Danish State Railways (DSB), the largest Danish train operating company, suffered a DDoS attack Sunday, leaving many customers unable to purchase tickets.
DSB has more than 195 million passengers each year, but yesterday’s attack made it impossible for customers to buy tickets using the DSB app, website, ticket machines and certain kiosks at stations. The passengers were only able to buy tickets from staff on trains.
All systems are working as normal as of now and DSB made a statement that “we have all of our experts on the case”, but many believe that is not enough. Keeping control systems secure is imperative to public safety. An attack on more vulnerable management systems can result in widespread disruption to controls such as railway signaling and track movements.
The Transportation companies must adopt a proactive approach to cybersecurity to ensure that their services can stay online and successfully defend against a possible cyber-attack. At a minimum, NNT suggests implementing standards like the NIST 800-171 compliance controls or CIS Critical Security Controls to help improve your security posture. These controls are essential to a successful security foundational and outline prioritized, highly focused sets of actions to achieve compliance with government security requirements, but can certainly be applied to other hypersensitive industries like the transportation sector.
NNT’s Change Tracker™ product maps directly to 9 of the 14 security control families. To better understand what those controls are and where an organization might effectively start, download NNT’s 800-171 solution brief here. Or see below for a detailed breakdown of the 800-171 control families and learn how NNT can help you address each requirement.