Geopolitical conflict and soaring inflation have driven up gas prices all over the world. As a result, travelers are increasingly relying on trains as a more cost-effective alternative to road or air travel. In this blog post, we will be discussing the new necessity of the transportation industry – train cybersecurity.
For the first time since the onset of Covid-19, ridership on commuter trains has neared or even exceeded pre-pandemic numbers. In June, New York’s Metro-North carried 126% of its pre-pandemic baseline. At the same time, California’s Sonoma-Marin Area Rail Transit experienced its highest monthly total since 2020, more than doubling its number of riders compared with June 2021.
To maintain this momentum, rail organizations must make it a priority to avoid service delays, boost efficiency, and enhance the rider experience.
But as demand for train services rises, rail has become an increasingly attractive target for malicious actors. In fact, 83% of all critical infrastructure organizations have been the victim of a cyber-attack at least once in the last three years.
Cybersecurity has been lagging in the rail sector for years. Today, it’s become abundantly clear that rail needs a dedicated rail cybersecurity solution to prevent service delays, financial losses, and potential human harm that could result from cyber attacks.
Why Hackers Are Targeting Rail and planning to target train cybersecurity
Cyber attacks on trains usually intend to suspend operations, disrupt supply chains, or steal data. All are seen as victories for politically and financially motivated hackers who aim to gain publicity, demonstrate influence over nation-states’ critical infrastructure, and exploit rail organizations or governments for ransom.
Indeed, rail critical infrastructure is still highly vulnerable to cyber-attacks. Digital transformation has progressed faster than the industry has defined how to defend its technology from malicious attackers.
In general, rail architecture has become more digital and interconnected. The rise in interconnected assets exposes rail OT to the same vulnerabilities as IT systems. Increasing reliance on third-party systems increases the risk of a breach through the rail supply chain. The overall attack surface for rail is wider than ever, giving hackers more options and opportunities to gain unauthorized access and wreak havoc.
Due to the rise in road traffic and, more recently, the inflation in gas prices, demand for public transit is growing. Cybercriminals are well aware of the increasing reliance on train services, as well as what service outages mean for individuals, rail organizations, and economies.
Understanding the Stakes of Train Cybersecurity Threats
Here are just some of the consequences of a cyberattack on a rail.
Damaged passenger experience
When trains can’t run, they put an already fragile passenger experience at risk. Trains have struggled with inefficiencies and staffing shortages since the onset of covid, with disruptions to intercity train operations on the rise. Total service outages resulting from rail cyber attacks would inflict serious damage to the passenger experience, during a time when reliance on public transport is rising.
Financial losses
Disrupted operations cost rail companies, workers, and the public. If a cyber attack leads to a service outage, rail companies lose passenger ticket sales, while passengers cannot get to work and could lose income as the costs of living rise. Hundreds of millions of dollars worth of freight could be damaged or destroyed as a result of a service outage. On top of that, disrupted supply chains lead to shortages in factories and stores. While it’s difficult to determine the exact operational cost of freight service delays, studies place the cost per hour between $40,000 and $140,000. Prolonged delays can cost railways millions. Train cybersecurity can prevent that.
What Rail Can Do to Protect Itself Now
Rail organizations must take action to harden railway cyber defenses; secure rolling stock, signaling, and telecommunication systems; and develop the means to identify a breach at the earliest possible time.
The first step to doing so is to understand their security posture. This requires taking inventory of every asset comprising the rail architecture, as well as their dependencies and security policies. This essential step provides clarity into where vulnerabilities currently exist.
The next step is gaining complete visibility into the rail infrastructure, which allows security teams to easily segment assets and understand potential and actual attack vectors in the event of a breach.
Cervello, a leading railway cybersecurity platform, is designed to assess the overall risk of rail infrastructure. It automatically segments every asset into zones and determines each asset’s dependencies to provide the most effective remediation guidance from rail incident response playbooks.
The solution also uses a Zero Trust monitoring and threat detection model, which is critical to effective rail cybersecurity. A Zero Trust approach assumes that any connection or command is suspicious and therefore requires a tailored passive validation and authentication to prevent lateral movement or privilege escalation. By overlaying the traditional perimeter defense model with Cervello’s Zero Trust, yet fully passive and non-intrusive solution, rail organizations can attain real-time threat detection across the entire application layer.
Don’t Wait to Address Rising Rail Cyber Threats
Rail travel, considered one of the easiest and most friendly ways to travel, has also become the method of choice for those affected by the heightened gas prices and unreliability of air travel. Simultaneously, the spike in rail cyber threats has raised the stakes for rail organizations starting to recover from the pandemic. When potential consequences of a cyber attack include lost revenue, dissatisfied passengers from service disruption, supply chain delays, damaged freight, or even physical harm, the time to act is now.