Trend Overview
In the past two years, the increase in ransomware incidents across the transportation industry has changed every security conversation. These incidents have prompted detailed NIST frameworks for agencies to follow as the occurrence of cyberattacks intensifies. The very public attack on a subway in April 2021 created an environment of immediate action. Although no one was injured in the attack, it did cause a great deal of disruption and created industrywide awareness. Security is now a formal requirement. So, what does compliance mean, and what does “being secure” look like? The primary principles of secure operations remain the same, whether they are regulated or not. Three requirements that keep coming up in conversations about secure operations are as follows.
In the transportation industry, projects are typically delivered on an individual basis. Thus, networks and other control assets often vary. As a result, the inventory of control system assets, instrumentation, and communication assets is also very diverse. Keeping an updated inventory of all assets and their security vulnerabilities is nearly impossible. However, an incomplete view of the asset security posture can provide significant attack opportunities to bad actors without being detected. Asset inventory and visibility is foundational to a strong security practice.
Strong Risk Mitigation
Cybersecurity risk mitigation, including firewalls, endpoint security, malware detection, behavioral analytics, and more, is where the bulk of money is spent. Because there are so many mitigation tools to choose from, a systematic approach is helpful in ensuring maximum risk mitigation.
A Response Plan
With stronger regulation around the reporting of incidents, we are all more aware of how common security breaches are. This makes a response plan essential. The plan articulates which experts get called in to assess damage and restore operations. It also identifies a methodology for communication, reporting, and other post-incident action items. Security has become a necessary companion to the benefits of digital operations. They exist in lockstep on the journey to safe, agile, and responsive operations.
Use the form opposite to get in touch with Cisco directly to discuss any requirements you might have.