‘Cybersecuring’ Rail’s Digital Transformation

Could this really have happened?

Hackers send an ominous message to the city’s rail operator: “We have locked up 2,000 of your computers that run your ticketing operations.  Send us 100 bitcoins and we will send you the key to unlock the system.”

That incident recalls real ones, and any resemblance to reality is not purely coincidental; several operators have seen their system infiltrated in the past. It can still happen today or tomorrow.  

Yet the consequences of the incident described here could have been much worse had hackers attacked actual train operations.

Indeed, the risk of hacking grows each day as more and more rail activities become ‘smarter’ and connected via the Internet of Things.

Digitalisation is helping to make trains faster, safer and more comfortable. But it also exposes railways to cyberattacks because the more connected devices, the more opportunities for hackers to break into the system. Protection of privacy becomes as much of a concern as passengers expect continuous availability of their data and on-line services.

Benoit Bruyère, Senior Cybersecurity Authority at Thales

To illustrate the importance of the digital transformation, imagine that in order to optimise preventive maintenance of distant equipment, myriads of sensors will be deployed to monitor and report to the rail operations centre.

“The challenge is to safeguard the critical system by protecting its assets at risk,” explains Benoit Bruyère “The strategy is to both protect and detect. This is why our solutions are ‘Cybersecured by Design’. It starts by essential design principles such as defence in depth. Then we introduce detection leveraging the latest innovations from Artificial Intelligence and Data Analytics. Last but not least, we design our systems to prepare for ‘patch and protect’ in order to make them ready for long-term support”.

Thales is in unique position to support operators in this critical mission thanks to its worldwide experience in rail transportation systems and its leading expertise in AI, Data Analytics, Connectivity and Cybersecurity. No other company can offer the same combination to accompany rail operators in their digital journey.

Benoit Bruyère concludes, “By protecting the operational services of our rail customers---and the data of passengers—we ensure the integrity, availability and confidentiality of their digital transformation.