Railway Cybersecurity Breaches: Winning the Battle Against Cyber Criminals

2017 will be remembered in the history of technology for WannaCry, the ransomware cyber-attack that woke the world to the scale of cyber threats. The incident reminded us that every sector and industry is a potential target in the digital universe. Railways were among the unfortunate ones that learned it the hard way.

However, this was not the only instance in recent times when railways have been at the receiving end. In 2018, Rail Europe North America (RENA) suffered a 3-month long data breach, while Danske Statsbaner (DSB) had to contend with a Distributed Denial of Service (DDoS) attack – incidents that further highlight the vulnerability of railway systems to cybercrime. The fact that countries like the US, Germany, and Denmark failed to avert such attacks is indicative of the risk facing the less advanced countries.

Heeding the Signals

In 2008, a 14-year-old Polish school student studied the tramways system in Lodz, and developed a device using a TV remote control to modify track settings, change signals, and maneuver the vehicles as he wanted. The teenager’s prank derailed four vehicles and injured 12 people.

Back in 2015, the Honeytrain experiment had long revealed the eagerness of cyber criminals and miscreants to attack railways systems. In the 6-week long run, it recorded 2.7 million attacks on the virtual railway system that was created with basic security mechanism to gauge the extent of cyber risk.

These instances are just two examples of the diversity of the attacks, and shatters the long-held myth that the railways are not among the preferred targets of cyber criminals.

Jittery Junctions

Railways, as an industry, have been consistently leveraging the growing wave of technological innovations. These advancements have been predominantly in the area of operational technologies (OT), with customer demands playing a major role in shaping the implementation roadmap.

The rise in demand for 24x7 connectivity and access to every information and service at the tap of a button has emerged as a deciding factor in this direction. As railway operators start digitizing various functions and make their services available online to meet expectations, their inability to pay adequate attention to the synchronization and security of their legacy systems has resulted in a security gap. As the front-end upgrades continue to roll out, this gulf is widening.

Globally, railway operators are trying to facilitate a change-over from their legacy infrastructure. However, a rapid, and in most cases shortsighted, proliferation of smart sensors and IP-based applications in the railways infrastructure has precluded the transition from being organic. For every node and edge that gets added to the system, there is one more potential breach points in the infrastructure.

That said, the OT components, though advanced, are not readily compatible with the rapid evolution as they cannot be easily repurposed to face the challenges of the cyber world. On the other hand, the modification of existing devices or the development of new ones is a substantially time consuming exercise in the railway industry due to an extensive and rigorous verification and validation process.

Bringing Security on Track

The railways must now treat cybersecurity at a strategic level. It has become imperative to add a cybersecurity specialist at every layer of decision making, including the top leadership. This will ensure that the significance of holistic and preemptive security is duly considered at every stage of the project lifecycle.

Factoring in information security right from the beginning of a project is essential. The present or the proposed digital infrastructure must be thoroughly analyzed. Every edge and node in the railway’s IT infrastructure has to be dealt with as a potential opening for malware intrusion. In an industry where a breach can culminate into a life and death situation, no point can be treated as less important; implementing highest-end security across infrastructure is imperative. Verification and validation at every stage of development or overhaul of the system is mandatory to ensure that the recommendations have been adhered to. In this regard, tests must be carried upon separate components as well as upon the system post integration. Lastly, immediate implementation of patches and upgrades is necessary to close all crevices while reinforcing weak spots in the system.

Achieving all that will not be possible unless digital and OT components are merged seamlessly and brought in synchronization in terms of upgrades. A cutting-edge security system will be of little significance in an infrastructure dotted with insecure, legacy systems. Besides, it is necessary to limit the access points to the minimum; for example, only one for a train through a secure gateway and firewall. However, access to critical systems through end-user interfaces should be blocked at all costs. Finally, exhaustive and accurate documentation of the residual risk is essential as it will form the basis to forge preventive guidelines for operations and serve as points of consideration for future projects.

Rising Above the Threats

The global railways market is estimated to exceed $800 billion in worth by 2025 while the global cybercrime market is projected to surpass $90 billion in the same period. Connecting the dots for the future is not much difficult from here; given the railways projected growth, cyber-attacks on this industry can only be expected to increase and intensify. For railway operators in every country, the need of the hour is to assess their railway infrastructure holistically. The most critical points and the weakest links should be addressed on priority.

In this way, the entire infrastructure can be overhauled without affecting operations and facing increased vulnerability – challenges typically experienced during any transition.