Cyber threats in public and freight transport

Table of contents

• The digital transformation of transport and new attack surfaces
• Ransomware in SCADA systems: paralysis and blackmail
• GPS Spoofing: fangerous deviations in autonomous vehicles
• Transportation DDoS attacks: when one click brings a city to a halt
• Autonomous vehicles and the risk of remote attacks
• Threats to the freight supply chain
• The role of the NIS2 Directive in protecting the sector
• How to increase the level of protection

As infrastructure becomes increasingly digitalized, cyber threats in transportation pose a critical risk to public safety, service continuity, and supply chain resilience.

From rail networks to freight logistics systems, through autonomous vehicles and connected public transport, every component of the transport sector is today exposed to increasingly sophisticated cyber attacks.

This article analyzes the main transportation cyber threats, their potential impacts, real-world attack scenarios, and the security measures needed to defend the sector.

The digital transformation of transport and new attack surfaces

The digitalization of transportation has improved operational efficiency but has also expanded the attack perimeter for cybercriminals . Traffic control systems, on-board devices, communication networks between control centers and moving vehicles must be constantly monitored and protected.

Integrated IT systems in public and freight transport are often interconnected with other IT/OT components, making entire infrastructure ecosystems vulnerable. Cyber threats no longer only concern data but also compromise the physical integrity of vehicles and transport networks.

Ransomware in SCADA systems: paralysis and blackmail

SCADA ransomware is one of the most serious cyber threats to industrial and logistics systems related to transportation. Attackers can encrypt data from SCADA systems – which control traffic lights, tracks, valves and electrical systems – and demand millions of dollars in ransom in exchange for control being returned.

Example
The attack on the Danish railway company DSB in 2022, where an attack on IT service providers paralyzed the entire national railway network. This was not a direct attack on the train, but on the IT supply chain, demonstrating how external partners are also targeted

Ransomware attacks compromise the availability of services, creating cyber incidents that can stop trains, buses, planes and entire supply chains.

GPS Spoofing: fangerous deviations in autonomous vehicles

GPS spoofing is a technique that allows an attacker to send false GPS signals, tricking a vehicle into believing it is in a different location than it actually is. This technique can be used to:

• divert buses or trucks from the correct route,
• compromise autonomous vehicles by causing them to make navigation errors,
• hinder drones for last-mile logistics .

The 2019 Shanghai port case, where hundreds of ships received false GPS signals for days, demonstrates the potential impact on cargo transportation and maritime safety. When applied to urban transportation systems , this attack can lead to chaos, accidents, and property damage.

Transportation DDoS attacks: when one click brings a city to a halt

Transport DDoS attacks, or Distributed Denial of Service, aim to saturate servers that manage electronic ticketing, fleet monitoring and real-time traffic management. Cloud platforms that regulate urban traffic or freight logistics therefore become critical targets.

In 2020, the New York Transit Authority (MTA) suffered a DDoS attack that knocked out internal communications for hours. Although train control systems were not compromised, the disruption caused delays and panic among passengers.

Transportation information systems must be equipped with defenses that can withstand spikes in malicious traffic and continue to reliably deliver critical services.

Autonomous vehicles and the risk of remote attacks

The increasing use of autonomous vehicles in public and freight transport opens up new risk scenarios. Every software component, from the LIDAR system to the ECU control unit, can be the target of an exploit. A successful cyber attack could compromise the safety of the vehicle, causing accidents or route deviations.

In 2015, security experts Charlie Miller and Chris Valasek managed to remotely take control of a Jeep Cherokee through a vulnerability in the Uconnect infotainment system. This experiment demonstrated that even without direct physical contact, a vehicle can be compromised.

In logistics, the compromise of an autonomous truck convoy can cause extensive damage and blockages in the supply chain.

Threats to the freight supply chain

In freight transportation , companies can be affected not only at logistics terminals but throughout the supply chain , including shippers, warehouses, and IT providers. Cyber threats often target less protected third parties and then propagate into core systems.

An attack on the digital platform that manages containers in an intermodal yard can slow down or stop the movement of thousands of tons of goods. Cyber attacks on logistics can cause delays in deliveries, financial losses and breaches of sensitive data related to customers, routes and cargo.

The role of the NIS2 Directive in protecting the sector

The NIS2 Directive requires European Member States to strengthen the cyber security of critical infrastructure , including the transport sector . Companies and authorities providing essential services must implement risk management plans , take proportionate security measures and notify cyber incidents within 24 hours.

Organizations must be able to rapidly detect, contain, and recover from an attack, with particular attention to:

• IT/OT network segmentation;
• multi-factor authentication to prevent unauthorized access;
• backup and disaster recovery systems;
• security operation centers (SOC) active 24/7.

How to increase the level of protection

Companies operating in the transport sector must be proactive in improving their level of protection, focusing on:

• periodic vulnerability assessment;
• drafting of a specific Incident Response Plan for SCADA and OT environments;
• training staff against phishing and social engineering;
• implementation of advanced tools such as IDS/IPS, EDR and SIEM;
• adoption of technologies such as zero trust architecture and threat intelligence.

These approaches help companies reduce their attack surface, protect sensitive data , and ensure business continuity even in the event of a breach.

To conclude

Transport cyber threats are real, complex and rapidly evolving. Cyber attacks on transport systems not only put data at risk but also people’s lives and the global economy.

Defending the security of public and freight transport is a challenge that requires public-private cooperation, targeted investments, compliance with the NIS2 Directive and the adoption of advanced technologies . Only in this way will it be possible to effectively tackle cyber criminals and protect one of the most vital sectors for modern society.

Questions and answers

1. 1. What are the most serious cyber threats to transportation?
   Ransomware in SCADA systems, GPS spoofing, DDoS attacks, and exploits in autonomous vehicles.
2. 2. What is GPS spoofing and why is it dangerous?
   It is a technique that manipulates GPS signals to alter the location of a vehicle. It can cause detours or accidents.
3. 3. How can a DDoS attack affect public transport?
   By blocking the servers that manage ticketing, traffic and fleets in real time.
4. 4. What happens if ransomware hits SCADA systems?
   Rail, port or logistics operations could be paralyzed with high ransom demands.
5. 5. What security measures should transport companies adopt?
   Network segmentation, backup, continuous monitoring, strong authentication and staff training.
6. 6. Can autonomous vehicles be hacked?
   Yes, every connected component is a potential attack point.
7. 7. Is your freight supply chain secure?
   Not always: Many vulnerabilities are in suppliers or third-party systems.
8. 8. What is the role of the NIS2 Directive?
   It obliges critical companies to implement minimum security standards and to report incidents.
9. 9. How do you prevent unauthorized access in transportation?
   With multifactor authentication, network segmentation, and access control systems.
10. 10. Why is an Incident Response Plan important in transportation?
    To respond quickly to an attack, limit damage, and restore services safely.