Are Our Digital Railways Secure?
Smart technology gave rise to the digital railway in the U.K. – a connected infrastructure that uses wireless technology and computerized cabs to transform the way the rail operates. While new digital railways show great potential to protect trains from collisions, improve efficiency, and transport passengers faster and cheaper, recent cybersecurity threats have shown the darker side of the modern railway. A deeper look into the security of our digital railways may expose dangerous vulnerabilities.
Potential Weak Spots in Railway Cybersecurity
The European Rail Traffic Management System (ERTMS) uses the European Train Control System to transform the way the railway system operates. The Control System acts as automatic train protection, improving the capacity, safety, and operability of Europe’s railways. Yet the digitization of the railway opens the floor to discussions about cybersecurity – namely, the new railway’s exposure to digital hackers and cyberattacks.
In 2016, the U.K. Department for Transport released a guide called “Rail Cyber Security.” In this document, the department noted that railway systems are vulnerable to cyberattacks due to the transition to “open-platform, standardized equipment built using commercial off-the-shelf components.” The guide states a concern for the cybersecurity of ERTMS and other on-train systems because of the increasing use of systems accessible through public and private networks.
The railway sector has become a target for terrorists and hackers around the world – potentially leading to loss of service, serious injuries, and even passenger death. In 2015, there were at least four notable cybersecurity breaches of the digital railway system, according to the cybersecurity experts at Darktrace, the private cybersecurity company responsible for the majority of the U.K.’s network. While it appears these breaches were exploratory rather than violent in nature, they pose questions about the safety of the network.
Efforts to Combat Cybersecurity Breaches
In the face of increasingly complex cyber operations, the Network Rail assures passengers that safety and security are top priorities. A spokesperson stated the company was working closely with the government and security services to combat cyber threats. For example, the Network Rail has launched a multiyear project to respond to mounting cyber threats. The Rail described the nature of this project in the 2016 Rail Cyber Security document. The measures the Rail plans to take to combat cyber hackers include:
- Increase awareness regarding railway security.
- Improve employee training, as well as company policies, and procedures.
- Implement risk assessment and management systems.
- Encourage communication and cooperation between different organizations.
- Putting security measures in place at interfaces between systems.
- Install specific protection measures to prevent cyber attacks.
Most important, the Network Rail wants to educate railway workers and operators on the potential dangers of cybersecurity breaches. The Rail seeks to spread awareness of the issue and encourage railway operators to put systems in place to detect and prevent attacks, and to mitigate losses in the event of a security breach. As the digital railway continues to advance and grow more sophisticated, it is imperative for cybersecurity technologies to keep up with evolving attacks on the digital system.