Amir Levintal takes a look at the need for cybersecurity measures in the rail sector

Borrowing heavily from the title of the 80’s Martin comedy, when it comes to transportation, trains rank among the safest modes of travel. But when we take cybersecurity into account, trains are joining their peer modes of transportation in growing exposure to cyber risks.

But aren’t all methods of transportation in the 21st century equally exposed to cyber risk? After all, cars are effectively ‘computers on wheels,’ relying on a highly-detailed network of software to operate, which as a result expose them to potential hacks. Planes have been already proved to be vulnerable to cyber-attacks and, similar to trains, they are also a high-quality target from the threat-actor point of view.

While each type of transportation carries its own risks, trains also face threats that can be found both in cars and planes. As a result, cybersecurity for rail is a complex challenge.

On the fast track to vulnerabilities
Rail systems are intricate systems of infrastructure and trains that operate in synergy. An attack or compromise on one of its component can cause the entire system to grind to a halt. For example, trains receive permission to move (‘movement authority’) based on the movement of other trains along the track and the overall state of the infrastructure. If a false movement authority is insidiously provided by hackers, trains could run much faster than the infrastructure allows, triggering derailments and collisions.

Trains don’t have a steering wheel, but they are fully reliant on the route that the interlocking system, clears for them through the switches along the tracks. The interlocking is the system that is responsible for the safety of the movement on the tracks. More and more interlocking systems have been converted to computerbased interlocking over the years. If a computerbased- interlocking (CBI) is attacked, it might affect the safety, and particularly the synchronisation between the trains, switches and light signals. In the worst case, a train might enter into an occupied block and result in system-wide chaos, serious safety hazards, and even risks of train collisions.

Zooming-out from the trackside, the unprotected wireless channel being used by the signalling systems, as well as in remote monitoring, and maintenance channels, create a whole new set of potential open pathways for hackers. These channels might be accessed by skilled and determined actors looking to wreak havoc.

Should any component of the rail infrastructure be compromised, rail networks employ standard fail-safe mechanisms that stop train movement – automatically or manually by the driver. From a safety perspective, this is a substantial benefit – a foolproof system to prevent mishaps and loss of life. But, given this robust safety standard, intentional and repeated cyber-attacks would mean a literal standstill in service.

In a way, cyber-threats are similar for planes as they are for trains, and new connected technologies in both systems are raising cyber concerns. The lifespan of rail and planes is substantially long, enduring at least for 30 years. While built with safety in mind, cybersecurity is a relatively new concept, which was not addressed in the design of into these legacy systems.

An estimated 1.7 billion passengers travel via rail each year, with millions of commuters getting to and from work each day. The railways also provide the infrastructure for billions in annual commerce, making them highly appealing targets for malicious actors who want to cause a high-profile impact. This further emphasises the critical need for implementing rigorous cybersecurity protections.

Paving new routes for a safer future
These threats have not gone unnoticed by regulators. Measures such as the European Union’s Network and Information Systems (NIS) Directive, which requires EU member states to enact robust cyber regulations for critical infrastructure networks – including railways – represent a positive step forward in addressing the cyber challenges confronting rail operators. It also acknowledges the urgent need to erect potent defences around such sensitive, highly connected systems.

Uniquely vulnerable networks require unique, tailored approaches to cybersecurity protection, with real-time monitoring, clear protocols for managing cyber risks and thwarting attacks, as well as ongoing informationsharing with key stakeholders. Anything less could derail public trust in the rail industry.

Amir Levintal is CEO at Cylus. Cylus is a pioneer in protecting railway and metro systems from a growing number of cyber threats. Founded by IDF veterans from an elite technological intelligence unit, the company’s innovative software solution enables rail companies to detect cyber threats in their operational network – including signalling and onboard systems – and prevent attacks before any damage takes place.