Intruders attempt to psychologically manipulate employees and contractors to obtain confidential information.
Public transportation offices are witnessing a surge in social engineering cyberattacks, where intruders attempt to psychologically manipulate employees and contractors to gain confidential information. During a roundtable at the annual Transportation Research Board meeting on January 8, experts shared examples of these sophisticated attacks.
The Port Authority of New York and New Jersey has been particularly susceptible, with cybercriminals exploiting the “human fallibilities and vulnerabilities” of its employees, according to Josh DeFlorio, Chief of Resilience and Sustainability at the Port Authority.
In social engineering cyberattacks, digital criminals leverage their social skills to engage with specific organizational staff, aiming to obtain confidential information or access their computer systems. Jennifer DeBruhl from the Department of Rail and Public Transportation in Virginia recounted a successful attack that led to a statewide system outage lasting six months.
Cordell Schachter, Chief Information Officer of the United States Department of Transportation (USDOT), emphasized the importance of preventive measures, such as multi-factor authentication and system segmentation. He recommended a cybersecurity self-assessment and contacting the FBI or the Cybersecurity and Infrastructure Security Agency (CISA) in case of an attack. “Everyone should undergo a cybersecurity self-assessment to help us understand our current risks and report our plans to remedy them,” stated Schachter.
The US DOT combats these threats through monthly phishing tests for employees, reducing the click-through rate from 20% to 4%. Schachter underscored the immediate replacement of default passwords and basic cyber hygiene practices.
Effective strategies include flagging internal emails with red banners and integrating cybersecurity into the DOT’s strategic plan. Furthermore, the DOT collaborates with the Department of Homeland Security on risk management for the transportation systems sector to safeguard the national transportation network from cyberattacks. CISA provides online resources to counteract these threats.
While Google withdraws autonomous vehicles, Mercedes Benz reinforces its combustion vehicles. In recent years, automotive technology has experienced significant advancements, but it has also faced
Intuitive Machines carried out an attempt to land on the Moon. A spacecraft built and operated by Intuitive Machines, based in Houston, attempted a lunar
Heavy Vehicle Leadership Group, carriers and the future of EPA’s Phase 3. As transportation organizations grapple with proposed environmental regulations for heavy-duty trucks, vehicle manufacturers
January results in truck tonnage indexes and logistics managers. Truck tonnage started the year on a decline, with both annual and monthly decreases in January,