CyberRail – putting a stop to cyber-attacks

Danger lurks on the information highway just as it does in real life, with traffic jams, accidents, unauthorised intrusions, criminal attacks and other risks. From power plants to hospitals, air traffic control systems to rail networks, a country's critical infrastructure (or essential operators) has to be prepared to deal with cyber threats. For railways in particular, cyber security is an issue of increasing importance.

According to Alexander Szönyi, Cyber Security Authority for the Ground Transportation Systems at Thales Austria, protective measures against cyber-attacks in the railway sector still have a long way to go: “Often there is a lack of awareness about potential new threats. Railway networks and operators have a deeply ingrained culture of safety. They are convinced that their systems are extremely safe, but often do not fully realise where the new risks lie. This is based on the fact that railways focus heavily on safety. However they now also have to face new security risks. Today they need to protect their systems from the external threats, including criminal activities. This is a huge difference.”

Using operational control systems, modern railway systems have electronic interlocking, radio-based signalling systems and the specially developed GSM-R mobile communications standard with highly specific signalling infrastructures that are difficult for cyber criminals to access. But these complex technologies only work because they are integrated into internet-based data communication networks and therefore run on corresponding servers like any other application. This is where experts see a risk of attacks and interventions by unauthorised users and it is not just a hypothetical danger. Nextgov, the governmental-affiliated American technology newsletter, reported that intruders may have manipulated railway signals in the northwest of the United States in December 2011. Although the incident did not have a dramatic impact, it nevertheless revealed the vulnerability of IT-based technology.

In order to address these risks, Thales developed CyberRail, a monitoring solution for network security. CyberRail can detect, visualise, analyse and provide a timely response to the threats and attacks that railway systems are subject to. The system's sensors automatically track huge volumes of data transmitted over internal railway systems, collecting critical information about abnormal events. In the event of an attack, the operator can instantly identify the type and location of the incident on their screen and initiate predefined countermeasures. Thales CyberRail not only prevents imminent hazards, but constantly analyses operational data in order to provide an overall picture of potential weaknesses in the IT workflows of critical infrastructure organisations. Based on risk analyses conducted jointly with customers, Thales offers comprehensive security solutions to help completely stop the threat of potential cyber-attacks.