Trafikverket officials said the attack was cleverly aimed at TDC and DGC, the agency's two service providers, but they were both aimed in such a way to affect the agency's services.
Trafikverket was able to restore service in a few hours, but the delays affected the entire day's train operations.
While initially, some might have thought this was a random incident, the next day, a similar DDoS attack hit the website of another government agency, the Sweden Transport Agency (Transportstyrelsen), and public transport operator Västtrafik, who provides train, bus, ferry, and tram transport for parts of Western Sweden."
-- Source Bleeping Computer
Fortunately there was no loss of life, however, according to reports Trafikverket's email systems and website were down and passengers were unable to make reservations or get travel information updates.
"In July 2017 criticism was mounting over IT security at Swedish government agencies after it emerged that millions of Swedes' driving licence data may have been leaked to other countries. Sweden's security police Säpo has investigated the Swedish Transport Agency (Transportstyrelsen) after information about all vehicles in the country – including police and military – was made available to IT workers in Eastern Europe who had not gone through the usual security clearance checks when the agency outsourced its IT maintenance to IBM in 2015.
One Transport Agency staff member described the outsourcing without proper security checks as handing over "the keys to the Kingdom" in an interview with Säpo, reports DN.- Source " source-TheLocal.SE' July 2017
The Cyber Senate 3rd Annual Rail Cyber Security Summit will continue to address the key most critical issues challenging rail and infrastructure owners in the transport sector March 13/14th in London 2018. We are already confirming speakers and our headline solution providers will be announced imminently.
The 2018 Summit will be a two-day single-track senior level business critical and technical summit including multiple panel sessions and roundtables addressing the following but limited to;
- SOC's and different models that can contribute to cybersecurity management for the sector
- Incident Response and Anomoly Detection
- Government and Industry- Creating a Culture of Awareness, defining leadership for the sector
- Developing a baseline for cyber maturity
- What we can learn from vertical sectors including nuclear, oil and gas, utilities, aviation and chemcial
- Securing IOT and IOT - Playing Catch-Up in the 21st Century
- Securing asset information, passenger information systems
- Cyber Security and Safety- Ensuring operational integrity
- Supply Chain Security and Managing 3rd Party Risk
Rail Cyber Security Summit
13th & 14th March 2018
The Marriott Regents Park
Sponsorship available for a limited time