Of all the industries facing rising cybersecurity concerns, the rail industry isn’t one that readily springs to mind.

In recent years, malicious actors have widened their crosshairs, focusing not only on individual businesses and sectors, but on critical infrastructure such as power grids, water supply, and transportation networks. The modernization of these infrastructures has made them more reliant on an interconnected network of devices, but what gains are made in terms of efficiency often come at the cost of security.

Railway operators have been using specialized networks for communication and signalling for decades. Unlike the public networks we use daily, these are closed systems designed for safety and reliability. However, with the modernization of services, these OT (operational technology) systems have become increasingly centralized and integrated. The primary purpose of these networks is to ensure seamless communication between trains and control centers. For instance, signalling is used to communicate speed limits and track changes, and any disruption or manipulation of such a system can have catastrophic consequences.

A recent report by the European Union Agency for Cybersecurity (ENISA) observed that cyberattacks on transportation networks in EU member states increased steadily between 2021 and 2022, with the aviation and rail sectors experiencing the greatest increase. In the railway sector, incidents almost exclusively targeted critical OT systems such as signalling and the IT systems of those responsible for managing them.  Hacktivist groups have also been conducting DDoS attacks against railway companies at an increasing rate, exacerbated by Russia’s invasion of Ukraine.

The Threat of Signalling Hacking

Recent developments have demonstrated beyond doubt that railway signalling systems are not immune to cyberattacks. State-sponsored attacks on rail systems have been identified, with certain services even training individuals to spoof or fake signalling messages. Such attacks can instruct a train to travel at unsafe speeds, potentially leading to accidents. These threats are not theoretical; they are real and imminent. For instance, leaked files have revealed that certain entities have identified ways to infiltrate systems and fake these critical messages, usually as part of a state-sponsored attack.

As geopolitical tensions increase and the war in Ukraine rages on, the potential for cyberattacks on railway systems has become a case of “when” rather than “if”, with operators being pressured to adapt their security posture accordingly.

In March 2022, Italian state railway, Ferrovie dello Stato Italiane, faced a ransomware attack that resulted in customers not being able to buy tickets. More serious incidents, where OT systems and networks are affected, also occurred later in the year. Danish train operator, DSB, was subject to a DDoS attack on its IT systems which resulted in severe service disruptions, including the inaccessibility of a safety-critical IT system that handled signalling. Such incidents are likely to increase with the growing capabilities of threat actors and the rising threat of state-sponsored attacks.

All Aboard: The Need for Better Regulation

It isn’t just railway operators that are showing concern. Recognizing the gravity of the situation, governments and regulatory bodies are now working on the rollout of new legislation to shore up the security of their transportation networks. In Europe, for instance, new directives mandate railway operators to comply with cybersecurity standards. The Network and Information Systems (NIS) Directive and the Cybersecurity Act now apply to all railway operators, defining the criteria and requirements that IT systems must meet in order to be certified as secure and trustworthy.

These regulations are not just guidelines; they are mandatory. Non-compliance can result in significant fines and penalties. The goal is to ensure that all railway operators are equipped to handle modern threats and can safeguard their networks against potential attacks. The challenge many rail operators are now facing is understanding these new regulations and what is required of them from a cybersecurity perspective.

Getting On the Right Track

When addressing cybersecurity in the rail sector, it’s essential to understand the risk matrix. Current regulations mandate rail operators to conduct risk analyses, pinpointing potential vulnerabilities and devising strategies to mitigate or avoid them. It’s down to rail operators themselves to find a solution that offers these capabilities. For instance, deploying a cybersecurity solution that offers full visibility into the railway’s operational network will allow for the detection of unauthorized or fake systems that may be plugged into the network. Its capabilities may extend to automatically identifying a wide range of attack scenarios, ensuring that potential threats are promptly flagged.

Depending on the severity and nature of the threat, rail operators will require a system that can either automatically counteract the attack or guide operators in a security operation center (SOC) with precise steps to manually block or mitigate it.

The importance of network visibility cannot be overstated. Rail operators will need a solution that offers a detailed overview of their infrastructure at a granular level. This is particularly crucial given that some components in railway infrastructure can be decades old and might not be immediately recognized as potential vulnerabilities. By addressing both the modern and legacy elements of the railway network, operators can ensure a holistic protection strategy that aligns with global standards and regulatory requirements.

As we move forward, the importance of railway signalling security cannot be overstated. The threats are real, and the potential consequences are devastating. However, with the right focus on technology, regulation, and visibility, operators can ensure that the railway infrastructure they oversee remains safe for the transportation of goods, materials and – most importantly – people.

This article was provided by VIAVI Solutions.
source= https://railway-news.com/railway-cybersecurity-the-rising-threat-to-signalling-systems/