The transport threat
Ransomware will proliferate over the coming years, with attackers locking individuals into, or out of, cars, taking control of vehicles in transit or causing other types of disruption.
As industries rush to develop ever-more digitised modes of transport, they are inadvertently increasing the number of opportunities attackers have to disrupt operations and put users at risk.
Over the last three years, the transportation industry has experienced dramatic technological upheaval, with automobiles, trains, planes, ships and drones all becoming more sophisticated and connected. The media and consumers alike are demanding constant connectivity to the internet, an element of autonomy and cleaner, renewable energy sources to power them. Investment across these industries has been significant, introducing incredible new designs and possibilities to life as we know it. From swarms of intelligent delivery drones to self-driving trucks and self-navigating ships; the world is changing rapidly – however, as industries rush to develop ever-more digitised modes of transport, they are inadvertently increasing the number of opportunities attackers have to disrupt operations and put users at risk. Cyber and physical domains have merged, birthing a hybrid threat landscape, capable of significant disruption and damage.
The leisure vehicle industry is set to experience significant growth over the coming years, with the number of connected cars manufactured globally topping 70 million in 2020. ‘Connected vehicles’ can be described as a vehicle with integrated systems such as internet access, and a local area network which controls basic systems – for example, newer models can have their entertainment, communications, locking and safety functions controlled remotely from applications. Ultimately the risk transfers from the end users’ driving ability to a plethora of applications running on proprietary software. Attackers will soon turn their attention to the vast number of vulnerabilities across software controlling these vehicles. Ransomware will proliferate over the coming years, with attackers locking individuals into, or out of, cars, taking control of vehicles in transit or causing other types of disruption. Lives will frequently be put at risk, causing nightmares for insurance companies as they face complex class-action legal battles should incidents begin to fall into recognisable patterns.
Threats will not be isolated to just cars – semi autonomous and autonomous trucks have been deployed in the US already, with Asia and the Middle East following suit. Cargo-carrying trains are becoming significantly more autonomous too. Entire supply chains could be disrupted should the trucking and train industries become overdependent on technology to operate. Nation state attackers could begin targeting trucks on the road, or trains on the rails, with the effects being felt across every single industry.
Drones have also seen significant technological development over the last few years and acceptance of their usage is improving too. Commercial drones have become more autonomous with increased range, equipped with cameras for prolonged surveillance. This opens up a number of opportunities for delivery, maintenance, agriculture, security and law enforcement, but again provides a number of new vulnerabilities for attackers to compromise. For example, drones could be simply knocked out of the sky and hijacked remotely; information collected by drones can be stolen and manipulated; there will be close-calls and disruption to the air travel industry too, with many close-calls being reported at airports in 2019 and 2020. Piggy-backing off of the development of drones is investment in more progressive and futuristic modes of transports – flying cars. Commercial and realistic use cases are still in their infancy, but attackers will certainly be excited about the prospect of this new emerging target too.
Finally, shipping vessels will also become a prime target, especially for terrorists and nation state attackers. From commercial ships to navies, as the industry becomes more accepting of autonomous ships, IoT devices and dependency on satellites, they will begin experience a range of attacks thought only applicable to leisure vehicles. However, cargo-carrying ships can hold an entire continents supply chain in one hand, as exemplified by the Suez Canal disaster in early 2021. This issue was caused by rough seas, but theoretically, ships could be disrupted significantly more by cyber attacks on applications and networks on board. From GPS navigation devices to power, the potential for damage is high.
Whilst the coming years will likely introduce a number of benefits for the travel and transport industry, a word of caution is prudent. Historically, attackers will target any mode of transport they can with whatever means they have at their disposal – whilst connectivity and autonomy is attractive for consumers, it is equally attractive for those vying for disruption and chaos.