On March 21, 2022, US President Joe Biden issued a serious warning to businesses urging them to “harden their cyber defenses immediately” amid rising cyber threats on critical infrastructure. The President’s first push to enhance the nation’s cybersecurity defenses, however, was in May 2021 – an executive order requiring organizations to review and comply with new cybersecurity policies and standards.
Indeed, amid escalating global tensions and industry-wide modernization, we must prepare for a new level of threat.
Today, mission-critical railway infrastructure is more complex, digital, and interconnected than ever before. OT railway systems, which used to function as isolated islands, now face similar threats as IT systems. Additionally, advanced technologies and new wireless capabilities have allowed new avenues for malicious actors to infiltrate vulnerable and unprotected systems.
In 2021, the FBI saw a 7% increase in cybercrime complaints over the previous year. The need to fortify railway cybersecurity is clear, but what does that mean in practice? What concrete actions should railway organizations take to “harden their defenses,” ensure railway safety, and keep business running?
Below are three actionable steps railway organizations can follow to maintain railway safety and ensure business continuity.
Designing a Railway Cybersecurity Strategy in Three Steps:
1. Prepare a cybersecurity plan
Create a clear and scalable cybersecurity plan that addresses the needs of your systems and technologies and serves as the foundation from which all of your cybersecurity policies and activities are born. A high-level plan will include measures on how to minimize cybersecurity risk.
The first step involves network and asset mapping. In order to properly monitor for real-time threats, you must first map the OT environment, such as your communication, signaling systems, and rolling stock, to identify where your system’s risks and vulnerabilities lie.
Federal cybersecurity agencies such as the CISA and NSA have underscored the importance of OT mapping for critical infrastructure. According to 2020 guidance, an accurate and detailed OT infrastructure map is a critical component of a sustainable cybersecurity strategy.
Secondly, you must consider the cybersecurity directives in your country or region, and the industry best practices suggested by your cybersecurity solution provider.
In December 2021, the US Transportation Security Administration (TSA) announced new security directives and guidance to strengthen cybersecurity measures across the transportation sector, including railway cybersecurity. Owners and operators are now required to:
1. Designate a cybersecurity coordinator
2. Report cybersecurity incidents to CISA within 24 hours
3. Develop and implement a rail incident response plan
4. Complete a cybersecurity vulnerability assessment
Just as cybersecurity threats evolve, so should your strategy. It’s important to periodically update and adapt your cybersecurity strategy to the current threat landscape and to the recommendations provided by your organization’s cyber experts and service providers.
2. Implement a reliable cybersecurity solution
Conventional cybersecurity companies that do not design specifically for railway environments fail to fully predict and understand their vulnerabilities. An industry-centered rail cybersecurity solution, like Cervello, can determine where the attack took place, which systems have been affected, and offer a tailored response with little to no service delays. This is a huge relief to railway operators and infrastructure managers who are responsible for ensuring continuous operation and safety, even during an attack.
A complete railway cybersecurity solution provides:
• Visibility: Continuous and dynamic network mapping and segmentation of all OT assets so as to easily identify risks and vulnerabilities across all OT systems.
• Security: Ongoing monitoring and threat detection that comply with the new US federal regulation requiring a Zero Trust framework, where every connection or command is suspicious until proven otherwise. Cervello is the first platform to offer a passive, non-intrusive Zero Trust approach, essential to railway organizations who cannot risk unnecessary service disruptions.
• Response: Detailed cybersecurity forensics reports and actionable response plans with remediation guidance that is customized to your unique assets and connectivities. In compliance with the new TSA rail security directive outlined above, your response should include reporting cybersecurity incidents to CISA within 24 hours.
3. Prepare your organization for a cyber event
In addition to having the right strategy and security solution, a significant mindset shift is needed to ensure your railway cybersecurity measures remain effective and sustainable.
The final step is to prepare your organization by addressing the three cybersecurity pillars: people, technology, and processes (PTP).
People – The people element is about establishing a cultural mechanism that focuses on cybersecurity awareness in two steps:
• Cybersecurity awareness training: A recent study by the World Economic Forum revealed that most cybersecurity issues can be traced back to human error. Per the report, “businesses that fail to demonstrate strong corporate governance around cybersecurity—such as by implementing robust systems and process oversight protocols, and by practicing accountability and transparency in the event of a breach—could suffer reputational harm.” Encouraging cybersecurity education in your organization is an essential first step in preventing cyber threats and minimizing the impact of attacks.
• Assign a crisis-response team: This team is responsible for orchestrating the response plan in the event of a cyberattack. Cervello’s Incident Response Playbook will support the team with remediation guidance and a very clear action plan for each affected asset.
Processes – Clearly defined processes are integral to defining how an organization mitigates risks and responds to actual cyberattacks. An efficient and successful process includes well-exercised response plans, clearly defined roles, and detailed documentation. Moreover, there needs to be a system for enforcing the adoption of these processes.
Technology – Having a fully passive, Zero Trust rail cybersecurity solution equipped to monitor all of your OT assets is fundamental to securing railway critical infrastructure.
Protecting Railway Critical Infrastructure Demands a Proactive Approach
President Biden’s continued calls to enhance cybersecurity defenses for critical infrastructure should not be ignored. There’s a reason federal agencies, cybersecurity experts, and railway industry leaders are narrowing in on cybersecurity. The stakes of a railway cyberattack have never been higher.
As digital transformation efforts continue and the industry’s threat landscape becomes increasingly complex, railway organizations must take action to ensure passenger safety and business continuity.
By taking the three actions outlined above, you will gain the competitive advantage of safer, more reliable railway operations, while avoiding the potentially catastrophic consequences of an attack.