Cyber attack on railways and other transportation infrastructure is no longer a hypothetical scenario. Major railways across the US, Europe and Asia have already been hit with cyber attack. The combination of glaring vulnerability and grave potential to cause mayhem, economic damage and even loss of human lives, make railways around the world the perfect target for both economically motivated criminal groups and hostile station-state actors.
Railways at Risk of Cyber Attack
Though there is much variation, all modern railways use computer systems to monitor and manage the physical machinery (operational technology) of railways operation. These operational technologies (OT) converge with the IT networks, where they can easily be infected with malware. For most railways, cyber security consists mainly of commercial security products like simple firewalls and other government-approved antivirus tools. This is similar to the cybersecurity mechanisms in place at most small or medium-sized businesses, that are not critical to national security. This type of security may be adequate for some sectors, but it is nowhere near enough to keep a highly-targeted critical national transportation infrastructure protected from those who wish to do it harm. Many railway systems have already experienced cyber breaches, whether or not they admit so publicly. Those who are lucky enough to have skirted attacks so far know their time is running out.
OT Assets that Must Be Protected from Cyber Attack
There can be a dozen or more operational technology (OT) assets that, if compromised by a cyber attack, could cause major disruption to railway service. This includes the trains themselves, the station operations and infrastructure.
Railway Systems Vulnerable to Cyber Attack
Trains
Station Building Management
Infrastructure
Next-Generation Railway Cybersecurity
In many ways, it seems an insurmountable task to deploy next-generation cybersecurity on existing railways. The prevalence of and reliance on legacy systems, older equipment that is prohibitively expensive to upgrade, and the lack of visibility into what is happening on every endpoint node, do present a serious challenge, but it’s a challenge no government can afford to ignore.
Recently, a major metropolitan rail authority engaged Cyberbit to implement a comprehensive cybersecurity solution capable of protecting over 150 stations and hundreds of miles of tracks. Within just a few months, the entire OT network is monitored, creating actionable alerts about potential security threats and also non-security related operations malfunctioning.
Read the full case study: Cyberbit SCADAShield: Protecting Major Metro Rail System from Attackers