Cybersecurity breaches due to human error in Railways on the rise; IR should do away with ‘one-size-fits-all approach’

NEW DELHI: Cyber-attack has been a major issue for global rail operators, and it has been increasing the dependency on connected technology across the organization. Rail authorities have mechanisms in place which strengthen their cybersecurity posture, but these controls often lack a programmatic approach to securing the integrated communication systems (ICS) backbone. The path to success in railway cybersecurity begins with a logical, realistic counter measures. The approach can be enriched by making profound security analysis, functional audits, or the introduction of crisis management to minimize operational, financial and technical impacts. The proper architecture of the infrastructure will help to improve resilience. After all, it is essential to integrate safety into every aspect of the solution throughout its lifecycle.

At a time when rail networks are growing and becoming increasingly automated, railway cybersecurity is at the center of development. It is imperative for railway cybersecurity technologies to keep up with evolving attacks on the digital system. While new digital railways show great potential to protect trains from collisions, improve efficiency, and transport passengers faster and cheaper, cybersecurity threats show the darker side of the modern railway.

Potential Vulnerabilities in Railway Cybersecurity

A deeper look into the security of our digital railways may expose dangerous vulnerabilities. The surge in malicious acts in the railway space can be symptomatic of the security flaws that can be evident in the rail network. It is encouraged to be prepared as attacks are inevitable.

Railway systems are vulnerable to cyber-attacks due to the transition to ‘open-platform, standardized equipment built using commercial off-the-shelf components, and increasing use of networked control and automation systems that can be accessed remotely via public and private networks.’ These cyber-attacks are potentially leading to loss of service, serious injuries, and even passenger death. The National Institute of Standards and Technology (NIST)  Special Publication 800-82, revision 21, lists the following cyber-threats to ICS:

  • Blocked or delayed flow of information through ICS networks, which could disrupt the rail operation
  • Unauthorized changes to instructions, commands, or alarm thresholds, could damage, disable, or shut down equipment, create environmental impacts and/or endanger human life
  • Inaccurate information sent to system operators, either to disguise unauthorized changes or to cause the operators to initiate inappropriate actions, which could have various negative effects
  • Interference with the operation of equipment protection systems, which could endanger costly and difficult-to-replace equipment
  • Interference with the operation of safety systems, which could endanger human life

The signaling systems on most of the world railways are becoming more sophisticated with wireless technology and in-cab speed permitted displays. The European Rail Traffic Management System (ERTMS) uses the European Train Control System (ETCS) to transform the way the railway system operates. The Control System acts as automatic train protection, improving the capacity, safety, and operability of the railway. Yet the digitization of the railway opens the floor to discussions about cybersecurity – namely, the new railway’s exposure to digital hackers and cyber-attacks. Increased connectedness raises the bar for the impact of a cyber-attack.

Combating Railway Cybersecurity Breaches

In the face of increasingly complex cyber operations, passengers safety and securing rail operations and assets are the top priorities. it is necessary to develop, implement and maintain the right integrated solutions, resilient networks, and value-added services to protect sensitive information at any given time. Here are some ways how rail operators’ critical infrastructure can be optimally secured:

  • A monitoring tool represents a very productive way to detect, visualize, analyze and react to threats and vulnerabilities by combining all existing IT-based systems and tools in modules on one screen.
  • Educate rail operators on the potential dangers of railway cybersecurity breaches. Spread awareness of the issue and encourage railway operators to put systems in place to detect and prevent attacks, and to mitigate losses in the event of a security breach.
  • Addresses security breaches, such as those reported by the DHS, Transportation Security Administration (TSA), the US Computer Emergency Readiness Team (US-CERT) and their Industrial Control Systems Cyber Emergency Response Team (ICS-CERT)
  • Provision of supplemental services, like cyber threat intelligence and penetration tests to Identify the ‘weak spots’ where processes and IT systems converge.

In addition, it is critical to address operational systems, including dispatch, operations control center (OCC), maintenance yards, communications and control systems, signaling, radio communications, traction power, vital systems, safety-critical systems, operationally-critical systems, CCTV, PTC, CBTC, AVL, fire and life-safety systems, and any other unusual exposures that the operation may have.

As the digital railway continues to advance and grow more sophisticated, it is imperative for railway cybersecurity technologies to keep up with evolving attacks on the digital system. Thales Cyber Rail is an innovative, manufacturer independent tool for the protection of critical information infrastructures like those in operation  control centres. The tool offers a visualization framework that has been designed for graphically depicting information system architectures. It can be used to visualize any structured data.

Regardless of whether one is dealing with small or large organizations – the need for security intelligence is growing continuously. Every rail operator is faced with the daunting challenge of protecting its own infrastructure. In most cases, heterogeneous IT technologies and software solutions are used that result in diversified dissimilar data sets being produced. This is amplified by the enormous amount of data and events that are caused by an ever expanding number of devices, processes and services. Most institutions lack any accurate recognition of threats, as well as in depth knowledge in risk management. From the perspective of information security, it is a major concern for all managers to reduce the risk of possible loss of information and to safeguard smooth and stable railway operations.

Thales Cyber Rail is a tool for detecting, visualizing, analysing, and responding to threats, which brings together all existing IT-based systems and modular tools under one umbrella. The existing systems can still be used and will not be affected or made obsolete. The tool is cost effective and suitable for use in all critical infrastructures irrespective of their size and the scheme can be flexibly extended as required. The simulation of the infrastructure is performed in a clear and logical manner on several levels. The links between the levels represent those links that are logically vulnerable. In the event of an attack the operator is provided with comprehensive information, such as the representation of the possible attack vectors, thus enabling the appropriate responses to be taken. Forensic analyses can also be made. This tool is extremely versatile in its range of use. It is based on HTML5 which for example can be operated via tablet computers – anytime and from anywhere.

The tool can be used for all kinds of transport systems (railways, etc.). Moreover it can also be deployed for governmental bodies (military, police, national CERTs, etc.), energy infrastructures (power plants, etc.), telecommunications, financial institutions and health services, to give just a few examples. Cyber Rail is a tool made in Europe.