The more beneficial or essential something is, the bigger the target on its back.

Case in point: as one of the most important – and increasingly digitized – components of our critical infrastructure, railways have had to endure many attacks from various threat actors in the physical and cyber realms.

In 2022, there was a physical attack on northern Germany’s Deutsch Bahn GSM-R communications infrastructure by unknown entities. A reported cyber-attack on a software supplier’s testing environment halted train operations in Denmark. In Belarus, hackers reportedly breached and damaged some of the country’s rail control systems. To name a few. 

This uptick in 2022 begs the question: what are the potential cybersecurity threats to our railway systems this year, and how can we stop them? Here are a few potential trends to consider for 2023. 

1. Adversaries are motivated and sophisticated 

To presume that the “hackers are winning” may be defeatist but not outlandish – hacking, in general, is “good business,” producing the 3^rd largest GDP worldwide just after the economies of the U.S. and China. In the railway sector, cybersecurity concerns have escalated due mainly to increased geopolitical tensions sparked by the Russia-Ukraine conflict and the overall global escalation in cyber-attacks.

The execution and frequency of these attacks indicate an expanding presence of highly knowledgeable and well-funded adversaries who understand how to target railways to generate “desired” outcomes specifically. The “success” of the malicious attacks in 2022 will likely inspire even more hacks throughout 2023. 

2. Rail suppliers will up their cybersecurity game 

A cybersecurity professional is only as good as the specialized defensive tools they have at their disposal. In 2023, rail suppliers – including rail integrators and managed security service providers – will seek out a more fine-tuned inventory of cybersecurity solutions that cover asset and vulnerability management, threat monitoring, and threat response, among others.

Rail operators will also look for cybersecurity solutions allowing cross-organizational utilization of security data gathered between security and rail operations teams.    

3. Rail cybersecurity regulations will become more prescriptive 

Considering the increasing sophistication and success rate of cyber-attacks, government regulations must be updated for the tumultuous years ahead. In 2022, Europe bolstered its cybersecurity regulations with a second set of NIS (Network and Information Systems) requirements. The U.S. published a third set of TSA (Transportation Security Administration) security directives. 

As attack methods improve and cybersecurity evolves, regulations, in turn, must advance to remain relevant and practical. If these latest protocols are insufficiently shielding our railways, we expect to see detailed revisions to these regulations or new ones altogether.  

4. New industry standards set by internal players will focus on bridging rail safety and cybersecurity 

In 2022, the International Electrotechnical Commission (IEC) began working on railway cybersecurity standard IEC 63452 to help rail operators and suppliers bridge the gap between physical safety and digital security. While it’s based on Technical Specification 50701, previously developed by CENELEC – Europe’s Committee for Standardization – the IEC version is planned to include all kinds of improvements to meet as many global regulations and operational needs as possible. We expect to see this type of industry cooperation and best practices grow.

We also anticipate cybersecurity requirements in new tenders to become more commonplace – it’s safe to assume that up to 90% of new rail system tenders will include mandatory cybersecurity requirements by the end of 2023.

5. A new category of rail-specific cybersecurity products will be increasingly recognized

Industry analysts and rail sector leadership are starting to define a distinct category of cybersecurity products explicitly designed to protect rail technology applications and network environments tailored to meet rail functional requirements and to incorporate detailed rail operational intelligence. 

Indeed, operators have already begun testing and adopting industry-specific rail cybersecurity tools. In 2023, the market will reach the next level of maturity as the growing recognition of this new category helps business leaders make a case for these types of solutions. 

The Future is Resilient

As the rail industry continues to adopt more automated and wireless technologies – both trackside and onboard – we can expect critical assets to be increasingly susceptible to malicious cyber-attacks that run the gamut from threatening passenger safety to disrupting service to causing severe economic damage. 

The incidents from this past year alone only highlight the critical need for top-notch cybersecurity protection for global railways – “security by obscurity” is no solution. The good news is that railways are on-track to a more cyber-resilient future.