OT Security Concerns in Transportation and Logistics on the Rise

By CISO Collective Editorial | May 19, 2022

Shipping, rail, and maritime firms are embracing digital transformation (DX) to increase efficiencies and cut costs. Unfortunately, DX also raises the likelihood of cyberattack on these companies’ operational assets. And the more connected the transportation industry becomes, the more cybercriminals will target it.

Fortinet recently compiled and analyzed the views of transportation leaders via a research study and released the findings in a report titled 2021 State of Operational Technology Security in Transportation and Logistics. It is full of research about how the cybersecurity professionals in the transportation and logistics (T&L) industries fared last year and what most concerns them this year.

Research for this report was conducted by Virtual Intelligence Briefing (VIB), an interactive online community of more than 2.2 million IT practitioners and decision-makers. These individuals shared their experiences and opinions by participating in vendor-neutral surveys across virtually all IT/OT domains.

The state of OT security in T&L white paper offers three key insights for those working in transportation and logistics organizations:

  • While business objectives are driving operational technology maturity in T&L organizations to higher levels, cybersecurity concerns about specific threats and threat actors are also on the rise.
  • For most T&L organizations, the historical OT “air gap” that both assisted and hindered security has essentially disappeared, leading to increased concerns that must be addressed.
  • T&L organizations are on the right track when it comes to security, but too many remain vulnerable and are experiencing breaches with significant impacts to their businesses.

Leadership Support

The report research indicates that security leaders in T&L companies generally feel supported by senior executives. However, most also remain deeply concerned that their OT infrastructure could be targeted by malware, exploited by phishing attacks, or contain existing or known vulnerabilities. Many are sure that in 2022 their organization will experience an OT cybersecurity breach.

There were some other concerning survey findings. For example, in the last year, 43% of T&L organizations experienced four or more OT cybersecurity breaches and, this year, 56% of T&L organizations are more concerned about an OT cybersecurity breach than they were last year.

Another finding that provides a window into what really concerns T&L organizations’ security leadership is that 80% feel malicious, negligent, or inadvertent insiders are their biggest OT threats.

Top Security Technologies in Use

Many OT security technologies are deployed across T&L organizations. The top two areas of security investment are vulnerability management and network segmentation. This is relevant since the majority of T&L operational technology is now highly integrated into IT networks. This means that OT systems which were previously “air-gapped” are now online and vulnerable to cyberattacks. Because of this development, the responsibility for OT security is shifting from network operations directors to the CISO or CIO.

While this may have the positive result of OT being included in broad corporate security initiatives, it could also have the negative of effect of OT losing the specific and essential focus on its unique security issues.

Best Practices for OT Security in Transportation and Logistics

Based on the study’s research, below are five best practices specifically for T&L organizations:

  1. Segment the network: With the elimination of the OT air gap, network segmentation is the first architectural concept to deploy to protect OT environments. The network should be divided into a series of functional segments or “zones” (which may include subzones or microsegments), and make each zone accessible only authorized devices, applications, and users.
  2. Control identity and access management: Many OT cyberattacks are the result of stolen credentials via successful spear phishing. According to the surveyed T&L organizations, less than half plan to increase their identity and access management within the next 18 months. This should be a top priority for leaders.
  3. Identify assets, classify, and prioritize value: Enumerating OT assets and prioritizing them by value to the business will help prioritize which assets to focus on. Lacking visibility is a critical security gap and an expanding threat landscape will only degrade existing OT security.
  4. Analyze traffic for threats and vulnerabilities: After next-generation firewalls (NGFWs) divide a combined IT/OT network into segments and conduits, network traffic should be inspected for known and unknown threats.
  5. Secure both wired and wireless access: In an OT environment, two popular targets for cybercriminals are network switches and wireless access points (WAPs). Security should be by design, administered from one central interface for both, instead of relying on protection via point solutions managed via multiple interfaces. Centralized security management not only reduces risk, but it also improves visibility and minimizes administration time for security and operations teams.

The research found that most T&L organizations seem to understand the growing cybersecurity risks. However, these companies appear to be mature enough in their OT security stance and aware they must be vigilant and coordinated in their IT/OT security response. And the wisest among them know they need to continue to invest in OT security technologies to fend off disastrous cyberattacks.

Learn more and access the full report: 2021 State of Operational Technology Security in Transportation and Logistics.