Global demand for transport is growing rapidly. Given present trends, passenger and freight activity will more than double by 2050. This can also be seen in the following statistics:
- In the UK, passenger journeys increased 3%, and distance travelled increased 2.2% between 2018 and 2019.
- In 2019, rail passenger transport in the EU was estimated at 416 billion passenger-kilometers, up 3.4 % from the previous year — continuing the growth for the sixth consecutive year.
- In the UK, the total weight of goods carried showed an overall 3% increase (to 17.4 billion net ton kilometers) between 2017/18 and 2018/19.
Just a few years ago, the rail industry often relied on a complex and aging infrastructure and technology. In recent years, the industry has embraced connectivity to provide more suitable service and safety to meet these growing demands. At the same time, the frequency of cyberattacks on the connected transport industry shows rapid growth. The number of reported cases increases daily, ranging from security assessments by ethical researchers to real-world attacks by financially motivated hackers or those with malicious intentions.
Let’s look at the trends that have contributed to the ever-growing gap between technology and security and safety in the rail industry. While this problem emerged rapidly, fixing it may not be quite as easy.
THE EVER-GROWING GAP
Technology and trains
Most railway systems were established over a hundred years ago and rely on a massive, complex infrastructure. This means they were not designed to handle the demands their popularity has placed upon them.
In the mid-1900s, Centralized Traffic Control systems (CTC) were introduced. This involved using control centers to remotely control signaling systems. But it was the introduction of the internet in the 1980s that brought on massive change. While railways were not early adopters, since then, the transition from analogue, manual technologies to digital, automated technologies has been continuous.
Today, demand for railways is surging as the European Union is heavily investing in sustainable transport, which is also expected to get significant investment from the €750B COVID-19 recovery package. Germany alone is investing €12.7B in its rail network , while some other EU member states are considering banning short-haul flights in favor of rail. As real estate is limited and time to build new railways is significant, existing infrastructure needs to accommodate more rail traffic.
Connected technologies are key for enabling growth for the rail industry and cybersecurity is a necessary enabler. Even today, nearly all aspects of the railway system take advantage of connected technologies. Automated ticket sales and validation along with making scheduling information and other services available through mobile devices have drastically improved the user experience. At the same time, the operation and safety of railways has benefitted. By monitoring sensors on trains and tracks, potential problems are identified more easily, and repairs and maintenance can be carried out more efficiently.
The connectivity also permits the collection and usage of data. Studying the trends in the flow of riders can inform operators on how to optimize schedules and services to match their customers.
Rails and risks
With increased connectivity and dependence on digital technologies comes a rise in security and safety threats. Currently, IEC 62443 (Security for industrial automation and control system) is the main standard used for security, while the rail-specific adaptation CENELEC TS-50701 is in the works.
In 2015, a virtual rail system was set up to gauge the existing threat. Within six weeks, over 2.7 million attacks, from virtually every country, were identified.
- In November 2016, an attack targeted San Francisco’s light-rail system. The hack opened all station gates, allowing passengers to travel for free, while rendering ticket machines inoperable.
- In May 2017, the WannaCry attack incapacitated Germany’s rail network by shutting down its ticketing and information systems.
- In 2018, at least five major rail networks were victims of cyberattacks.
- Most recently in 2021, a cyberattack disrupted Iran’s national railway system, shutting down the system used for managing train schedules along with ticketing services.
Cyberattacks on rail systems are a reality.
The following aspects all add to the threats and risks to security and safety:
- Financially motivated attacks: Their goal may be to steal the intellectual property or, more commonly, prosper from blackmail. The weapon of choice is Ransomware.
- Malicious attacks: Attackers looking to damage rail operations can range from disgruntled, former employees to competing rail companies to politically motivated, state-sponsored attackers. The safety and, ultimately, the lives of passengers are at risk.
- Recreational and white-hat attacks: These attacks could be motivated by the challenge or desire to expose a problem. While they do not pose a significant safety risk, they could affect the reputation of a railway.
- Cybersecurity vulnerabilities: The new technologies implemented without added cybersecurity have drastically increased the attack surface. Wireless connections, used for activities like monitoring train speeds, regulating traffic signals, and controlling doors and brakes, can expose a network’s vulnerabilities.
- Human vulnerabilities: Many employees depend on access to operational systems to do their jobs. This introduces the possibility of human errors such as unintentionally introducing malware or falling victim to social engineering attacks.
- Infrastructure vulnerabilities: The equipment used changes slowly, creating a disconnect between modern technological components and archaic physical components. Safety mechanisms can be exploited; for example, manually or remotely activating the emergency brake.
- Maintenance vulnerabilities: The massive number of devices in trains and their expected lifetime introduce maintenance challenges. Many of them were not designed for internet connectivity and may not be easy to update. The lack of software asset management is also a problem.
The rail industry is growing in usage and connectivity. As one drives the other, the importance of cybersecurity will only increase. As the rail industry prospers, it becomes a more desirable target to increasingly skilled and equipped hackers and new demands are put upon aging, potentially difficult to replace infrastructure.
If you have any questions or would like to discuss rail cybersecurity, please get in touch with Irdeto’s Connected Transport team to learn more.