Attacks and Vulnerabilities
Critical infrastructure
Features
Industrial Cyber Attacks
Malware, Phishing & Ransomware
Risk & Compliance
System Design & Architecture
Technology & Solutions
Threat Landscape
Transportation

Guarding the Tracks: Cybersecurity imperatives for the future of rail infrastructure

November 26, 2023
Guarding the Tracks: Cybersecurity imperatives for the future of rail infrastructure

Strengthening cybersecurity in rail infrastructure and systems is imperative for modern transportation, addressing vulnerabilities in both physical rail systems and associated software. The interconnected nature of networks across the rail transportation sector exposes them to diverse cyber threats, including unauthorized access and potential data breaches. The intricacies of railway networks, woven together by digital threads, heighten the susceptibility to cyber threats. 

Unauthorized access and the looming threat of data breaches necessitate a proactive and comprehensive approach to cybersecurity. The potential ramifications of a breach extend beyond compromised data, encompassing the safety and reliability of transportation services.

Within this landscape, the pivotal role of rail switching amplifies the urgency for stringent cybersecurity protocols. Risks such as signal manipulation or unauthorized control pose not only operational challenges but also the potential for severe accidents and service disruptions. Recognizing this, the implementation of advanced cybersecurity solutions becomes paramount to fortify the resilience of rail networks against evolving threats.

In the realm of safety technology, Positive Train Control (PTC) stands as a beacon for enhanced safety. However, its reliance on intricate software introduces a unique set of cybersecurity challenges. As we embrace digital evolution in rail operations, the industry must navigate the delicate balance between technological innovation and safeguarding against potential vulnerabilities.

The evolution of Precision Scheduled Railroading (PSR) further underscores the need for a proactive cybersecurity stance. As rail systems optimize schedules through digital means, the dependencies on technology create additional entry points for cyber threats. In this era of digitization, the commitment to comprehensive cybersecurity strategies is not just a reactive measure but a proactive necessity, safeguarding the future integrity, safety, and reliability of rail networks.

Analyzing intersection of rail systems and cybersecurity

Industrial Cyber contacted rail cybersecurity experts to examine the impact of recent technological advancements and the integration of digital systems on the vulnerability of rail systems to cyber threats. Additionally, they have investigated the primary weaknesses in modern rail infrastructure from a cybersecurity perspective and explored the consequences of these vulnerabilities on the safety and dependability of rail operations.

Shaked Kafzan Co-Founder and CTO of Cervello
Shaked Kafzan Co-Founder and CTO of Cervello

Shaked Kafzan, co-founder and CTO of Cervello identified the rise of digitalization as a double-edged sword for the rail industry. “The integration of digital systems into rail infrastructure has significantly heightened their susceptibility to cyber threats. The convergence of operational technology (OT) with information technology (IT) has expanded the attack surface, exposing systems to common IT threats like malware or ransomware,” he added. 

Additionally, much of the rail infrastructure operates on legacy technology, which lacks modern security defenses and is costly and disruptive to upgrade, Kafzan identified. “These vulnerabilities have serious implications for the safety and reliability of rail operations, potentially leading to unauthorized control of train movements, signaling manipulation, or safety system disruptions.” 

To mitigate these risks, Kafzan said that a holistic cybersecurity strategy is crucial, encompassing system updates, network monitoring, industry-specific cybersecurity standards, and continuous staff training. “In today’s digital age, ensuring the cybersecurity of rail systems is a must, not just for data protection but for the safety and reliability of essential transportation infrastructure.”

Paul Veeneman, President and COO, Beryllium InfoSec Collaborative
Paul Veeneman, President and COO, Beryllium InfoSec Collaborative

Paul Veeneman, an IT|OT|ICS|cybersecurity and risk management professional, told Industrial Cyber that digital systems in rail infrastructure have significantly increased cybersecurity risks. “Modern rail has become equipped with interconnected technologies at the data core, locations and facilities, and on the track and train, all of which increases vulnerability to cyber threats.” 

“Risks can include hacking, data breaches, and disruptions to information technology (IT) that can impact operational technology (OT). Cyber-attacks can compromise safety, causing disruptions and endangering operators, passengers, or local communities,” according to Veeneman. 

He added that potential weaknesses are outdated legacy systems, insufficiently secured communication networks, and a lack of comprehensive cybersecurity practices and programs. “Over the past 6-7 years rail organizations have invested in improved security systems, processes, and architecture for existing and new rail infrastructure to address gaps. However, balancing technological advancements with cybersecurity measures remains a challenge.”

Cyber-attack consequences, mitigation measures for rail switching systems

The executives provide insights into the potential consequences of cyber-attacks on rail switching systems, as well as the measures being taken to mitigate these risks. Additionally, they outline the necessary steps for rail infrastructure to handle such incidents.

Kafzan detailed that cyber attacks on rail switching systems pose severe consequences as attackers could manipulate the switching mechanisms to disrupt train operations, compromise safety, and potentially lead to fatal collisions or derailments. “Moreover, a breach in rail switching systems could disrupt schedules, leading to costly delays and logistical challenges for the entire rail network.”

He pointed out that to mitigate these risks, rail infrastructure needs to implement robust cybersecurity measures, including advanced intrusion detection systems, regular security audits, and comply with cybersecurity policies and safety protocols. “Upgrading legacy systems with enhanced security features and ensuring seamless integration with modern technology are also key steps. As the threat landscape evolves, the rail industry must continuously adapt its cybersecurity strategies to proactively defend against and respond to such incidents.”

Veeneman noted that cyber-attacks targeting rail switching systems can have devastating consequences, including derailments, collisions, or system-wide shutdowns. “The events in East Palestine, OH serve as a stark reminder that rail catastrophes, cyber-related or otherwise, pose safety risks but also disrupt freight and passenger services, leading to economic losses,” he added. 

To mitigate these risks, Veeneman indicated that rail operations must adopt multi-layered cybersecurity strategies, including preventative maintenance as well as detective measures, and regular security and operations audits. “Additionally, the industry must continue focusing on educating employees about cybersecurity best practices and collaborating with government agencies, including the FRA, for threat intelligence sharing. The key challenge is to maintain a balance between operational efficiency and stringent security measures.”

Using PTC to enhance rail safety, tackle cybersecurity, navigate integration 

The executives explore the impact of Positive Train Control (PTC) technology on the safety and efficiency of rail transport. They discuss how PTC has addressed cybersecurity concerns within the industry. Additionally, they highlight the advancements in PTC technology that have reduced human error and prevented train accidents. The executives also discuss the challenges that still exist in adopting and integrating this technology into existing rail infrastructure.

Kafzan highlighted that PTC technology has been a game-changer in enhancing the safety and efficiency of rail transport by significantly reducing the risk of human error. Improved sensors, real-time data analytics, and predictive maintenance capabilities help identify potential issues before they escalate. 

“From a cybersecurity perspective, however, increased connectivity, interoperability with unpatched legacy systems, and remote access introduces new security weaknesses.,” according to Kafzan. “In order to protect its critical infrastructure, PTC implements robust authentication and authorization mechanisms, strong encryption protocols, and intrusion detection and prevention mechanisms.” 

To further address cybersecurity concerns, Kafzan emphasized focus on continuous monitoring and threat detection that can operate in the rail context, network segmentation, and granular visibility, which must be part of a railroad operator’s comprehensive cybersecurity strategy, as suggested by cybersecurity experts and the recently published TSA Security Directives for rail.

Positive Train Control (PTC) was mandated by Congress in September 2008 to enhance rail safety and efficiency by automating train operations, reducing human errors, and preventing accidents, Veeneman detailed. “PTC systems provide real-time data on train movements, aiding prevention of collisions and derailments. PTC is largely a self-contained system and architecture but introduces new challenges due to reliance on digital communication and control systems.” 

To safeguard these systems, Veeneman pointed out that rail operators are implementing encryption, secure authentication protocols, and continuous monitoring for potential cyber threats, both internal and external of the PTC infrastructure. 

“Despite these advancements, challenges in PTC adoption are the need for ongoing system upgrades to address evolving cyber threats as well as supply chain risk, similar to SolarWinds, the introduction of malicious code into the narrow field of manufacturers and production processes of equipment leading to disastrous consequences,” Veeneman added.

Employing PSR to boost efficiency, manage cybersecurity challenges 

The executives detail how PSR enhances the efficiency and effectiveness of modern rail systems. They also discuss the impact of this advancement on cybersecurity strategies in rail management. Additionally, they address potential cybersecurity challenges that may arise during the implementation of PSR and shed light on the approaches taken by industry professionals and regulators to tackle these issues.

“PSR optimizes rail operations through advanced scheduling algorithms, resource allocation, and data-driven decision-making, which results in more streamlined schedules, better asset utilization, and increased overall network capacity,” Kafzan explained. “However, as rail systems become more interconnected and data-driven, they become potential targets for cyber threats. Ideally, an operator would adopt a ‘security-by-design’ approach from the outset of PSR technology and process implementation.” 

If that isn’t possible, Kafzan pinned down that the focus should then be on limited access control and authorization protocols, creating isolated network segments that will contain potential breaches, employing real-time monitoring and rail-specific anomaly detection systems, and securing as well as updating communication protocols. 

“PSR offers significant operational benefits, but its integration into rail systems requires a deep commitment to strengthening cybersecurity measures and working with industry partners and regulators to ensure the continued safety and security of rail systems in an increasingly digital and connected environment,” he added.

Veeneman recognized that PSR has always professed efficiency in rail operations, optimizing schedules, reducing transit times, and improving asset utilization. “While there isn’t one definition of PSR, stakeholders hold the strategy is associated with less staff, longer trains, and reliance on technology for automation and optimization. This introduces cybersecurity concerns, potential issues are data breaches, unauthorized access to control systems, and disruptions in operational scheduling,” he added. 

Quoting a December 2022 GAO report, Veeneman said that the Class 1 railroads ‘…stated that these operational changes improved or had no effect on railroad safety,’ and the ‘FRA also has planned efforts to address potential risks, such as employee fatigue and the effects of longer trains.’

“There has been an increased emphasis on public-private collaboration with cybersecurity and industry expertise, government agencies, such as CISA, to stay ahead of potential and emerging threats,” Veeneman concluded. “While derailments do occur, 742 through October 2023 as reported by the FRA, increased public focus in the wake of recent events will increase pressure to ensure safety and safeguarding of rail operations, including security of the cyber-physical systems.”

Anna Ribeiro

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Securing cloud, IIoT in Industry 4.0 emerges crucial for protecting industrial operations across OT/ICS environments
Securing cloud, IIoT in Industry 4.0 emerges crucial for protecting industrial operations across OT/ICS environments
Through the Lens of a Case Study: What It Takes to Be a Cyber-Physical Risk Analyst
Through the Lens of a Case Study: What It Takes to Be a Cyber-Physical Risk Analyst
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
MITRE's CREF Navigator aligns with DoD's CMMC to boost cyber resilience in defense industrial base
MITRE’s CREF Navigator aligns with DoD’s CMMC to boost cyber resilience in defense industrial base
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
ASIS Foundation reports on impact of autonomous vehicles on security and technology
ASIS Foundation reports on impact of autonomous vehicles on security and technology
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights