What Are The Security Risks Facing Railways Today?

Railway systems have been in operation for more than 100 years, and have an excellent record of safety, on-time performance, and reliability. However, there are many threats in today’s world that could disrupt the modern rail system, and include physical and cyberattacks. To protect this critical component of the nation’s transportation infrastructure from railway security risks, the rail industry must add cyber security awareness and cyber defense measures to the traditional safety measures that have been used in the past.

Who Is A Threat To Railway Security Today?

The main threat to America’s railway systems does not come from home-grown vandals. Instead, the bad actors intent on disrupting this important mode of national transportation are much more devious and include:

  • Cyber criminals with financial motivation, and who use ransomware to try to extort money.
  • Criminals who are determined to disrupt or damage operations for reasons that do not include financial gain, such as terrorists and other politically motivated groups.
  • Insiders like disgruntled or terminated employees with access to critical operating and security systems.

Existing Threats To Rail Systems

The very nature of railway infrastructure makes rail and metro companies targets for cyber attacks. Railway security risks in the virtual realm include:

  • Increased dependence on technology to remotely monitor and control railway operations.
  • Long lifecycles for equipment and certification processes. Once a component of a system has been certified, it may already be obsolete from a cybersecurity perspective.
  • A highly distributed architecture of transportation systems.
  • Diversity of supply chain and technology.
  • Slow acceptance of the need to integrate physical security and cybersecurity within the railway industry.

More Potential Risks to the Railway Industry

In recent years, driver assistance and control systems have come to rely heavily on connectedness and communication. This dependence on technology has created new vulnerabilities and presents new opportunities for attack. If these weaknesses in operational technologies are exploited, it would be easy for a group of bad actors to create havoc by seizing control of the train – remotely.

Additionally, rail information systems face risks that are similar to those faced by websites, such as payment security or ticket validation. Hackers can access and hijack sensitive information if railway systems are not secure, including personal information and credit card information, especially with passenger rail lines.

Whether it is a passenger train or a commercial train, the possibility of a malicious attack to critical systems could have dramatic consequences. For example, in the case of driverless trains, if a train’s ability to communicate with its control center is interrupted in route (say, in the middle of a tunnel), passengers could experience an extremely unpleasant and tense situation.

Technology Creates New Risks In the Rail Industry

While technology has enhanced some aspects of the railway industry and improved efficiencies, it has also created new risks for the sector as a whole.

Ransomware attacks, for example, put railway networks at particular risk because rail companies often operate in environments that include both modern technology and legacy systems with inconsistent security controls. Additionally, connected technologies and AI present new risks. When technical monitoring systems are rendered unavailable, or data is altered or falsified by malevolent groups, there is a potential risk of damage to expensive equipment, undelivered services, and possibly even accidents.

While fifth generation mobile telecoms technology, or 5G, is significantly more secure than 4G networks, the infrastructure is not bulletproof or safe from manipulation. The railway industry must guard its vulnerable components against manipulation that would impact network performance and compromise the confidentiality, availability, and integrity of the critical networks that monitor and drive this necessary asset of our nation’s transportation sector.



To learn more about video surveillance options for railways, click here.