman of the Transportation & Maritime Security Subcommittee at a joint subcommittee hearing Tuesday. “When gas stops flowing due to a cyberattack, it doesn’t just impact the pipeline’s owner. It means Americans struggle to fill up their tanks.”
The lawmakers also pointed out that along with the pipeline, New York City’s Metropolitan Transportation Authority, the Steamship Authority of Massachusetts ferry service, and the Port of Houston, were all targeted after President Joe Biden took the august office.
“We can’t wait until a hacked plane falls from the sky or a breached railroad gridlocks our nation’s supply chain to take action. The real cost would be borne by the passengers injured or even killed,” she said.
Earlier this month, the Transportation Security Administration stated that it would issue security directives for airports and rail transportation. These measures will require higher-risk entities to report cyber incidents to the agency.
Cybersecurity for Critical Sectors
The transport sector is defined as one of the critical infrastructure companies and calls for effective strategies to strengthen the infrastructure both in the immediate and long term. Since any disruption in this sector has cascading effects on other critical sectors, the government’s motion calling for better measures to strengthen cybersecurity for the transport sector is a welcome and much-needed change.