Strengthen the link between digitalization and cybersecurity in public transportation sector

In the digital era, almost every process in the world is linked to ICT, in some way or another.

In the last decades, we have seen an exponential growth among process digitalization involving every sector, and public transportation companies were not the exception.

In a public transportation Company we can have hundreds of processes that covers every aspect of the business: from the service execution to the fleet maintenance through the material supply chain. This complex graph of interconnected processes made a complete digitalization shift harder than other sectors, and even today some very specific tasks completely relies on paper and manual intervention. Historical reasons also play an important role on this topic, since public transport companies typically have more than 100 years, and some habits or practices are harder to change.

Within this scenario, a progressive digitalization of public transport, together with the introduction of novel ICT technologies such as IoT, Mobile Applications, Big Data, Machine Learning, have produced a wider and wider digital surface for attacker to exploit. Consequently, in this complex and heterogeneous situation, it is easier to find “holes” or unsecured areas to exploit in a growing “surface of attack”.

Today, this surface of attack is mainly composed by publicly exposed data and services, mobile applications, connected buses, smart display at the bus stops or at the metro stations, digital tickets, and many other will come in the near future.

So, how to deal with this complex, rapidly changing scenario? Of course, cybersecurity must play a key role on these matters, from the very beginning of any digitalization process or new technology introduction, in order to cover all this new areas without leaving holes. In the last years, new regulations about data management and privacy have emerged in the European context, mainly to stress out the implementation of more strict rules and policies to deal with a digital world driven by data. GDPR is, of course, the most important example but, considering it alone is not enough to put ourselves safe. We must consider as much variables and aspects as we can, using a “holistic” approach.

Furthermore, the increasing number of cyber-attacks against public sectors companies or entities that have been recorded in the last years highlights the priority that we must give to the cybersecurity in our organizations. In general, attacks could target both the service execution, also potentially put in danger the passengers, and the sensitive data that the Company handles (i.e. customer data, process-specific data).

Participating in the CitySCAPE Project gives us the possibility to enhance our cybersecurity awareness and capabilities by taking advantage of the Project’s holistic approach. By testing the CitySCAPE tools in the forthcoming Pilots, we will explore an integrate cybersecurity solutions that take cares of:

  • Preventing attacks using novel intelligence approaches and continuous risk assessment strategies. This will help us to continuously monitor our heterogeneous assets, in order to rapidly discover any vulnerabilities and then putting in place countermeasures before the attack could be made
  • Contrast cyber-attacks by using innovative IDS/IPS and SIEM tools developed within the Project. This will help us to study and test novel approach and technologies in attack detection and mitigation
  • Enhance cybersecurity awareness of the public transportation company employees. This will help us to enhance the internal defences against cyberattacks since, mostly of the time, an attack starts with the action of an internal user that is deceived by a phishing email or by a misuse of the ICT tools and infrastructures.

AMT

AMT S.p.A. (AMT) is the mobility company owned by the “City of Genoa”. AMT is in charge of providing public transport to the Metropolitan area of Genoa, Liguria chief town. By a multi-modal transport system, counting over 130 million transfers per year covering 27 million kilometres, AMT suits the Genoese transport requirements best. The multi-modal system is granted by different means of transport: urban and sub-urban buses, trolley buses, a subway, funicular railways, a cog railway, a narrow-gauge railway, an urban ferry-boats and on-call services.

AMT mission is representing for the Metropolitan City and the Genoese:

  • A quality solution to sustainable mobility requirements;
  • An outstanding feature of Genoa attractiveness
  • A strategic partner of the Civic Administration in the constant effort to ensure new solutions for the local integrated mobility.