The nation’s transportation infrastructure is just as critical to the functioning of society as its water supply and power grid, which makes it an attractive target for nation-state cyber criminals seeking to launch solo attacks or work in tandem with terrorists to cause disruption as part of a larger-scale attack. Meanwhile, the combination of complex, interwoven information systems that modern transit systems depend on leave them particularly vulnerable to a variety of cyber threats. This is especially the case in organizations that depend on older SCADA systems, which were designed in the pre-internet area and present multiple vulnerabilities in the digital age.
Hackers can attack on several fronts, seeking to destroy an agency’s information and SCADA systems, render them inoperable, or even take control of them. Hackers can target an agency’s operational systems, enterprise information systems, enterprise systems, or any combination of the three, either through exploiting software or hardware vulnerabilities or by obtaining login credentials with the help of malicious insiders or through social engineering techniques such as phishing. Cyber criminals may also seek to compromise the personal data of employees and customers.
Customized Managed Security Services to Protect the Transportation Sector from Data Breaches and Critical Infrastructure Attacks
As cyber threats against the transportation sector grow in frequency, gravity, and complexity, the technology and expertise to combat them grows more complex, which necessitates that agencies in this sector obtain help from cyber security experts to ensure that their systems are secure and safe. Mosaic451’s staff are experts in critical infrastructure and SCADA network security, leveraging years of experience working with the federal government to protect some of the most complex and sensitive systems in the nation. Mosaic451’s managed security services are fully customized to meet your organization’s unique needs and environment, and can include:
- 24/7 SOC systems monitoring and incident response conducted remotely, on-site, or both
- On-site, dedicated personnel who can work in tandem with your existing security staff or function as a full security operations team
- Breach assessment services
- Device security management
- Security strategy consulting
- Identity access management
- Business continuity and disaster recovery planning and services
- Compliance with the NIST Risk Management Framework, the National Initiative for Cybersecurity Education (NICE), ISA/IEC-62443, ISO/IEC standards, American Public Transportation Association (APTA) recommendations, US ICS-CERT, HSPD-7, Payment Card Industry (PCI) standards, FISMA, FIPS, and Section 816 of the Patriot Act compliance and audits