Monday, 16 October 2017

DDoS attacks on rail infrastructure

According to recent press, "DDoS attacks on two separate days have brought down several IT systems employed by Sweden's transport agencies, causing train delays in some cases. The incidents took place early in the mornings of Wednesday and Thursday, October 11 and 12, this week.
Trafikverket officials said the attack was cleverly aimed at TDC and DGC, the agency's two service providers, but they were both aimed in such a way to affect the agency's services.
Trafikverket was able to restore service in a few hours, but the delays affected the entire day's train operations.
While initially, some might have thought this was a random incident, the next day, a similar DDoS attack hit the website of another government agency, the Sweden Transport Agency (Transportstyrelsen), and public transport operator Västtrafik, who provides train, bus, ferry, and tram transport for parts of Western Sweden."
-- Source Bleeping Computer

Fortunately there was no loss of life, however, according to reports Trafikverket's email systems and website were down and passengers were unable to make reservations or get travel information updates.

"In July 2017 criticism was mounting over IT security at Swedish government agencies after it emerged that millions of Swedes' driving licence data may have been leaked to other countries. Sweden's security police Säpo has investigated the Swedish Transport Agency (Transportstyrelsen) after information about all vehicles in the country – including police and military – was made available to IT workers in Eastern Europe who had not gone through the usual security clearance checks when the agency outsourced its IT maintenance to IBM in 2015.
One Transport Agency staff member described the outsourcing without proper security checks as handing over "the keys to the Kingdom" in an interview with Säpo, reports DN.- Source " source-TheLocal.SE' July 2017 

The Cyber Senate 3rd Annual Rail Cyber Security Summit will continue to address the key most critical issues challenging rail and infrastructure owners in the transport sector March 13/14th in London 2018. We are already confirming speakers and our headline solution providers will be announced imminently.

The 2018 Summit will be a two-day single-track senior level business critical and technical summit including multiple panel sessions and roundtables addressing the following but limited to; 
  • SOC's and different models that can contribute to cybersecurity management for the sector
  • Incident Response and Anomoly Detection
  • Government and Industry- Creating a Culture of Awareness, defining leadership for the sector
  • Developing a baseline for cyber maturity
  • What we can learn from vertical sectors including nuclear, oil and gas, utilities, aviation and chemcial
  • Securing IOT and IOT - Playing Catch-Up in the 21st Century
  • Securing asset information, passenger information systems
  • Cyber Security and Safety- Ensuring operational integrity
  • Supply Chain Security and Managing 3rd Party Risk
Call for Papers

3rd Annual 
Rail Cyber Security Summit 

London England
13th & 14th March 2018
The Marriott Regents Park
Sponsorship available for a limited time

No comments:

Post a Comment

Contact us for more information


Email *

Message *

Google+ Followers

Follow by Email