Metrolinx making 'significant investments' to protect Presto from hackers - Action News
Home WebMail Tuesday, November 26, 2024, 11:27 AM | Calgary | -13.1°C | Regions Advertise Login | Our platform is in maintenance mode. Some URLs may not be available. |
Toronto

Metrolinx making 'significant investments' to protect Presto from hackers

The Presto transit fare card used by millions of riders in Toronto, Hamilton and Ottawa is not immune to the type of cyberattack that crippled San Francisco's transit agency last weekend, according to IT security experts and Metrolinx.

After ransomware attack shuts down San Francisco's transit computers, Metrolinx admits every system vulnerable

With the growth of ransomware attacks on computers, including San Francisco's transit system last weekend, Metrolinx acknowledges that its computers and the Presto card system are as vulnerable to an attack as any other.

The Presto transit fare card used by millionsof riders in Toronto, Hamilton and Ottawa is not immune to the type of cyberattack that crippled San Francisco's transit agency last weekend, according to IT security experts and Metrolinx.

Hackers took down the Munitransit system's computers,rendering its fare-payment cards useless, so San Francisco transit officials were forced to let commuters ride for free.

The culprits used ransomware, a type of malicious software designed to extort money from the computer system's owner. Ransomware locks or encrypts a system's data, making it impossible to use, and the hackers demand payment to restore access.

It's the kind of thing that could happen not only tothe Presto system, but to any computerized aspect of transit, such as dispatching, GPS tracking and track signals.

"If we said,'It could never happen here,'then you would leave yourself very vulnerable," said Anne MarieAikins, spokesperson for Metrolinx, the agency that manages the Presto card, as well as GOTransit and the Union-Pearson Express.

"Any kind of attack can happen anywhere," Aikins said Tuesday in an interview with CBC Toronto. "One of the most important things to protecting yourself is to acknowledge that every system is vulnerable and then to protect yourself as best you can."

Atty Mashatan, an assistant professor at Ryerson University's School of Information Technology Management, says it's a question of when, not if, an organization will suffer a cyber attack. (photo supplied)

AttyMashatan, an assistantprofessor of information technology management atRyersonUniversity, agrees that ransomware can attack any computer system that's not properly protected, and transit agencies are no exception.

"It's no longer a matter of ifan organization is going to be hit by ransomware, it's when they'll be hit and affected," said Matashan in an interview. "And when it happens, are they prepared and ready or not?"

The San Francisco transit attackers demandedransom in the digital currency Bitcoin worth about $73,000 (US).

There have been no public reports of such attacks on Canadiantransit systems, but post-secondary institutions have been hit. On Tuesday, Carleton University warned students that ransomware messages were appearing on computers logged into its system.

The University of Calgarypaid $20,000 in response to a ransomwarecyberattack on its computer systems earlier this year. Memorial University of Newfoundlandfaced a small-scale ransomware attack just last month.

Other ransomware attackshave hit hospitals in Ontario,law firms in B.C.and even ordinary Canadian families,

Hackers took down San Francisco's Muni transit system's computers last weekend, rendering its fare-payment cards useless, so transit officials were forced to let commuters ride for free. (Shutterstock)

Ransomware "clearly is a growth industry," said Robert Hudyma, an associate professor at Ryerson's School of Information Technology Management. "The attackers can come from anywhere in the world."

Anytransit system using technology similar toSan Francisco's would be vulnerable,Hudymasaid, but companies can lessen their vulnerability with state-of-the-art design of their IT systems. "It wouldn't be hacker-proof but it would be resistant to hackers," he said.

Metrolinx has made "significant investments"in IT security, saidAikins, and has added roles in its organization to stay on top of cyber risks as they evolve. "You have to make sure you're armed against all the ways [hackers]couldimpactyourservice,"shesaid.

She said Metrolinx staff heard about the San Franciscocyberattackas it was happeningand stand to learn lessons from it.

Metrolinx says more than twomillion customers are using Presto cards on GO Transit, Toronto's TTC, Ottawa's OCTranspo, and the local transit services in such locations as Hamilton,Mississauga, York Region and Durham Region.