Skip to main content
Home

Search

Header (Main)
Industry
Mobility Mobility
Automotive
Vehicle Electrification

Vehicle Electrification

Explore
Aerospace Engineering
Optimized Aircraft Downtime and Overhead Costs for a Leading Global Airline with Automated Analytics

Optimized Aircraft Downtime and Overhead Costs for a Leading Global Airline with Automated Analytics

Explore
Rail Transportation
Railway Track Inspection System

Railway Track Inspection System

Explore
Trucks & Off-Highway Vehicles
On the Road to Connected Mobility: An ER&D Perspective

On the Road to Connected Mobility: An ER&D Perspective

Explore
On the Road to Connected Mobility

On the Road to Connected Mobility: An ER&D Perspective

Explore
Sustainability Sustainability
Discrete Manufacturing & Industrial Products
Building Technology & Smart Infrastructure
Electrical Power and Controls
Industrial Machinery
Unlock the future of manufacturing with Factories of the Future

Unlock the future of manufacturing with Factories of the Future

Explore
Process Manufacturing
Oil & Gas
Chemicals
FMCG
ISG Provider Lens™ 2024: Oil and Gas Industry Services and Solutions

ISG Provider Lens™ 2024: Oil and Gas Industry Services and Solutions

Explore
L&T Technology Services and bp sign multi-year engineering services partnership

L&T Technology Services and bp sign multi-year engineering services partnership

Explore
Tech Tech
HiTech
Consumer Electronics
Media & Entertainment
NexGen Comms
Semiconductors
L&T Technology Services Secures $50 Million Deal as a Strategic Partner from a global Network Provider

L&T Technology Services Secures $50 Million Deal as a Strategic Partner from a global Network Provider

Explore
MedTech
Revolutionizing Endoscopy with Software-Defined Innovation in Collaboration with NVIDIA

Revolutionizing Endoscopy with Software-Defined Innovation in Collaboration with NVIDIA

Explore
Public Infrastructure & Smart Cities
Integrated Smart Surveillance Project

Integrated Smart Surveillance Project

Explore
Software & Platforms
LTTS & SymphonyAI to provide AI-based transformation

LTTS & SymphonyAI to provide AI-based transformation

Explore
Services
Digital Engineering & Consulting Digital Engineering & Consulting
Artificial Intelligence
Cybersecure
Security Monitoring
Security Services
Security Solutions
Immersive Experiences
Industry 4.0
Product Consulting
Sustainability Engineering
Sustainable Smart World
5G
LTTS Completes Acquisition of Intelliswift

LTTS Completes Acquisition of Intelliswift

Explore
Product Engineering Product Engineering
Software Engineering
Cloud Engineering
DevOps
Engineering Analytics
Immersive Experiences
Sustenance & Maintenance
User Experience
Voice Innovations
Embedded Engineering
Embedded Systems
Sustenance
VLSI
Wearables Engineering
Mechanical Design
CAE & CFD
CAx Automation
Testing & Validation
Integrated Design, Validation & Testing
Lab as a Service
Testing
Enabling a Paradigm Shift in Testing An LTTS AI Perspective

Enabling a Paradigm Shift in Testing An LTTS AI Perspective

Explore
Manufacturing Engineering Manufacturing Engineering
Smart Manufacturing
Accelerated Operations
Digital Factory & Simulations
Plant Design & Engineering
Supply Chain Engineering
Sourcing & Procurement
Manufacturing & Planning
Accelerated Operations
Digital Factory & Simulations
Line Expansion & Transfer
Manufacturing Automation
New Product Development
Plant Design & Engineering
PLM on Cloud
Manufacturing Execution
Agile Supply Chain
Content Engineering
Material & Parts Management
Sourcing & Procurement
Asset Reliability Centre

Asset Reliability Centre

Explore
Plant Engineering Plant Engineering
CAPEX Project E/EPCM Services
Operational Excellence
Plant Sustenance & Management
Material & Parts Management
Regulatory Compliance Engineering
ISG Provider Lens™ 2024: Oil and Gas Industry Services and Solutions

ISG Provider Lens™ 2024: Oil and Gas Industry Services and Solutions

Explore
Solutions
AiCE
AiKno®
AnnotAI
ARC
Asset Health Framework
CHEST-rAi™
Connected Security
EDGYneer
ESM
EvQUAL
FlyBoard®
Fusion
i-BEMS
Nliten
nBOn
PSM
SafeX
Semiconductor IP
Sensor & Gateway Solution
UBIQWeise 2.0
Insights
Analyst Reports
Blogs
Brochures
Case Studies
eBooks
Events
PoVs
Webinars
Whitepapers
Careers
About Us
Accolades
Alliances
Analysts
Board of Directors
CSR
Engineer At Heart
Engineering The Change
Investors
Nearshore Centers
News & Media
Quality Management
Corporate Sustainability
Testimonials
Contact
Header (Secondary)
Search
Mail
Country
EN
DE
JP
HE
Contact

Breadcrumb

  1. Blogs
  2. Industry
  3. Railway Cybersecurity Breaches: Winning the Battle Against Cyber Criminals

Railway Cybersecurity Breaches: Winning the Battle Against Cyber Criminals

Niranjan Keer
Niranjan Keer

Architect, Aerospace & Rail

Mobility

Published on 22 Mar 2019

min read

Railway Cybersecurity Breaches: Winning the Battle Against Cyber Criminals

2017 will be remembered in the history of technology for WannaCry, the ransomware cyber-attack that woke the world to the scale of cyber threats. The incident reminded us that every sector and industry is a potential target in the digital universe. Railways were among the unfortunate ones that learned it the hard way.

However, this was not the only instance in recent times when railways have been at the receiving end. In 2018, Rail Europe North America (RENA) suffered a 3-month long data breach, while Danske Statsbaner (DSB) had to contend with a Distributed Denial of Service (DDoS) attack – incidents that further highlight the vulnerability of railway systems to cybercrime. The fact that countries like the US, Germany, and Denmark failed to avert such attacks is indicative of the risk facing the less advanced countries.

Heeding the Signals

In 2008, a 14-year-old Polish school student studied the tramways system in Lodz, and developed a device using a TV remote control to modify track settings, change signals, and maneuver the vehicles as he wanted. The teenager’s prank derailed four vehicles and injured 12 people.

Back in 2015, the Honeytrain experiment had long revealed the eagerness of cyber criminals and miscreants to attack railways systems. In the 6-week long run, it recorded 2.7 million attacks on the virtual railway system that was created with basic security mechanism to gauge the extent of cyber risk.

These instances are just two examples of the diversity of the attacks, and shatters the long-held myth that the railways are not among the preferred targets of cyber criminals.

Jittery Junctions

Railways, as an industry, have been consistently leveraging the growing wave of technological innovations. These advancements have been predominantly in the area of operational technologies (OT), with customer demands playing a major role in shaping the implementation roadmap.

The rise in demand for 24x7 connectivity and access to every information and service at the tap of a button has emerged as a deciding factor in this direction. As railway operators start digitizing various functions and make their services available online to meet expectations, their inability to pay adequate attention to the synchronization and security of their legacy systems has resulted in a security gap. As the front-end upgrades continue to roll out, this gulf is widening.

Globally, railway operators are trying to facilitate a change-over from their legacy infrastructure. However, a rapid, and in most cases shortsighted, proliferation of smart sensors and IP-based applications in the railways infrastructure has precluded the transition from being organic. For every node and edge that gets added to the system, there is one more potential breach points in the infrastructure.

That said, the OT components, though advanced, are not readily compatible with the rapid evolution as they cannot be easily repurposed to face the challenges of the cyber world. On the other hand, the modification of existing devices or the development of new ones is a substantially time consuming exercise in the railway industry due to an extensive and rigorous verification and validation process.

Bringing Security on Track

The railways must now treat cybersecurity at a strategic level. It has become imperative to add a cybersecurity specialist at every layer of decision making, including the top leadership. This will ensure that the significance of holistic and preemptive security is duly considered at every stage of the project lifecycle.

Factoring in information security right from the beginning of a project is essential. The present or the proposed digital infrastructure must be thoroughly analyzed. Every edge and node in the railway’s IT infrastructure has to be dealt with as a potential opening for malware intrusion. In an industry where a breach can culminate into a life and death situation, no point can be treated as less important; implementing highest-end security across infrastructure is imperative. Verification and validation at every stage of development or overhaul of the system is mandatory to ensure that the recommendations have been adhered to. In this regard, tests must be carried upon separate components as well as upon the system post integration. Lastly, immediate implementation of patches and upgrades is necessary to close all crevices while reinforcing weak spots in the system.

Achieving all that will not be possible unless digital and OT components are merged seamlessly and brought in synchronization in terms of upgrades. A cutting-edge security system will be of little significance in an infrastructure dotted with insecure, legacy systems. Besides, it is necessary to limit the access points to the minimum; for example, only one for a train through a secure gateway and firewall. However, access to critical systems through end-user interfaces should be blocked at all costs. Finally, exhaustive and accurate documentation of the residual risk is essential as it will form the basis to forge preventive guidelines for operations and serve as points of consideration for future projects.

Rising Above the Threats

The global railways market is estimated to exceed $800 billion in worth by 2025 while the global cybercrime market is projected to surpass $90 billion in the same period. Connecting the dots for the future is not much difficult from here; given the railways projected growth, cyber-attacks on this industry can only be expected to increase and intensify. For railway operators in every country, the need of the hour is to assess their railway infrastructure holistically. The most critical points and the weakest links should be addressed on priority.

In this way, the entire infrastructure can be overhauled without affecting operations and facing increased vulnerability – challenges typically experienced during any transition.

Relevant Blogs

Intelligent Homes: A Revolution in Domestic Life
Transforming Digital Health Ecosystems — Challenges Toward Ensuring Security, Privacy, and Trust
How Product Companies Can Leverage Service Companies to be More Effective and Efficient?
Explore All

Stay Relevant With Us

Subscribe to our blogs

Niranjan Keer
Niranjan Keer

Architect, Aerospace & Rail

Niranjan Keer, is a seasoned engineer with extensive experience in architecture and development of multiple embedded systems. Niranjan has over 16 years of industrial work experience within the development of safety critical products and guided teams for independent V&V activities.

In his current role as Architect at Larsen & Toubro Technology Services (LTTS), leads the embedded Rail group. This group leads all the embedded hardware, software and V&V activities for on-board and way-side devices including the use of IoT in rail domain.

Footer Navigation
  • Industry
    • Mobility
      • Aerospace Engineering
      • Automotive
      • Rail Transportation
      • Trucks & Off-Highway Vehicles
    • Sustainability
      • Discrete Manufacturing & Industrial Products
      • Process Manufacturing
    • Tech
      • Consumer Electronics
      • MedTech
      • Media & Entertainment
      • NexGen Comms
      • Semiconductors
      • Software & Platforms
      • Public Infrastructure & Smart Cities
  • Services
    • Digital Engineering
      • Artificial Intelligence
      • Cybersecure
      • Security Monitoring
      • Security Solutions
      • Security Services
      • Immersive Experiences
      • Industry 4.0
      • Product Consulting
      • Sustainability Engineering
      • Sustainable Smart World
      • 5G
    • Product Engineering
      • CAE & CFD
      • CAx Automation
      • Software Engineering
      • Cloud Engineering
      • DevOps
      • Embedded Systems
      • Engineering Analytics
      • Integrated Design, Validation & Testing
      • Lab as a Service
      • Sustenance
      • Testing
      • Testing & Validation
      • User Experience
      • VLSI
      • Voice Innovations
      • Wearables Engineering
    • Manufacturing Engineering
      • Accelerated Operations
      • Agile Supply Chain
      • Content Engineering
      • Digital Factory & Simulations
      • Line Expansion & Transfer
      • Manufacturing Automation
      • New Product Development
      • PLM on Cloud
      • Plant Design & Engineering
      • Sourcing & Procurement
    • Plant Engineering
      • CAPEX Project E/EPCM Services
      • Material & Parts Management
      • Operational Excellence
      • Plant Sustenance & Management
      • Sourcing & Procurement
      • Regulatory Compliance Engineering
  • Engineering The Change
  • Careers
  • Engineer at Heart
  • Resources
  • Solutions
    • AiCE
    • AiKno®
    • AnnotAI
    • ARC
    • Asset Health Framework
    • CHEST-rAi™
    • Connected Security
    • EDGYneer
    • ESM
    • EvQUAL
    • FlyBoard®
    • Fusion
    • i-BEMS
    • Nliten
    • nBOn
    • PSM
    • SafeX
    • Semiconductor IP
    • Sensor & Gateway Solution
    • UBIQWeise 2.0
  • About Us
    • Accolades
    • Alliances
    • Blogs
    • Board of Directors
    • Careers
    • CSR
    • Events & Webinars
    • Investors
    • Media Kit
    • Nearshore Centers
    • News & Media
    • Quality Management
    • Resources
    • Corporate Sustainability
    • Testimonials
LTTS
  •  Twitter
  •  LinkedIn
  •  YouTube
  •  Facebook
  •  Instagram
  • Copyright & Terms
  • Privacy
  • Sitemap
  • info@ltts.com

© 2025 L&T Technology Services Limited. All Rights Reserved.