London, United Kingdom - 29 Jun 2017: Digitization and mass connectivity are changing the face of transportation, and stakeholders are embracing modernization across the board: on land and sea, and in the air. Underlying this is a gradual transition from closed legacy systems that operate in siloed obscurity to open, modern platforms connecting to all kinds of assets. From fully automated trains, and eEnabled aircrafts, to self-driving vehicles and smart vessels, ABI Research believes all modes are undergoing profound change to optimize transport, cut costs, and enable an automated and connected service-based industry.

This evolution, however, is fraught with obstacles, notably around security. Cyber-based vulnerabilities render the infrastructure weak and prone to exploitation, whether malicious or accidental. Industrial control systems (ICS) play a heavy role in transportation systems and connecting these operational technologies (OT) will require stakeholders to develop and implement adapted cybersecurity technologies. Roadways will account for the largest part of cybersecurity spending in the transport sector, with $5 billion estimated by 2022. This is due in large part to the V2X infrastructure that will be deployed for self-driving and connected vehicles. Aviation and railways will follow closely, with $3.9 and $3.5 billion, respectively. Maritime will account for the smallest share of spending at $1.4 billion.

“The new generation of ICS is Internet-enabled, using commercial off-the-shelf software and leveraging a range of non-proprietary protocols,” says Michela Menting, Research Director at ABI Research. “They are increasingly automated, highly integrated, and interconnected with a vast range of different devices in both IT and OT. While the transportation sector places heavy reliance on functional safety and physical security, the cyber protection of connected OT is currently inadequate and will require some significant work.”

Prior to connectivity, closed transportation systems did not necessarily need manufacturers or operators to apply digital security. But connectivity changes priorities, and security considerations are wide-ranging.

“Transport stakeholders will have to implement digital security if they want to successfully realize the efficiencies and cost savings that connected OT promises to deliver,” concludes Menting. “This will require forethought and planning, and collaboration between cybersecurity experts and IT professionals, OT specialists, engineers, control system manufacturers, and process operators, within the modes, across the sectors, and with private and public stakeholders internationally.”

Vendors actively engaged in deploying cybersecurity alongside transport operators include Alcatel-Lucent Enterprise, Lynx Software Technologies, NCC Group, RAD Data Communications, RazorSecure, Telefonica, ThetaRay, and Waterfall Security. In parallel to industry efforts, the development of policy, law, and standards is high on the cybersecurity agenda of international organizations alike, with bodies such as the UN, NATO, ISO, IEC, ICAO, IMO actively engaged in updating international conventions and developing guidelines alongside a host of national agencies such as the U.S. DOT and DHS, and the E.U. ENISA, EASA, ERA and EMSA.

These findings are from ABI Research’s Critical Infrastructure Security: Transport report.