In an exclusive interview with Telecom Review, Goran Novkovic, Director of Industrial Cybersecurity at the Toronto Transit Commission (TTC), highlighted the foundational gaps hindering the protection of critical infrastructure and public transportation systems, and the urgent need for innovative best practices.
How would you describe the current state of industrial cybersecurity across Canada, particularly in the public transportation sector?
The current state of industrial cybersecurity in Canada, especially within the public transportation sector, can best be described as a work in progress. Unfortunately, this progress is not advancing at the pace I would expect, and many fundamental challenges remain unresolved.
The mission of industrial cybersecurity is to safeguard operations and critical infrastructure. Yet, I continue to see far too many organizations operating without essential operational visibility. Many cybersecurity teams are tasked with protecting systems they don’t fully understand, sometimes never even setting foot in the environments they are defending. They don’t truly know what needs protection. Simply put, they’re not ready.
Above all, I’m concerned that too many industrial cybersecurity strategies and solutions are built on assumptions rather than grounded in operational realities. Unless we address these foundational gaps, we cannot move forward effectively or ensure the protection of our critical infrastructure and public transportation systems.
What types of artificial intelligence (AI)-generated attacks are the most concerning for critical infrastructure like transit systems?
The most concerning attacks are what we call sophisticated attacks, specifically those targeting operational technology (OT) and industrial control systems (ICS). I’m not referring to common ransomware attacks, but rather highly coordinated, nation-state-level intrusions. These attacks are harder to plan and execute, but when successful, they are far more damaging to critical infrastructure.
Adversaries need time to learn the operational environment to carry out these attacks effectively. This is where AI can play a dangerous role, accelerating reconnaissance, shortening preparation time, and enhancing the precision of attacks.
At the same time, our critical infrastructure is becoming more integrated. We’re no longer talking about isolated systems but interconnected ecosystems; systems of systems. An attack on one part of the system can trigger ripple effects, leading to consequences that could be catastrophic.
How do you balance the opportunities of 5G, such as real-time monitoring, with the need to ensure robust cybersecurity controls?
Robust cybersecurity controls stem from industrial cybersecurity intelligence. This is the target state every organization must aim for to balance risk and opportunity.
With industrial cybersecurity intelligence, organizations can design, implement, and tailor cybersecurity solutions, including prevention, detection, and response capabilities, aligning with their unique operational realities. Tailoring is key; every organization and operation is different, so no cybersecurity solution should be “copy-pasted” from one environment to another. Yet, I still see this happening far too often.
By embedding industrial cybersecurity intelligence, we enable the integration of operational and cybersecurity risk management. We empower teams to work together, see together, act together, and decide together. That’s the power of industrial cybersecurity intelligence.
How should the cybersecurity sector prepare for a more connected, AI-influenced future that could benefit all Canadians?
In short, we need to go back to basics. We have homework to do. We must build strong foundations by creating future-ready organizations where innovation in technology is matched by innovation in cybersecurity practices. We can’t expect to protect tomorrow’s systems using yesterday’s cybersecurity solutions. Innovation in technology must drive innovation in cybersecurity.
The starting point is achieving operational visibility. This is the gateway to industrial cybersecurity intelligence and, ultimately, resilient, intelligent ecosystems. Operational visibility means having the ability to identify and extract data from operational environments and transform that data into actionable knowledge and intelligence.
Operational visibility sets the foundation for empowering cybersecurity and operational teams with the insights they need to manage risks and opportunities collaboratively, while continuously improving and innovating.
Finally, I’ll leave with this: innovation is my passion; I encourage everyone in industrial cybersecurity to challenge the status quo and question existing solutions, practices, and capabilities. We must innovate.
Be bold. Be creative. Be innovative.
More from Novkovic: Close International Cooperation Key to Ensuring Global Cybersecurity Standards