Railway systems have been in operation for more than 100 years, and have an excellent record of safety, on-time performance, and reliability. However, there are many threats in today’s world that could disrupt the modern rail system including physical and cyberattacks. To protect this critical component of the nation’s transportation infrastructure from railway security risks, the rail industry must add cyber security awareness and cyber defense measures to the traditional safety measures that have been used in the past. With that being said, the need for critical infrastructure surveillance continues to grow.
Who Is A Threat To Railway Security Today?
The main threat to America’s railway systems does not come from home-grown vandals. Instead, the bad actors intent on disrupting this important mode of national transportation are much more devious and include:
- Cybercriminals with financial motivation, and who use ransomware to try to extort money.
- Criminals who are determined to disrupt or damage operations for reasons that do not include financial gains, such as terrorists and other politically motivated groups.
- Insiders like disgruntled or terminated employees with access to critical operating and security systems.
Existing Threats To Rail Systems
The very nature of railway infrastructure makes rail and metro companies targets for cyber attacks. Railway security risks in the virtual realm include:
- Increased dependence on technology to remotely monitor and control railway operations.
- Long lifecycles for equipment and certification processes. Once a component of a system has been certified, it may already be obsolete from a cybersecurity perspective.
- A highly distributed architecture of transportation systems.
- Diversity of supply chain and technology.
- Slow acceptance of the need to integrate physical security and cybersecurity within the railway industry.
More Potential Risks to the Railway Industry
In recent years, driver assistance and control systems have come to rely heavily on connectedness and communication. This dependence on technology has created new vulnerabilities and presents new opportunities for attack. If these weaknesses in operational technologies are exploited, it would be easy for a group of bad actors to create havoc by seizing control of the train – remotely.
Additionally, rail information systems face risks that are similar to those faced by websites, such as payment security or ticket validation. Hackers can access and hijack sensitive information if railway systems are not secure, including personal information and credit card information, especially with passenger rail lines.
Whether it is a passenger train or a commercial train, the possibility of a malicious attack on critical systems could have dramatic consequences. For example, in the case of driverless trains, if a train’s ability to communicate with its control center is interrupted in route (say, in the middle of a tunnel), passengers could experience an extremely unpleasant and tense situation.
Technology Creates New Risks In the Rail Industry
While technology has enhanced some aspects of the railway industry and improved efficiencies, it has also created new risks for the sector as a whole.
Ransomware attacks, for example, put railway networks at particular risk because rail companies often operate in environments that include both modern technology and legacy systems with inconsistent security controls. Additionally, connected technologies and AI present new risks. When technical monitoring systems are rendered unavailable, or data is altered or falsified by malevolent groups, there is a potential risk of damage to expensive equipment, undelivered services, and possibly even accidents.
While fifth-generation mobile telecoms technology, or 5G, is significantly more secure than 4G networks, the infrastructure is not bulletproof or safe from manipulation. The railway industry must guard its vulnerable components against manipulation that would impact network performance and compromise the confidentiality, availability, and integrity of the critical networks that monitor and drive this necessary asset of our nation’s transportation sector.
To learn more about video surveillance options for railways, click here.
Brent CanfieldCEO and Creator of SentryPODS
Brent Canfield, CEO, and founder of Smart Digital and SentryPODS, founded Smart Digital in 2007 after completing a nine-year active-duty career with the United States Marine Corps. During the 2016 election cycle, he provided executive protection for Dr. Ben Carson. He has also authored articles for Security Info Watch.