Skip to main content

Winning the battle against railway cyber crime

Cyber attacks on railways are rising. Could better cybersecurity maintenance make a difference?

All your servers are encrypted! Send 100 bitcoins then we send you decryption key!

Finding a message like that in your inbox is every rail operator’s nightmare. But it’s increasingly common. There have been 14 publicly known cyber attacks on metros and main line rail networks in Europe and North America since 2016. 

Why maintenance matters

Railway operators do a fantastic job protecting their networks from hackers. But ensuring IT and other digital systems are properly patched and up to date is a huge task. Keeping passengers and infrastructure safe demands not only constant vigilance, but also high-level expertise. 

New cyber threats are emerging almost every day. Just about any accessible system can be a target. Wi-Fi, CCTV, email, telephone, train management systems and corporate servers have all been hit by hackers in recent years.

Rail operators also have to contend with denial of service (DoS) attacks, data leaks and intrusion. In short, attacks can come from just about any direction.

Understanding the maintenance challenge

Cybersecurity maintenance involves identifying vulnerabilities and patching against them. But it is no simple matter. 

First, you need to be able to pinpoint where vulnerabilities lie. This is a highly complex task that requires a full analysis of how systems and software are deployed and used. Second, applying patches requires enormous care: many railway systems are safety critical (SIL 4), so patching must be meticulously evaluated before it can be carried out. 

Legacy systems, increasing cross-system integration and multiple system vendors all add to the cyber maintenance challenge. Meanwhile, the rise of the Internet of Things (IoT) and 5G means there are new layers of complexity to be managed.

Covid is adding to the challenge. The shift towards remote working – including by rail sector employees – has created new opportunities for cyber attackers. Hackers may try to infiltrate systems by stealing staff credentials, by compromising their devices or by breaching remote access points.

How can Thales help?

Thales offers a comprehensive package of expert services to help customers meet the growing need for long-term cybersecurity maintenance in the rail sector. 

Vulnerability management: this provides a framework for identifying cyber risks and includes vulnerability notifications from Thales’ CERT (Computer Emergency Response Team). 

Two service levels are available. Product vulnerability management is designed for systems where Thales delivers one product as part of a global solution handled by another party. System level vulnerability management is a whole-system approach, including product vulnerability management. 

Patching: Thales offers a comprehensive vulnerability patching service. For non safety-critical products we provide regular patching with proper patch qualification, as well as urgent patching for critical vulnerabilities. For safety-critical products, such as train control systems for metros and main lines, we carry out security patching in conjunction with functional patching. 

Additional services: as well as vulnerability management and patching, Thales provides cybersecurity risk assessments, threat intelligence, penetration (pen) testing and product evaluation. 

Thales’ services underline our commitment to safeguarding our customers’ operations – and to building a future we can all trust.


Discover how  Thales’ Cybersecurity Maintenance Services will  help your network.

Download our white paper to find out more.