In recent years, railway systems have been targeted by cyber campaigns waged by malicious actors in North America, Europe and Asia. While the sources of these attacks remain unknown, it is clear that we are in an era in which railway systems are becoming computerized, and railway executives should therefore seriously consider the associated cyber risks. This article will cover the evolution of cyber threats to railways, provide recommendations on how to address cyber risks within your railway organization, outline how to build your cybersecurity strategy and demonstrate how CylusOne can be deployed to protect railway systems.
Jun 30, 2020
The rise of cyber threats to railways
In 2018, Metrolinx, a railway operator in Toronto, announced that its network had beenbreached. This security incident is part of an increasing trend of breaches to railway companies. Railway companies, along with other critical infrastructure, are being targeted by threat actors, and are considered quality targets due to their central position in day-to-day life. Cyber-attacks on railway companies can have severe implications for safety and operations. These attacks can potentially have a devastating impact in large part due to the increasing trend of digitization in railway companies.
As part of ongoing efforts to increase the safety and efficiency of railway operations, basic railway technologies are constantly evolving, and new services and features are being introduced. A prime example is the introduction of computer-based interlocking, which has changed the traditional relay-based operation of signaling, and introduced digital protocols to execute commands. Another example is the introduction of continuous wireless communications such as GSM-R as the carrier channel for ETCS, in order to improve the precision and reduce latency of train control. Controllers and computers are at the heart of those new systems and as such, they can be vulnerable to cyber-attacks. Amid the rise of new technologies, an evolving threat landscape and the emergence of new regulations such as the NIS Directive, railway companies are building out their cybersecurity operations, with a focus on securing operational technologies.
How to start implementing railway cybersecurity
Awareness of cyber threats is the basic prerequisite to an organization’s effective implementation of a cybersecurity strategy. The next challenge railway companies face lies in the practicalities of implementing the strategy. We will share the pillars of the process, based on our experience in engaging forward-thinking railway companies that have already begun the process of establishing cybersecurity operations.
Build the right team
The first and the most important step in the process is appointing a dedicated team within the organization. The team should have the capability of understanding both railway operations and cybersecurity. These two areas were long distinct and were traditionally managed by different parts of organizations, but nowadays they are inextricably linked. Railway operations personnel are concerned with the safety and availability of the network. Cybersecurity personnel aim at eliminating weaknesses and vulnerabilities that can be exploited by malicious actors. Both worlds are frequently in conflict. Often, the best response for eliminating a potential cyber threat requires systemwide downtime. In addition, the essence of cybersecurity is using software with the most up-to-date versions, while in the railway environment it is practically impossible due to lengthy homologation processes. To achieve RAMS and cybersecurity, therefore, it is essential to establish clear channels of communication and cooperation between cybersecurity and railway operations, to ensure that concerns are being addressed and risks effectively managed.
Our experience shows that in order to get an organization aligned with its cybersecurity team, physical demonstrations of penetration testing in a lab or another stimulating environment can serve as a powerful motivator. Such demonstrations help make the cyber threat more tangible and specific.
Choose the right strategy
Once the cybersecurity team is established and has the capability of addressing both railway operations and cybersecurity, the next step is choosing a methodology which follows.
Fortunately, the cybersecurity domain includes a variety of methodologies that can be employed by the company, both on the system and product levels. One such methodology is ISO 27001, which deals with organizational risk management. While ISO 27001 is a good standard by which to build an Information Security Management System (ISMS), it does not help in tackling the cyber challenges of operational systems such as signaling systems, which are the crown jewel of railway infrastructure. The de facto standard chosen by most railway cybersecurity groups and operators is IEC 62443. This standard was originally developed for Industrial Automation and Control Systems (IACS) and takes into consideration the common characteristics of different stakeholders involved in their lifecycle: Product Developers, System Integrators and Asset Owners. Railway companies have their own unique characteristics, and therefore some of the requirements are hard to apply to IACS, which can cause confusion and inconsistency in the level of security between systems. Different working groups have been set up to address this issue, starting from CyRail by Shift2Rail, to the more recent WG 26 by CENELEC TC9X. Their goal is to bridge the gaps between IEC 62443 and the common railway environment – another step toward sound railway cybersecurity standards.
Choose the right technologies
The large scale and wide distribution of railway networks makes them hard to protect. While putting the right processes and procedures in place is a giant leap forward in terms of security, only technological solutions can effectively protect these large and complex networks. When considering the implementation of security solutions, it is crucial to consider some of the specific characteristics of the railway environment:
1. Long lifecycle - Railway systems can be deployed for more than 25 years. Therefore, it is important to ensure that security solutions that are deployed within the system will also be effective in 25 years-time. It is impossible to predict how cybersecurity will look in the distant future, but solution deployment must remain agile.
2. Impact on safety - Cybersecurity solutions often require active intervention in the network to eliminate threats when they rise. Such intervention can have an impact on existing safety mechanisms and should be evaluated as part of safety considerations.
3. Railway compatibility - Effective security solutions in the railway environment should understand railway “language” and provide the ability to protect against the threat landscape. Solutions originating from the IT domain or other industries may have difficulty adapting to railway protocols and systems and therefore may be of limited value at times. It is thus important to understand the scope of the security solution regarding the railway technologies it aims to protect.
CylusOne™ for Signaling
Cylus has developed its security solution, CylusOne™, to address the unique railway landscape. CylusOne manages the security risk of a network by providing protection against threats and offering visibility into a system’s key cybersecurity elements.
Railway System Visibility
CylusOne provides a complete and real-time view of the entire network with detailed information that covers all levels – from the network’s entire topology down to the granular level of each asset, including trackside devices, interlockings, management workstations and more. This in-depth visibility into the network eliminates blind spots, revealing asset connections and classifying redundant ones.
CylusOne determines the network’s real-time cybersecurity status by analyzing data that is captured passively, using deep packet inspection techniques without requiring prior information about the network.
To proactively detect cyber-attacks, CylusOne views the network as a whole, uncovering cases where safety is breached and service availability is affected. The ongoing security monitoring of all signaling systems, including ERTMS, CBTC, proprietary and legacy systems, as well as Traffic Management Systems (TMS), enables Cylus’ proprietary algorithms to immediately detect anomalies on the network.
CylusOne is augmented with feeds displaying the latest discoveries by Cylus’ rail cybersecurity research team. As a result, it can detect newly found rail signaling vulnerabilities and threats, providing accurate and up-to-date identification of cyber-attacks.
Real-time alerts for security events are supplemented with contextual, detailed information about the incident, such as the root cause and affected assets. These actionable insights, attached to the event alerts lead to swift analysis of events, enabling a timely response to the threat in order to remediate the risk or contain the attack. The mitigation instructions can also be fully customized to meet existing railway policies.
In short, Cylus’ visual, rail-oriented user interface enables rail professionals to clearly understand cybersecurity incidents and respond effectively.
The article was originally published in Signal + Draht magazine, German translation available here: https://eurailpress-archiv.de/SingleView.aspx?show=1720455
Download a PDF version of the article here >