The first commercial railway systems were deployed in the 19th century. Since then, they have served as a key mode of transporting people and goods all around the world. While in the past, railways were controlled mainly by complex mechanical systems and relied heavily on the manual exchange of communications, modern railway systems have moved towards operating largely via digital components, taking the human factor out of the equation. Signaling systems have undergone significant advances to ensure that trains stay clear of each other at all times.

The following components demonstrate the technological sophistication of modern signaling systems:

1. Computer-Based Interlocking (CBI) - computerized systems that are in charge of overseeing trackside signals in a safe manner. Trackside signals consist of light signals, point machines, axle counters, and others.
2. Automatic Train Protection (ATP) -  computerized system that constantly monitors the speed of the train and activates the brakes in the event that the train moves faster than allowed by the signaling system. Newer systems also support Automatic Train Operation (ATO), which enables the full automation of train movement in addition to other safety capabilities.

These following components have been introduced to railways in different geographies and via different systems, but they all rely on similar foundations:

• The European ERTMS (European Rail Traffic Management System) introduces standardization to interfaces between the train ATP (called OBU) and trackside equipment (called RBC).
• The urban transit CBTC (Communication-Based Train Control) allows for a higher degree of automation and also supports shorter spacing between trains by introducing a concept called “Moving Blocks”, in which the train receives its braking curve dynamically and the stoppage distances are not fixed. This is in contrast to the older “Fixed Blocks” systems in which the blocks are predefined.
• The US-based PTC (Positive Train Control) mandate requires all trains to operate with ATP systems.

The biggest difference between railways and other modes of transportation is the requirement for complete synchronization between independent systems, onboard and trackside. The range of the components, often manufactured by different vendors, as well as the different levels of security and warranties, adds to the overall cybersecurity challenges.

A shift in mindset towards cybersecurity‍

While the foundation of railways has always been safety, we must now consider a new paradigm: cybersecurity.

Railway systems, which have been considered safe for decades, can now be compromised by newly introduced digital commands. The manipulation of such commands can cause collisions and other nightmare scenarios:

For example, changing the state of a railroad switch could merge tracks, which can cause two trains to collide; authorizing a train to move faster than allowed which can cause it to enter a block that is already occupied by another train or approach a level crossing that is occupied by crossing cars; or signaling a train to proceed when it needs to stop because it is getting too close to a level crossing or even to a train station.

There is another challenge that stems from the proprietary nature of railways. Since the systems include proprietary protocols and applications, it is impossible to effectively use off-the-shelf cybersecurity solutions against cyber threats.

For a security solution to be effective in the railway environment, it needs to be embedded with key principles of signaling and safe train movement and to take into consideration the variety of assets that are unique to the railway domain. Additionally, a cybersecurity solution for rail needs to properly distinguish between malicious activities and safe railway operations in order not to raise false positives, which can be debilitating. Rail availability and reliability are key priorities in railway operations and this industry cannot tolerate having its operations come to a complete halt, unless there is a critical reason to do so.

NTT and Cylus

Until recently, there were no cybersecurity solutions dedicated to the safety-critical networks in railway systems. NTT andC the leader in rail cybersecurity, recognized this critical gap. NTT joined forces with Cylus, which developed CylusOne - the first-to-market cybersecurity solution that meets the unique needs of the rail industry.

CylusOne safely connects to the signaling systems in a passive mode. Through deep-packet analysis of rail communications, it conducts an auto discovery and classification of all the assets and activities on the network in order to create a railway operational baseline. This baseline, combined with Cylus’ proprietary railway cybersecurity detection methods, allows to raise alerts regarding malicious activities in real-time. Furthermore, the real-time alerts for such malicious activities are supplemented with actionable insights, facilitating swift and effective responses to security incidents.

The need for effective and comprehensive cyber protection for rail’s unique systems and technologies is well understood by rail manufacturers and operators. A global leader in security services, NTT’s aim is to assist its clients in gaining the ability to meet challenges specific to their industry, including the growing levels of cyber threats.
‍

This article was originally published in this link