New Articles
  October 11th, 2022 | Written by

7 IoT and OT Cyber Risks in the Transportation Industry

[shareaholic app="share_buttons" id="13106399"]

The transportation industry is quickly adapting to the internet of things (IoT) and operational technology (OT). But with this adaptation comes a new set of cyber risks. IoT and OT have a well-documented history of cybersecurity vulnerabilities. Thus, the transportation industry is not safe as it adopts these technologies. This article will explore seven of the most pressing cyber risks in the transportation industry today.

1. Lack of Security in Third-Party IoT and OT Devices

Many transportation companies outsource developing and maintaining their IoT and OT devices. This reliance on third-party vendors creates a single point of failure. This can be exploited by cybercriminals. IoT and OT devices are often not developed with security in mind. This makes them soft targets for cyberattacks.

Moreover, these devices are often not updated with the latest security patches. This leaves them vulnerable to known exploits. This is a severe problem in the transportation industry. Many companies do not have the resources to secure their IoT and OT devices properly.

For example, the WannaCry ransomware attack in 2017 took advantage of a known vulnerability in Windows XP, which was no longer supported by Microsoft. The ransomware infected over 200,000 devices in 150 countries. It caused billions of dollars in damage.

Transportation companies must ensure that their IoT and OT devices are properly secured to avoid such disasters. This includes working with OT security vendors to ensure that devices are developed with security at the center stage.

2. Lack of Visibility Into the Attack Surface

IoT and OT devices are often spread across a transportation company’s network throughout the country or even globally. This can make it difficult for IT and security teams to get a complete picture of the company’s attack surface.

Transportation companies cannot properly secure their networks without visibility into their attack surface. This lack of visibility also makes it difficult to detect and respond to attacks on time.

For instance, the 2017 NotPetya attack crippled Maersk, the world’s largest container ship operator. The attack spread through Maersk’s network, causing over $300 million in damage. Maersk was forced to shut down its operations for weeks while it recovered from the attack.

Transportation companies must gain visibility into their attack surface to prevent such attacks from taking place. This can be done by collaborating with reputable, reliable, and experienced OT security vendors. Such vendors can help prevent attacks through the use of IoT and OT security platforms. The platforms provide visibility into all devices on a network, making it easier to detect and respond to attacks.

3. Insecure Communications Protocols

While highly unsafe, IoT and OT devices often communicate with each other using insecure protocols. These protocols are often outdated. They do not support modern internet and network security features. This makes it easy for attackers to sniff network traffic and intercept communications.

For example, the Mirai botnet attack in 2016 took advantage of insecure IoT devices to launch a massive DDoS attack. The attack took down several major websites, including Twitter and Netflix.

An easy way to solve this issue is to ensure that the IoT and OT devices use secure communications protocols. This includes using protocols such as TLS/SSL or IPSec for communication purposes.

4. Lack of Industrial Control Systems (ICS) Cybersecurity

IoT and OT devices are often used to control industrial systems, such as production plants, power grids, etc. These systems are often poorly secured, making them easy targets for attack.

For example, in a related instance, the Stuxnet worm took advantage of poorly secured industrial control systems. The attack destroyed centrifuges in Iran’s nuclear enrichment facilities. The worm spread through the facilities, causing millions of dollars in damage. A similar attack can take place in the transportation industry.

Thus, transportation companies must have the highest security for their industrial control systems to avoid falling prey. This includes using OT security vendors and security controls such as firewalls and intrusion detection/prevention systems.

5. Insufficient Security Controls in Place

IoT and OT devices often have minimal security controls in place. This is often because these devices were not designed with security at center stage. As a result, many IoT and OT devices are easy targets for attack.

The 2014 Jeep Cherokee is a rather (in)famous example of such attacks. The hack took advantage of insufficient security controls in the vehicle’s entertainment system. The hack allowed the attackers to take control of the vehicle’s steering, brakes, and engine.

To avoid such attacks, transportation companies must have adequate security controls to protect their IoT and OT devices.

6. Lack of Staff Training and Awareness

Many transportation companies do not provide adequate training and awareness for their staff. This can lead to employees using IoT and OT devices in an insecure manner. For example, employees may connect devices to the network without proper security controls in place.

Thus, to prevent a cyberattack from taking place due to human error, transportation companies must ensure that their staff is properly trained and aware of security risks. This includes providing training on how to use IoT and OT devices securely.

They can conduct training on a monthly or quarterly basis. This ensures that their staff is up-to-date on security risks and preventive practices. They can ask their OT and IoT vendors to provide training to their staff to ensure that the devices are protected to the highest degree.

7. Lack of Incident Response Plans

Many transportation companies do not have adequate incident response plans in place. This can lead to delays in responding to attacks. It can also lead to further damage being done by the attacker.

To prevent such mishaps, transportation companies must have adequate incident response plans in place. Have a plan for how to deal with attacks and what to do in the event of an attack.


The transportation industry increasingly relies on IoT and OT devices to improve efficiency and operations. However, these devices come with several security risks. Without proper security in place, these technologies could do more harm than good. Thus, transportation companies must be aware of these risks and use the right industrial cybersecurity solutions to mitigate risk.