"The awareness of the topic in transport is still lagging behind other industries, while the hackers are speeding ahead of us."
The transport industry is still “lagging behind” other industries in terms of digital security and must strengthen their defences to combat sustained threats from cyberattacks. They are the thoughts of Lies Alderlieste-de Wit, chief information security officer at The Netherlands’ main transport provider, Nederlandse Spoorwegen, who warned that awareness of the issue had been overtaken by the speed at which change was progressing.
Speaking to our sister publication, SmartRail World, Alderlieste-de Wit said that the speed with which technology is progressing had opened up the transport industry as a whole to the sort of attacks that could cause networks serious problems. Worryingly though, she explained that although the threats had grown the same errors were being committed.
“The top 10 software programming mistakes that made our website vulnerable to hacks are pretty much the same as 10 years ago,” said Alderlieste-de Wit. “In my job it comes in waves. For instance, in 1999 when my profession didn’t yet exist, a big wave of misunderstood risks around the Y2K bug caused a lot of hysteria.”
Alderlieste-de Wit, whose security career began 18 years ago and includes positions at Unisys (@unisyscorp) and Accenture (@Accenture), warned that a major complicating factor was the speed at which today’s threats are exploited. “The awareness of the topic in transport is still lagging behind other industries, while the hackers are speeding ahead of us.”
In her position at the public transport provider Nederlandse Spoorwegen, Alderlieste-de Wit helps the company stay aware of cyber risk to ensure they’re understood and implemented across the organisation. But making that job more difficult – for all industries, not just transport – was the dearth of information security professionals at their disposal. “Another huge challenge is how to recruit and retain cyber professionals, as the huge shortage of skilled staff is starting to become apparent,” she said.
However, it’s the approach to cyber security that Alderlieste-de Wit really wants to see change if it is to be one step ahead of the hackers. “We’re still using fear, uncertainty and doubt when we communicate cyber risk,” adding that many in the industry still use fear in the hope it will motivate a response. “This is despite behavioural change experts knowing that it doesn’t,” she concluded.
You may also be interested in these stories from Transport Security World…