Email us: Tim@transportsecurityworld.com
/ Call us: + 44 (0) 20 7045 0900
  • Transport Security & Safety Expo 2018
  • Waterfall Stronger Than Firewalls

Security mistakes largely unchanged in a decade leave companies open to attack, warns transport CISO.

Posted on 02-Feb-2018 14:11:25

Data security.jpg"The awareness of the topic in transport is still lagging behind other industries, while the hackers are speeding ahead of us."

The transport industry is still “lagging behind” other industries in terms of digital security and must strengthen their defences to combat sustained threats from cyberattacks. They are the thoughts of Lies Alderlieste-de Wit, chief information security officer at The Netherlands’ main transport provider, Nederlandse Spoorwegen, who warned that awareness of the issue had been overtaken by the speed at which change was progressing.

Speaking to our sister publication, SmartRail World, Alderlieste-de Wit said that the speed with which technology is progressing had opened up the transport industry as a whole to the sort of attacks that could cause networks serious problems. Worryingly though, she explained that although the threats had grown the same errors were being committed.

Lies Alderlieste-de Wit, CISO of Nederlandse Spoorwegen“The top 10 software programming mistakes that made our website vulnerable to hacks are pretty much the same as 10 years ago,” said Alderlieste-de Wit. “In my job it comes in waves. For instance, in 1999 when my profession didn’t yet exist, a big wave of misunderstood risks around the Y2K bug caused a lot of hysteria.”

Alderlieste-de Wit, whose security career began 18 years ago and includes positions at Unisys (@unisyscorp) and Accenture (@Accenture), warned that a major complicating factor was the speed at which today’s threats are exploited. “The awareness of the topic in transport is still lagging behind other industries, while the hackers are speeding ahead of us.”

Click here to download your copy of the Transport Security and Saftey Expo 2018 BrochureIn her position at the public transport provider Nederlandse Spoorwegen, Alderlieste-de Wit helps the company stay aware of cyber risk to ensure they’re understood and implemented across the organisation. But making that job more difficult – for all industries, not just transport – was the dearth of information security professionals at their disposal. “Another huge challenge is how to recruit and retain cyber professionals, as the huge shortage of skilled staff is starting to become apparent,” she said.

However, it’s the approach to cyber security that Alderlieste-de Wit really wants to see change if it is to be one step ahead of the hackers. “We’re still using fear, uncertainty and doubt when we communicate cyber risk,” adding that many in the industry still use fear in the hope it will motivate a response. “This is despite behavioural change experts knowing that it doesn’t,” she concluded.


You may also be interested in these stories from Transport Security World…

Read: “Train attacks are no longer science fiction,” declares startup after raising $4.7M to protect rail and metro from cyberattacks.

Visit: Transport Safety & Security Expo, June 11-12, 2018.

Expert view: Combating the increasingly sophisticated digital threat to rail and metro.

Download: A Layered Approach for Securing “Internet of Things” Devices in Transportation.

Read: A.P. Moller-Maersk reveals $300m loss after Trojan-style cyber attack

Topics: Rail&MetroSecurity, CyberSecurity

Get The Latest Updates From Transport Security World

About the Author

Dave Songer