Could your train journey be in the crosshairs of hackers? This question would have seemed unthinkable a decade ago. Yet research shows that railways are increasingly targeted by malicious actors.  

The past four years have witnessed an upsurge in cyberattacks against the rail sector. Between November 2016 and February 2020, there were at least nine major attacks against networks in Europe and North America. Both metro and main line railways were targeted. 

The consequences of these attacks included widespread travel delays, ransom demands, data theft and reputational damage. Ticketing, video surveillance, passenger information and back office systems were disrupted. In each case, hackers struck without warning – and vanished without a trace.

Who are the attackers?

The rail sector faces threats from four different groups of actors. Advanced Persistent Threats (APTs) present the greatest danger. APTs are politically or ideologically motivated and often state sponsored. Critically, this group is highly skilled and well resourced. Objectives include espionage, theft and disruption. 
 
Less sophisticated but more common are cybercriminals. This group is motivated by financial gain rather than ideology. Attacks typically take the form of ransom demands (using malware such as WannaCry) or data theft.

Hacktivists also pose a threat. Like APTs, they are motivated by ideology. Hacktivists include both groups and individuals, and their objectives include website defacement, information theft and leaks.

Although their prevalence is low, cyberterrorists are a growing concern for the transport sector. This group is also driven by ideological goals. The difference between cyberterrorists and other groups is that their objectives include the destruction of human life and infrastructure. 

Emerging vulnerabilities

Malicious attacks on computer systems are not new – the first true computer viruses appeared nearly 40 years ago.  So why are cyberattacks against railway networks growing now?

Technological change is a big factor. In common with other industries, railways are rapidly adopting digital technology. Just about every aspect of rail operations is going digital, from passenger information to signalling and ticketing. 

Digital technology delivers massive gains in terms of efficiency and passenger satisfaction. It plays a vital part in boosting the attractiveness of railways. But unless technology deployments are carefully managed and appropriately secured, they can introduce new vulnerabilities.

Risks are amplified by the proliferation of commercial-off-the-shelf (COTS) devices, from PCs to video cameras and sensors. These devices are the building blocks of IoT (Internet of Things) networks. The problem with COTS devices is that they may contain built-in vulnerabilities, making them hard to secure. In parallel with this, there is an increasing reliance on public communications networks rather than private ones.

It’s not only new types of technology that add to risks, but also the way that different technologies are now connected to each other. This trend is sometimes referred to as IT/OT convergence. OT (operational technology) systems include SCADA, which is widely used by railways to control critical functions. The risk is that links between critical and non-critical systems can provide a back door for hackers.

On top of all of this is the threat posed by Covid. Railway operators and infrastructure managers are under pressure to reduce the number of people working in offices and control rooms to comply with social distancing guidelines. Remote working and teleworking provide a solution – but potentially expose operators to new risks if devices and networks are not correctly secured.

What can be done?

At Thales, the mission is to enable rail customers to benefit from every type of digital technology – without the fear of hacking. It is able to do this because of its expertise in both railways and cybersecurity, unique in the transport market. 

In the field of ground transportation, the company’s products and solutions are Cybersecured by Design, including signalling, train control, fare collection, communications and supervision systems. And everything is backed up with dedicated security services to keep pace with constantly evolving threats.

In addition to this, Thales provides cybersecurity upgrades for legacy systems – significantly improving security performance and providing maximum peace of mind for customers as they undergo their digital transformation.