The cyber security challenges facing Intelligent Transport System (ITS) or Intelligent Public Transport (IPT) in SA is not dissimilar to that of any business embracing a "digital business" model, however, the stakes could be higher.
So says Rory Young, portfolio manager: Support & Enabling Services at T-Systems SA. He explains the cyber security challenges facing ITS or IPT may be higher because transport systems are often the arteries carrying the life blood of our economy - our hard-working citizens, and their safety is paramount.
Young says in the advent of increasing urbanisation, the pressure is on to make transport systems more efficient and effective - through technological integration and automation.
"This requires the integration of systems, people, process, partners and governance that was all previously running independently," he explains.
Discussing security risks, Young points out in SA we are in an age of mobility, with the ability to interact with services or manage and control them remotely.
All of this creates considerable complexity and increased exposure to cyber threats, requiring a skill set that is often beyond the current transport operators and their engineers, he explains.
Sergey Gordeychik, head of Security Services, deputy CTO at Kaspersky Lab and Securing Smart Cities contributor, says for years transport systems were offline and the main goal was to establish safety.
"Now, in the interconnected world, more and more aspects of transport infrastructure became dependent on ICT and we need to take into account not only technical safety and reliability issues, but the impact of cyber attacks.
"Intelligent Public Transport uses information and communication technologies (ICT) to enhance quality, performance interactivity of urban transport services, to reduce costs and resource consumption and to improve safety," he reveals.
The intelligence in these systems, he says, are in the form of automated tickets, passenger information, WiFi in public transport, entertainment systems and technology that helps one to plan routes online, making transport more convenient.
Gordeychik explains Automatic Train Control and smart cars can help to cut the number of driver-related mistakes and incidents.
However, he warns these come with a list of security risks.
"Operational technologies convergence is a phenomenon which allows attackers to break into previously 'air gapped' systems to gain access into corporate infrastructure from inside and bypass traditional security tools due to the convergence of operating technologies," he explains.
He notes connected cloud-based wind turbine and solar power control, wireless automatic train operation systems and ATMs connecting via 3G/4G networks are already exploited by cyber criminals.
"If attackers can change timetables, switch off traffic lights, stop metro or derail trains, it is easy to see how life could be disrupted," he points out.
Michael Frans, head of business operations: automotive at T-Systems SA,says SA is focused on integration of the public transport networks, and this is evident by the large-scale bus systems rolling out across the major metro areas.
"With IPT rolling out across metro markets, the need to integrate positioning and performance of the vehicles allows for real-time optimisation of the fleets as well as information for retail customers beyond the traditional 'push notification'," he notes.
He explains the smart city concept links public and private transportation to city management systems which allows for city management to actively gain information with respect to congestion, road usage etc. and allow for optimisation of limited resources.
Risk solutions
Frans adds the cyber risks associated with connected vehicles are well documented, and there have been well publicised cases of vehicles being accessed via on-board diagnostics parameter IDs (OBD2) adaptors and also via smartphone connection to vehicle dashboards.
The risks, he says, lie in the firmware and software written into the connections between smartphones and the on-board units.
"OBD2 hacking is largely driven by aftermarket units that allow diagnostic and programming software to alter the vehicles standard programming and is used to alter engine performance and other characteristics," he explains.
According to a report released by Kaspersky, focusing on Cyber Security and Resilience of Intelligent Public Transport, it is impossible to protect public transport from cyber threats effectively if you don't account for how it interacts with city energy, telecommunication and public safety systems.
To avoid security risks, the report recommends operators develop secure and private communication networks to ensure the security of their communication networks and the privacy of the data travelling across these networks as they represent a target for attackers.
Kaspersky points out a combination of protection methods are required, including; tamper-resistant devices, access controls, firewalled VPNs, encryption, message integrity provisions, network intrusion detection systems, etc.75.
Young says combating IPT cyber threats requires a skill set that is often beyond the current transport operators and their engineers.
"The answer to meeting these new objectives is to partner with a proven ICT security service provider to combine the longstanding and vast experience of the transport sector and the ICT industry.
"Together they can identify the critical resources and capabilities that underpin their business, the associated threats that target them, as well as the identification of good practices in cyber security that can address these threats," he concludes.
Share