Railway Cybersecurity is Impossible Without Mapping the OT Environment

Cervello Team
September 29, 2021
moving train in the london tube|man using the Cervello platform

OT (Operational Technology) systems, especially in railways, are usually associated with ensuring safety. However, as we’ve seen through the latest string of railway cyber attacks, OT systems are now the ones putting railway operations at risk. In this article, we will be discussing the importance of OT environment mapping.

OT assets are no longer isolated islands. Instead, OT interconnectivity, integration with legacy IT systems, and supply chain cyber risks — combined with lack of proper monitoring — make it easy for malicious actors to gain entry.

Exploiting the interconnected networks of operational technologies has become an easy “in” for attackers, such as in the attack on Transnet, one of South Africa’s state-owned ports and freight rail companies. The attack, which occurred in July 2021, shut down Transnet’s operating systems and forced the rail company to temporarily suspend operations at the country’s key container terminals. Avoiding this kind of disruption and safety threats requires a more robust approach.

Now, cybersecurity experts as well as national cybersecurity agencies such as the CISA and NSA are strongly urging all critical infrastructure facilities to immediately take action to secure their OT assets through OT mapping. According to the report, “an accurate and detailed OT infrastructure map provides the foundation for sustainable cyber-risk reduction.”

With a system to map and monitor OT—not just IT, as most railway organizations do—railway operators and infrastructure managers will gain the visibility they need to protect OT assets and quickly mitigate threats.

A railway-centered security solution that integrates directly into your railway architecture allows you to continuously and automatically map all of your OT assets to gain real-time clarity into your cybersecurity risk posture and full visibility into each asset’s connectivities and dependencies.

To stave off malicious hackers, dynamic OT environment mapping is a must.

With evolving railway OT technology comes increased risk

With digital, connected, and collaborative systems replacing much of railway’s legacy OT infrastructure, the threat of cyber attacks is rising. The longer railway organizations go without a means of mapping all of their OT, the more vulnerable they become.

In the past, railway OT was mostly disconnected from the internet and operated within isolated closed networks. Today, legacy train control, communications, and safety systems such as signaling systems are being replaced with advanced, interconnected technologies in order to increase the efficiency and safety posture of interlocking and railway signalling systems.

With previously isolated OT networks converging with IT systems, railway organizations that lack a cybersecurity solution are unknowingly creating the perfect conditions for an attack. Namely, they allow access to:
– Information that identifies OT assets that are connected
– Unsecured OT assets
– Common, open-source information about devices
– An extensive list of exploits deployable via common exploit frameworks
– Unless you have a solution in place to map all of your OT assets, including their connectivities and dependencies, an attack is just a matter of when not if.

Dynamic OT environment asset mapping is crucial for rail cyber security

The only way to protect OT systems and the operations they enable is with dynamic OT asset mapping.
With a cybersecurity strategy that includes dynamic OT asset mapping, you can prevent attacks and identify security misconfigurations that would otherwise threaten business continuity and passenger safety. Not to mention, impose major costs. 

Dynamic OT asset mapping gives you a crystal clear view of all of your OT assets—as well as their connectivities and dependencies—so you can instantly pinpoint and isolate a threat at the moment it is detected. It also allows you to identify security misconfigurations that could harm the railway’s operational activities. Early identification of such issues is essential for avoiding the costs of resolving advanced issues, minimizing risk, and ensuring operational continuity. 

Without the ability to clearly visualize your OT, you are pretty much blind to a hacker’s potential pathway deeper into your critical infrastructure. 

In a rail-centric security solution dynamic OT asset mapping is built-in

Cervello built the first railway-centered security solution to ensure OT asset mapping would be a core function of railway cybersecurity. 

A rail cybersecurity solution must be fully passive, non-intrusive, and integrate directly into the railway infrastructure without causing any system downtime or network interference. Because it’s fully integrated and enables a passive authentication and validation process, it can provide in-depth visualization of your entire operational environment, including operational dependencies and hardware. 

How does dynamic OT environment mapping work?

Here’s a brief description of how asset mapping works, as well as how it enables rapid and effective threat mitigation. 

Auto-discovery: A railway-centered solution enables auto-discovery to map and segment every connected asset in each specific security zone. By creating a dynamic map, you can identify the number of assets, their locations, and interconnections. This information provides the essential context you’ll need in order to quickly and effectively respond to suspicious activity.

Threat detection: Once dynamic OT asset mapping takes place, you will have the visual clarity necessary to quickly detect threats and pinpoint them within your interconnected systems. When a threat is detected, you will identify it within a complete view of all OT systems in your network clusters and sub-networks. Cervello offers a variety of view modes, such as a mesh, asset groups, hierarchy map, and assets list. 

Remediation: With the ability to see where a threat exists in your systems, as well as all of the vulnerable hardware and systems connected to it, you can quickly take measures to isolate the threat. From there, the system provides actionable remediation guidance. 
Dynamic OT asset mapping is the key to railway cybersecurity. Without the ability to gain a simplified visual rendering of your complex systems and architecture, it is almost impossible to detect threats in a timely manner, let alone isolate and mitigate them.

With both broad and granular visibility into your OT networks and architecture, you can impose safety restrictions, achieve high integrity levels, and meet the most stringent railway safety standards. 

Ensuring rail cyber security is impossible without OT environment mapping

As railway infrastructure becomes increasingly connected and digital, taking steps to secure both IT and OT is integral to maintaining railway safety. As malicious hackers and bad actors become more sophisticated in their techniques, a railway-centered security solution is the only way to prevent an attack.
With the ability to fully integrate into your railway architecture, automatically map out all of your OT assets, and visualize how they are connected to the rest of your networks, systems, and hardware, you will gain the necessary context to quickly respond to any threat that arises.