CAN DECADES OLD RAIL INFRASTRUCTURE BECOME CYBER SECURE?
In our last blog, we explored the recent growth in the rail industry as well as significant future projections. The global rail transport market reached a value of nearly $468.6 billion USD in 2020 and is expected to reach $658.4 billion USD in 2025 — a 7.0% increase compared to 1.5% growth from 2015 to 2020.
Along with market growth, we also noted a rise in usage of connected technologies and with that, an increase in the gap between rail and cybersecurity. In this blog let’s explore the current state of cybersecurity in the rail industry and find out whether it’s possible to bridge the gap, securing decades old critical infrastructure.
Rail Cybersecurity Awareness Research
In November 2020, the European Union Agency for Cybersecurity (ENISA) released its “Cybersecurity in Railways” report to raise awareness about the cybersecurity challenges faced by European railways. Based on data gathered over the last two years from operators of essential rail services in 21 EU Member States, it addressed numerous — and competing —priorities being faced by railways during this time of rapid change. It explained, “railway stakeholders must strike a balance between operational requirements, business competitiveness, and cybersecurity, while the sector is undergoing digital transformation.”
According to the report, the key cybersecurity challenges faced by the sector include:
- Low level of cybersecurity awareness among workers
- Conflicts between safety and cybersecurity requirements
- Procurement of cyber-enabled components in support of critical services
- Supply chain risks
- Support and integration of legacy systems
- Complex cybersecurity requirements
Also highlighting the need for action on cybersecurity in the railway industry, is an initiative by European railway stakeholders known as Shift2Rail. As part of their work, the group has identified best practices to leverage the benefits of the ISA/IEC 62443 standard. Additionally, the group is funding research into “Threat detection and profile protection definition for cybersecurity assessment” through a program known as CYRail, part of the EU’s Horizon 2020 research and innovation initiative. Among other goals, the program will analyze the threats targeting railway infrastructure and explore innovative technologies for attack detection and alerts.
It’s clear from the growing number of initiatives, that awareness of cyber risk is increasing, and stakeholders are realizing the importance of cybersecurity for critical infrastructure such as railways.
How can railways be protected from cyberattacks?
Railways are sophisticated systems, requiring multiple elements to operate in total synergy to keep services running safely and smoothly. An attack on any one of the elements can cause the entire system to come to a halt with a catastrophic impact. Due to the complex and inter-connected nature of rail systems, there are many exposed attack vectors and points of vulnerability. Solutions exist today and are evolving rapidly to detect threats and deploy protection.
Some areas for consideration:
- Interconnected systems: As the systems are so highly integrated, it is essential to deploy technologies such as firewalls that allow only certain protocols or nodes to communicate.
- Monitoring systems: The rail industry relies on automated, digital monitoring systems to keep trains running safely and smoothly. Therefore, a way to detect, analyze and respond to an attack in the monitoring systems is critical.
- Data collection: To improve services and safety, rail companies are collecting a large amount of analytics. This information could be valuable to a hacker. Secure storage and point-to-point encryption can help keep the data safe.
- Operations and Maintenance: It’s critical to identify failing or degrading components, or potentially a component exposed to an attack. Potential threats are diverse and constantly evolving; predicting novel threats is near impossible. However, using collected data and Machine Learning (ML) techniques, never-before-seen threats can be identified, analysed and protection scenarios developed through modelling.
- Digital access as an entry point: Rail systems, OT and IT, are in constant communication with potential external attack vectors e.g., via on-board infotainment systems, or digital ticket sales on mobile devices. It is essential to secure likely entry points for malicious attacks and on-board (IT) system failures that could impact operational systems. Operational systems can be protected using a variety of solutions including Firewalls and Intrusion Detection Systems.
How can you build your Cybersecurity strategy?
So, what is required to build a cybersecurity strategy? It’s important to understand the threat landscape before putting measures in place. Some initial steps:
- Identify the assets to be protected
- Understand the threat
- Identify vulnerabilities, possible points of malicious attack and system failure
- Evaluate current cybersecurity measures against latest threat information
- Improve current measures, implement new ones where required and drop measures that are no longer necessary
- Treat cybersecurity as a mission-critical process with continual evaluation and improvement ….. start again from the beginning!
If you have any questions or would like to discuss rail cybersecurity, please get in touch with Irdeto’s Connected Transport team who can provide in-depth insights, guidance and proven cybersecurity protection.