With cyber-attacks against rail systems doubling yearly over the past five years, resulting in millions of Euros in estimated losses, rail engineering teams now face a broad and complex attack surface. Rail operators must therefore adopt new solutions to defend their networks against these new challenges.

‍

Here are five top cybersecurity challenges rail operators face in 2022.

‍

1. Most IT/OT security measures are ineffective in rail environments and lead to poor ROI

Rail operators that try to use IT or even OT security solutions in their environment quickly realize that they cannot deliver real security value. Those safeguards are insufficient due to the widespread use of proprietary, rail industry-specific communications (over 80% of all traffic). Installing tools that haven’t been intended for rail often results in massive hidden costs in the form of expensive safety approvals and long manual work that should be done to tune them from scratch. 

‍

2. Rail operational systems are difficult to patch due to safety constraints, which make them prone to common vulnerabilities

‍

Rail systems nowadays include off-the-shelf components such as Windows-based machines and Unix-based servers in widespread use. These systems are exposed to many known common vulnerabilities and require periodic patching and software updates to maintain a secure state, which is impossible by the nature of safety in rail. As a result, those components typically remain unpatched and pose a severe risk. 

‍

3. Insecure connections between rail safety-critical systems and support systems

Railway applications require connectivity between systems with different safety levels. A good example would be the link between CBTC zone controllers, Traffic Management Systems (TMS) to Interlocking systems for dispatching and continuous monitoring of train movement. Typically, these implementations lack proper security measures, thus exposing critical systems to penetration from unprotected networks.

‍

4. Train control is based on train-to-ground wireless communications, and therefore air gap does not exist

‍

Wireless train-to-ground communication performs train control rather than relying solely on visual signals. Most of the wireless technologies used in rail are using outdated encryption techniques and are potentially vulnerable to a wide array of risks that can lead to spoofing of malicious commands, disruption, and train hijacking. 

‍

5. Safety is in the DNA of the rail industry. Security is still not

The long lifecycle of rail systems, sometimes over 30 years, means that at any given point, the vast majority of the rail systems in the world were deployed at a time with less cyber awareness. In addition, the mindset in building rail systems is inclined toward safety, but security is still not part of the default DNA when building a rail system. As a result, you cannot make any assumptions about the system's security, unless you have explicitly tested it - in both your existing and future systems.

‍

Interested in learning more about rail cybersecurity challenges? Download our free e-book now.