Security and Safety

Simple Cyber Security Steps for Your Fleet Operation

Posted on September 29, 2017 by Donald Luey

How do you inspire mistrust of the Internet when your colleagues routinely ask it to pay their bills, deliver groceries, and check in on their mom? The bottom line is you can’t, or at least to do so might become counter-productive as we need innovative ideas to move our agencies forward, not cynicism and fear. But in the face of increasingly damaging ransom ware and phishing attacks, how do we safeguard our vital data vaults from the innocent employee mis-click or well-disguised but malicious lures? This is one place where building a proper wall not only makes sense, but doesn’t cost much and won’t significantly inhibit the workflow of your team.

Awareness Reform
The first part of this wall does require a bit of awareness reform. Assumptions about the safety of certain links and files need to be upended, and then replaced with a better understanding of how to identify threats independently. If the end user is the weakest link in your security grid, then building up the end user’s defenses makes a lot of sense.

We did this at Foothill Transit by piggybacking on National Cyber Security Awareness Month, which is every October. The Department of Homeland Security provides a free, well-crafted tool-kit designed to fully inform your team about myriad cyber security issues ranging from social media and using public WiFi, to scam tactics, and phishing. Supplementing regular email tutorials with face-to-face Q&A sessions can drive home the good habits you need people to emulate.

Safeguarding Access
Safeguarding access to the network comes next. Usually entry is governed by a user ID and a password, with the password usually created by the end user. If it’s just one word or a name, it only takes a hacker 1.37 milliseconds to breach it, less, if the word is only one or two syllables. If the word is intentionally misspelled, add nine minutes. Add a capital letter? Now we start to see some traction. A capital letter on a three-syllable word can take a month to breach. Add a number and you start getting into years. Add a symbol like “!” or “@” and the predictions get into decades or even centuries, but we can expect those estimated times to reduce significantly over time as hackers get more savvy and as technology evolves. The point being that right now in 2017, requiring end users to complicate their passwords by just a couple of symbols can create a nearly impenetrable barrier at what is potentially a serious weak point. The cost? A few emails, maybe some well-written protocols and policies, and a little creativity.

The Department of Homeland Security provides a free, well-crafted tool-kit designed to fully inform your team about myriad cyber security issues ranging from social media and using public WiFi, to scam tactics and phishing.

In the end though, relying entirely on your end user to buy into policies and procedures still leaves a few gaping holes. Human error and routine being what it is, it makes sense to install another form of authentication outside of end user control that narrows network access even further. At Foothill Transit, this came in the form of randomly generated codes with a short shelf life. Codes could be accessed on a small key ring fob or via an app on a cell phone, only last 60 seconds, and are required prior to entering a personal password. This coded entry point is the gate before the gate, and self-destructs if not used in time. Team members with direct server access add another layer of authentication in the form of a PIN.

All of this adds up to, what we hope, is an unbreachable network — at least for now. In a few months it’s entirely possible that one or all of these tips will be upended and new tactics will have to be employed. In which case keeping isolated in the server room can cripple you as easily as a bad email link. Staying on top of this constant evolution, in the form of training, conference attendance, and sharing strategies and ideas with other security minded professionals isn’t optional and should be baked into your team’s culture and workflow. This can be difficult when the helpdesk piles up. Network wellness is only as robust as the people working it, so make sure you’re paying attention to their needs as well as the network’s.

Donald Luey is the IT Director for Foothill Transit.

View comments or post a comment on this story. (1 Comment)

More News

NY MTA, union call for more penalties for bus operator attacks

The announcement came a week after a B15 bus operator was violently assaulted while driving.

MV Transportation adding Lytx system on 1,500 more vehicles

The new deployment covers MV's support for King County Metro, the RTC of Southern Nevada, and Capital Metro.

BART Police Chief outlines his vision for safety

Chief of Police Ed Alvarez shared promising new crime data showing his new strategies are already paying off (see video).

NJ Transit makes major advancement of positive train control

The FRA has approved the agency to begin Revenue Service Demonstration of the safety technology.

Law enforcement teams keep crime levels down on LA Metro system

Since 2017, the agency uses Metro transit security, private security and in-house fare compliance officers to better protect the system.

See More News

Post a Comment

Post Comment

Comments (1)

More From The World's Largest Fleet Publisher

Automotive Fleet

The Car and truck fleet and leasing management magazine

Business Fleet

managing 10-50 company vehicles

Fleet Financials

Executive vehicle management

Government Fleet

managing public sector vehicles & equipment


Work Truck Magazine

The number 1 resource for vocational truck fleets

Schoolbus Fleet

Serving school transportation professionals in the U.S. and Canada

LCT Magazine

Global Resource For Limousine and Bus Transportation