Safety First: Staying ahead of the Cyber Threat

This article was originally published in the TSC’s 2017 Imagine Brochure, which can be read in full here

Smart technologies are revolutionising transport. But with greater connectivity comes an increased risk from cyber crime.

Transport professionals must become cyber-literate to survive in the “cyber-physical world”, according to a new Transport Systems Catapult (TSC) report. The next decade will see a paradigm shift in the transport landscape, as a system of mechanisms controlled by computer-based algorithms tightly integrated with the internet and its users ushers in a new era of Intelligent Mobility (IM).

But increased connectivity goes hand-in-hand with a greater threat from cyber crime, and according to TSC Technologist Aditya Thirunavukkarasu, a lack of Cyber Security awareness is proving challenging for the IM sector. “The industry is changing so rapidly, there is insufficient time for people to grasp what is happening,” says Thirunavukkarasu. “Lessons are only learned after an incident.”

Decentralised control of complex and interconnected networks, autonomous vehicles, and new technologies are making
the IM industry vulnerable to “more cyber-attacks, more often, and potentially with more severe consequences”, according to the Cyber Security and Intelligence Mobility report.

Additional pressures such as shortened timescales to push through products from development into public use also mean that basic security protocols are sometimes overlooked, leaving systems permeable to incursions via new, unsecured devices.

Introducing sophisticated technologies in the form of predictive analytics, anomaly detection and Artificial Intelligence is not
the whole solution, according to the report. What secure Intelligent Mobility requires is
a robust strategy and cultural focus to tackle the £2.4m average annualised cost of cyber crime to transport companies in the UK.

A recent report from the Institute of Directors echoes this sentiment. Although not exclusive to the transport industry, the findings concluded that while 95 per cent of more than 800 business leaders consider Cyber Security “very” or “quite” important to their business, almost 50 per cent have no formal security strategy.

The TSC proposes a clear strategy gathered from an in-depth review of reports, white papers, policy documents and academic research, as well as interviews and workshops with key stakeholders and more than 70 thought leaders, setting out five critical steps. First and foremost, says Thirunavukkarasu, an Intelligent Mobility future needs security principles – that is “security by design, rather than as an afterthought”.

“Many technological improvements can differentiate between an incident and a catastrophe. But a good security principle would be to analyse and understand those small incidents before they amass into something bigger. Small incidents can be a learning curve for knowing how to respond to more serious situations,” he says.

The TSC’s remaining critical steps suggest adopting technology and research roadmaps for converging with other mobility technologies and “up-skilling” the mobility sector workforce by positioning Cyber Security as an essential skill. Transparent practices and knowledge-exchange across all domains is crucial, as Cyber Security is not limited to the automotive or aviation sectors, but relevant to all UK businesses.

Finally, transport professionals must invest in innovative practices, such as advanced encryption techniques, advanced threat detection and high-security wireless communications. Close to 50 per cent of UK businesses have experienced a cyber attack in the last year, according to the
2017 Cyber Security Breaches Survey conducted by the UK government, which is accelerating investment in the cyber space domain, with £1.9bn of investment planned before 2021.

The good news is that the UK is one of the world’s leading nations in terms of Cyber Security capability. Established clusters
of expertise exist across the country, with many companies being spin-outs from government institutions such as GCHQ. Academic capability is also strong, facilitated through initiatives such as Cyber Security Centres of Excellence, and close ties between universities and government.

“However, culture change must underpin all,” warns Thirunavukkarasu. “You can have the best Cyber Security experts, but if they are not able to channel their efforts into the transport industry or if a transport professional is not able to see that Cyber Security is a bigger issue, progress will
be elusive.”

The average annualised cost of cyber crime to transport companies in the UK is : £2.4 million

Percentage of security and mobility professionals polled who identified autonomous vehicles as a key area of
focus over the next 10 years is: 

Cookies on Catapult explained

To comply with EU directives we now provide detailed information about the cookies we use. To find out more about cookies on this site, what they do and how to remove them, see our information about cookies. Click OK to continue using this site.