The recent cyber attack (September 2024) on the London underground isn’t just a wake up call for TFL – it’s a wake up call to us all.
When we rely on systems and data so much, then it stands to reason that any disruption is going to have very real world impact on us.
Why IT matters to you
When it comes to Cyber attacks, everyone is a target. It doesn’t matter who you are – if you have data then you’re a target.
If you use computers in any way – you can become a victim.
But more importantly, you, yes YOU reading this post rely on technology in your everyday life. From reading this amazing blog(!) to travelling to your favourite destination on holiday, and everything in between. You rely on technology. You TRUST technology, and those who provide it to protect their systems, and to protect the data within it.
The Cyber attack on TFL
Ok, let’s back up for a moment for those who may have missed it, and look at what actually happened last month.
First let’s look at some background information, in recent months, TfL has been fitting Contactless ticket barriers to about 100 stations across the Home Counties. with the latest tranche due to be switched on on September 22.
This roll-out has now been paused.
The Cyber attack was first noticed on 1st September when they discovered that customer data had been accessed, which included names, addresses and bank details of over 5,000 people.
At the time, TFL stated that this was a "sophisticated" and "aggressive" attack (but that describes all attacks, right?!) and that the clean up operation could cost several million pounds.
But it wasn’t just data placed at risk. Jam Cams, external dial-a-ride bookings and concession card applications systems had to be shut down too. Live arrival information wasn’t available, along with digital channels for information such as TFL Go and the TFL Website.
As investigations continued, TFL was unable to process Oyster payments and the contactless app was not working too. Meaning payments needed to be made on the website, or in stations.
All-in-all… It was a bad day at the office for TFL.
How did it happen?
Right now, this is beyond my knowledge and I’m sure more details will be unearthed in the coming weeks and months.
So, watch this space
What can we learn from this?
This is a much better question, and one that we should all be looking at, as security professionals but also business owners AND as concerned citizens.
Fundamentally, this all comes down to trust. Who can we trust with our data and with our critical infrastructure?
This isn’t a rhetorical question. You need to sit with your teams and ask;
What systems do we rely on?
Who holds our most important data?
What data is it they actually hold?
How reliant on them are we?
These questions can be asked individually (have a word with yourself!) and collectively with your business.
Supplier Management
At the end of the day, this all comes down to supplier management. If you work for TFL then you have bigger questions to ask and to answer, and I’m afraid that would be a far bigger blog! (But if you need help, please get in touch).
What next?
We know that a 17year old man has been arrested (5th September). It is reported that a ‘teenager was arrested’, and while that’s technically true, calling them a teenager makes it sound like a ‘kid’ was playing and did a naughty thing.
Remember - It was a sophisticated and aggressive attack. It is also unlikely that he acted alone. This is Organised Crime.
What happens next for this person we are yet to find out.
But what happens to you? That’s something you can control.
Take action today to understand what you have, and who you rely on. Build your contingency plans and take action.
If nothing else, we must learn from these incidents and prepare ourselves for the next cyber attack WHEN it happens.
Because as Deputy Director Paul Foster, head of the NCA’s National Cyber Crime Unit, said…
“Attacks on public infrastructure such as this can be hugely disruptive and lead to severe consequences for local communities and national systems.
More questions?
If you need help with understanding your reliance on data or suppliers, or building a comprehensive Business Continuity Plan, please get in touch. We utilise various security frameworks like ISO27001, ISO27701, NIST and Cyber Essentials to ensure information security and data protection are considered in all that you do. If this is something you need help with, then please get in touch.