HOW HACKERS COULD CAUSE CHAOS ON AMERI
Transportation systems are tempting targets for cybercriminals, and many government officials are only now BY JENNI BERGAL
38
GCN APRIL/MAY 2018 • GCN.COM
W hen hackers struck the Colo- Touche. “It could create crashes or chaos on It’s not uncommon for hackers to take
rado Department of Transpor- tation in a ransomware attack in February and again eight
days later, they disrupted the agency’s operations for weeks.
State officials had to shut down 2,000 computers, and transportation employ- ees were forced to use pen and paper or their personal devices instead of their work computers. Staffers whose comput- ers were infected didn’t have access to their files or data, unless it was stored on the internet, and the attack affected the payroll system and vendor contracts.
It could have been a lot worse. The Col- orado hacks didn’t affect traffic signals, cameras or electronic message boards, and state IT officials, who refused to pay the ransom, said the system had been 95 percent restored as of mid-April.
Transportation systems are ripe targets for cybercriminals, according to cybersecurity experts, and many state and local government officials are only now waking up to the threat and realizing they need to beef up their defenses.
“A cyberattack or threat could affect everything from municipal transportation to high-speed transit rail that operates between cities,” said Srini Subramanian, a state cybersecurity principal at Deloitte and
 the highways or even on city streets.” The Colorado incidents have trans-
portation officials, who normally busy themselves with more routine matters, thinking more critically about system security.
“DOTs are traditionally built around building and maintaining asphalt and concrete. That’s our bread and butter,” said Alan Davis, an assistant state traf- fic engineer at the Georgia DOT and a member of a national panel researching the best ways to prepare transportation systems for cyberthreats. “But there’s also this other world that operates that infrastructure. This world is a new thing for a lot of DOTs.”
In February, Maryland Transportation Secretary Pete Rahn told a meeting of the American Association of State High- way and Transportation Officials that security breaches are a big concern for his agency, which oversees public transit, highways, tolls, a port, an airport and the Motor Vehicle Administration.
If hackers get into the network, he said, “they can play with our trains, traffic signals, variable message boards. We’ve never had to think about these things before.”
Rahn’s fears are not far-fetched.
control of electronic messaging signs on roads, often as a prank. Some will display obscene language, jokes or personal messages. Usually, the hackers access the signs remotely through a network connection for which a password might not be reset or even used at all.
But hacking into a transportation system can have more serious conse- quences. In 2008, a 14-year-old computer whiz used a device to hack into a tram system in Poland, derailing several trains and injuring at least a dozen people.
The growing use of ransomware
State and local governments face grow- ing threats from hackers and cybercrimi- nals, including those who use ransom- ware — malicious software that hijacks computer systems, encrypts data and locks machines, holding them hostage until victims pay a ransom or restore the data on their own.
In 2016, a ransomware attack struck San Francisco’s light rail system, disrupt- ing its computer system and email. Hack- ers requested about $73,000 in bitcoin
to unlock the agency’s computers, which the Municipal Transportation Agency refused to pay. As a precaution, it turned