How to secure complex rail networks from digital threats

Israel Baron, VP of Customer Relations at Cervello, discusses the occasional but critical conflicts of balancing security and innovation.

Caption Credit:

Israel Baron, Customer Relations VP, Cervello

Like any organisation, railways look to reduce costs, increase efficiencies, streamline operations, and improve the customer experience. Digitalisation has proven to be one of the most effective ways to achieve these goals.

Part of the motivation to quickly advance in the digital space comes from a need to not only compete with other railway companies, but also with the rest of the transportation sector – all in the name of improving operations, the customer experience, and appeasing environmental concerns.

The opportunities to apply digitalisation in rail are extensive, such as consolidating all customer-facing operations into a single platform, installing sensors to track equipment efficiency, improving predictive maintenance, or combining all signalling systems into a single dashboard.

Israel Baron, Customer Relations VP, Cervello

Due to the volume of rail systems across signalling, IT, OT, IoT, rolling stock, communications, and more, the digitalisation potential is neverending. We can expect trains to eventually become completely autonomous and fully digital.

With convenience becoming more important than ever, passengers are showing a preference for rail rather than air travel. According to a 2022 survey by Opinium Research, two-thirds of business travellers from the UK to Europe prefer train travel, as do 77% of leisure passengers. 

In addition, the European Green Deal, a wide-ranging stimulus package focused on sustainability, is estimated to include €87.5bn in investment related to rail infrastructure.

The question security experts and rail organisations are now faced with is: how can rail digitalisation continue to progress while maintaining the highest standards of safety and security?

Digitalisation: safety and security

Threat actors have sufficient motivation to disrupt rail operations, from ransom extortion of freight and cargo carriers to nation-state attackers looking for media and political attention.

Digitalisation has expanded the attack surface in numerous ways.

Onboard Wi-Fi gives malicious actors a direct path into the OT network, which can result in opening doors when the cars are in motion; making the car hotter or colder by controlling the HVAC; tampering with the brake system and potentially causing a collision.

Third-party suppliers’ involvement in critical rail infrastructure puts the rail network at risk as these partners may have installed any volume of software and hardware over a decade or more, without the necessary update or patching.

Regular predictive and preventative maintenance procedures by OEMs have opened railways up to various vulnerabilities.

There is currently no cybersecurity certification requirement for suppliers in the rail industry, in contrast to the automotive industry. In November 2022, the rail network in Denmark was forced to shut down when its cloud provider was breached.

Regular predictive and preventative maintenance procedures by OEMs have opened railways up to various vulnerabilities due to their direct connectivity to the rail network whether remotely through laptops or onsite through flash drives.

Reliance on GSM telecommunication protocols, which haven’t been updated in more than 20 years, create the simplest attack opening for remote hackers.

Cybersecurity: safety and security work in sync

New digital systems are being regularly deployed, increasing the vulnerabilities in the hardware, software, and other interdependent systems. Meanwhile, various parties are involved in ensuring rail integrity is maintained, including OEMs and regulatory authorities.

The challenge becomes how to monitor the security of those new systems without tampering with the safety and reliability of rail operations.

Digitalisation and cybersecurity must go hand-in-hand. To continue to progress and innovate while avoiding the risk of a cyberattack, railways need to take a measured, proactive approach.

A few key strategies include performing risk and vulnerability assessments, preparing a cybersecurity plan that aligns with the digitalization roadmap, having complete visibility over third-party integrations, implementing a solution that continuously monitors and detects threats in real-time, and that can guide you through an incident with an effective and measured remediation and response.

While digitalisation of the rail sector shows no signs of stopping, it has introduced a substantial number of vulnerabilities.

Strengthening security during the digitalisation process requires a very close look at all of the software and systems across the IT, OT, IoT, signalling, communications, rolling stock, and subsystem components.

One new development to reduce the risk of digitalisation is the adoption of a Zero-Trust cybersecurity model, where each component must “prove” it’s trustworthy before any information is shared.

While digitalisation of the rail sector shows no signs of stopping, due to the complexity of the rail infrastructure, it has introduced a substantial number of vulnerabilities that need to be assessed.

By proactively addressing these you are not only enabling greater innovation and digitalisation of the railway, but you are also simultaneously strengthening the security of your operations.