Ransomware Attack Against Bristol Airport Shows Need for Smart, Secure Digital Infrastructure in Transportation

In the technology arena, “disruption" has a positive connotation. Disruptive technologies successfully challenge the status quo and drive new markets. For example, self-driving cars are expected to disrupt the traditional automotive industry, while data-driven airports are now the norm.

But there’s another, less savory kind of disruption prosecuted by malicious actors. Hostile nation-states and criminal hackers seek not to increase efficiency, but to hold companies and public infrastructure hostage, literally and figuratively, for political advantage and/or profit. This past weekend, a ransomware attack hit the U.K.'s Bristol Airport, increasing the stress and inconvenience of travelers trying to reach their destinations, forcing front-line staff to resort to manual, pen-and-paper systems while the airport’s IT team labored to contain the attack.

An undisclosed ransomware strain hit Friday morning and took systems down through Saturday and into Sunday. While the cyberattack on Bristol targeted its administrative systems, the airport opted to take several vulnerable systems offline as a precautionary measure – including public-facing flight arrival and departure information monitors. As a result, airline staff had to update passengers via whiteboards and frequent public address announcements.

Bristol Airport’s spokesperson reported that “at no point were any safety or security systems impacted or put at risk,” which is good news. The inconvenience of waiting for luggage, while annoying, doesn’t endanger anyone.

But the attack illustrates how the transportation industry and municipalities need to increasingly consider the risks of cyberattacks as connected vehicles, Internet of Things (IoT) devices, and other technologies become integral to our transportation infrastructure.

The USA’s National Safety Council released data that of the estimated 40,000 traffic accidents in 2017, human error caused 90 percent. This information drives the desire to increase the number of self-driving cars on the roads.

As always, however, the new technology creates new risks: driverless cars combine sensors and software that control, navigate and drive the vehicle. The cars receive data from sensors similar to (yet distinct from) radar, which is then transferred to an internal map. The Light Detection and Ranging (LIDAR) systems that capture the information feed it to internal cameras, similar to rear-view / reversing cameras. To maintain vehicle-to-vehicle communications, these cars require short-range communications devices.   

These communications pose a cyberattack risk. Securing these connections presents the same problems as securing IoT devices. Short-range unprotected device communication often lacks the cybersecurity necessary to protect data. Hackers potentially can exploit vulnerabilities in short-range communication to gain entrance to the car's entire system, then access the vehicle’s other connected systems.

Machine learning and artificial intelligence (AI) help support the flood of data traveling through modern airports. Flight Information Displays (FIDs), Baggage Information Displays (BIDs), and Gate Information Displays (GIDs) -- like those that were shut down in the Bristol Airport ransomware attack -- all feed back to the airport's website. This feed opens up potential new points for attackers trying to gain illicit access to information.

The Bristol ransomware attack forced the airport to halt a number of processes, including arrival and departure displays. Yet an attack on one access point could be used to create backdoor access to other connected applications and databases. For example, if the displays were connected to an airline database that feeds information to other applications, passenger personally identifiable information could be at risk.  Airlines and airports increasingly interconnect a variety of devices via vendor applications.  One weak information security control in a seemingly innocuous application that also connects to a database containing private information could lead to a costly and embarrassing data breach.

Moreover, the Bristol Airport cyberattack disrupted real-time information collection and distribution, forcing employees to manually update flight and baggage information. The data loss led to passenger frustration, delays and missed connections, adding up to a business interruption cost as the airport recovered from the breach.  

In the 1950's, transportation safety required creating physical highways and bridges. Today, transportation infrastructure includes both rebuilt bridges and rebuilt communication technologies.

AI and IoT present some of the largest risks to transportation security. Data collection enables safer practices, but the connections to IoT that allow the data to instruct humans and vehicles are often less than robust.

Safety and efficiency drive technological disruptors, both the good and the bad. Increasingly, the transportation industry will become a target for malicious actors. The rapid and continuous evolution of ransomware and other types of malware presents a constant challenge for security counter-measures to keep pace.

Looking toward the future, cities and airports need to invest more heavily in secure digital infrastructure. The Regional Plan Association of New York and New Jersey in the US believes that between 70 and 90 percent of vehicles will be self-driving by 2045. To accommodate these new vehicles, cities and suburbs need start updating their traffic management systems (TMS).

Many municipalities currently use automated systems to collect data to monitor real-time traffic flow, detect malfunctions, and manage their intelligent transportation system (ITS) devices. However, with new self-driving cars, these systems will need to be updated to accommodate the many new devices that will interact with them.

Similarly, the creation of truly safe smart airports will require the deployment of more secure IT infrastructures that better protect data. Legacy systems will increasingly put passenger and flight data at risk.

Commercial airlines and other transportation providers present a tempting target for cybercriminals, as successful attacks can affect vast numbers of travelers, ratcheting up the pressure to pay a ransom quickly in order to minimize harm to operations, sales, and reputation. While Bristol Airport did not pay a ransom to its attackers, the process of containing this single malware incursion wreaked havoc for more than 48 hours.

As technology adoption evolves in the transportation industry, it will have to invest in smarter, safer digital infrastructure that leverages AI, machine learning and blockchain to thwart attacks and ensure that its critical data is protected, unaltered and always available.