Meet Frank Schneider, our Main Line Signaling Cybersecurity expert!
How do you protect railway signalling systems against cyber-attacks? Frank Schneider, Cybersecurity Director at Thales’ Main Line Signalling, reveals the challenges and highlights the solutions.
Can you tell us about the work you are doing?
My job is taking care of cybersecurity for our main line railway signalling activities – specifically, the security of the products we ship to our customers. Railways are critical infrastructure and our customers have obligations under the EU’s NIS Directive. Our purpose is to create an additional security shell around the safety core so that the availability of the signalling is always at the required level.
What challenges do you face?
Railways traditionally relied on closed networks. Now the paradigm has shifted: signalling is becoming digital and we see more and more IP connectivity being put into railway infrastructure, along with increasing deployments of IoT (Internet of Things) devices. This creates huge opportunities, but it means there are new risks to be managed as well.
How do you manage those risks?
Firstly, you need to put encryption mechanisms in place. Secondly, you need to identify each device on the network. You also need to manage vulnerabilities: new ones are constantly emerging. When these are solved, you need to update within a reasonable time. Detection is a key capability. You need hardened operating systems and products that log what is going on. At Thales, our priority is to have “Security by Design” built into all of our products. If you buy the latest generation of an axle counter, for example, it already provides the required security capabilities.
How are threats detected?
The key is correlation. Are files being changed? Are people accessing the network? You need insights into what is happening. It’s not just about monitoring a single device, but all devices. Correlation needs to be done at network and solution level. This can be carried out either at a Security Operations Centre (SOC) if the customer has one, or supported by us.
Do you see SOCs becoming more common?
Some of our mature customers already have dedicated SOCs to support their IT operations. For customers who have not yet considered cybersecurity as an element of their business, there is an opportunity to provide a dedicated railway SOC to monitor their operational technology. This is a big step, but there is a strong case for considering this.
Are railway operators looking towards a gold standard of protection?
More and more customers are going in this direction. Some want to be protected against nation state attacks. This involves focusing not only on the technology, but also on the processes and the organisation itself – including the ability to anticipate attacks from within. This requires both technical and organisational expertise. The ability to respond to such attacks requires a significant budgetary commitment, too.
Signalling is evolving rapidly – what impact is this having on cybersecurity?
The trend is towards distributed intelligence. This means more remote devices, which adds an extra layer of complexity. One of the challenges that lies ahead is ensuring that remote critical infrastructure components are kept up to date, so that they are resistant to potential attacks. We also have to consider the fact that attacks can be launched from remote locations.
What big opportunities do you see over the next ten years?
Standardisation of security interfaces is one of the biggest opportunities. This allows us to leverage best practices from the wider security industry – for example, running vulnerability and patch management processes throughout the lifecycle. Budgeting for this will be crucial. Service contracts for cybersecurity can really help here.
What attracted you to railways?
This year, I will have been with the company for 25 years. For me, it is important to work in a sustainable business that provides a benefit for society as a whole. Running trains from A to B is the greenest way to travel. This is why I find the railway business so attractive.
How did you get involved in cybersecurity?
I studied information technology and started as a product manager within the railway business. Later, I did a second Masters in product engineering development, which I did alongside my work. I also assisted in the general management of one of the local business units where I learnt about the broader aspects of running the business. And when the opportunity came to lead our Cybersecurity department, I volunteered.
What is the most rewarding part of your job?
The best part is helping our people to achieve things and sharing expertise. Security has grown in stature in recent years – there is a strong community and a real collaborative spirit. It is also rewarding when customers approach us with challenges. How can we solve them? We work together and follow a common roadmap.
What background do people need to work in cybersecurity?
Studying information technology, information security or cybersecurity is definitely useful – these are directly related to the work we do. It also helps to be curious: cybersecurity is about figuring out how things work and putting the pieces together. There are a lot of tutorials online – have a look at Hack The Box, for instance, and try some challenges. Cybersecurity is a lifelong journey: if you are enthusiastic and willing to learn, it will keep you engaged throughout your working life.
Outside of work, what motivates you?
I like rock climbing, but it’s a bit harder to do once you have kids. I still get time for yoga. As a young person, I enjoyed constructing things with Lego – particularly building models without instructions. It’s a great way to learn about reverse engineering!
What’s your favourite train journey?
The panoramic train to the Swiss Alps is very enjoyable. Another one is Stuttgart to London. I haven’t done it yet – it takes longer than flying – but I would definitely like to try it.