Railway Safety: Why Generic Cybersecurity Solutions Fall Short

Cervello Team
August 26, 2021

We used to think of railway safety and cybersecurity as two separate concepts. Now, it’s become clear that it’s impossible to stay safe without cybersecurity and railway-centered security specifically.

This shift in mindset is due to two factors. The most obvious is the recent string of railway attacks that led to major operational disruption and compromised sensitive data. The second is the industry-wide transformation to digital technologies and wireless channels, in which new tenders and infrastructure projects have arisen with hefty cybersecurity requirements.

Although the industry now considers cybersecurity to be fundamental to railway safety, most existing security solutions are unable to provide the level of protection and visibility railway organizations require for their specific needs. They aren’t built to fit into railway systems’ unique architecture, operational workflow, or address their vulnerabilities — in short, they don’t “speak the rail language.”

In order to ensure safe and reliable transport, and at the same time avoid operational disruption, railway organizations require a cybersecurity solution that is built specifically for the domain’s protocols, technologies, methodologies, and systems.

This is why Cervello designed its rail cybersecurity platform.

What is railway-centered security?

Railway-centered security is a domain-specific cybersecurity model and framework that seamlessly integrates directly into the railway’s complex architecture and environments, making it uniquely capable of mapping, identifying, isolating, and remediating security and safety threats. With a tailored fully passive and non-intrusive security solution, organizations can rely on railway-centered security solutions to ensure safety and business continuity without interfering with the OT-critical infrastructure that their operations depend on.

The importance of railway-centered security (and why conventional cybersecurity solutions fall short)

Many railway organizations that recognize the importance of cybersecurity currently rely on non-industry-specific security solutions. With good intentions, they adopt standard solutions for protecting enterprise systems and data, such as firewalls, proxy servers, and other methods of perimeter defense. However, such generic solutions were not originally built with the railway industry in mind — they are not equipped to adequately identify, contextualize, or investigate the unique threats that railway systems face in their everyday workflows.

While conventional cybersecurity solutions might be able to tell you there is an attack, they aren’t built to know why or how to resolve it, and what it may harm with respect to the provided transportation service. This creates a major gap and challenge for railway operators and infrastructure managers, who are responsible for ensuring continuous operation and safety, even in the event of an attack.

For example, generic solutions don’t “know-how” to read or interpret the information on railway operators’ onboard units. Especially when creating network baselines, they won’t be able to detect misleading information that appears authentic, but actually intends to disrupt operations or jeopardize passenger safety. Without a railway-centered security solution, railway operators are left in the dark with too many assumptions.

Railway infrastructure managers face a similar challenge themselves. As signalling and communication systems become more wireless and interconnected, they have also become more exposed to cyber threats. Generic solutions aren’t built to integrate with the specific protocols and architecture that constitute modern railway communication, signalling, and control systems, which means they have no way to optimally identify false signals and commands.

In comparison, Cervello’s railway-centered security solution observes the happenings of these mission-critical systems from the inside. It is built specifically to integrate with your environments and systems in order to understand exactly what’s going on at all times.

The 5 must-haves of a railway-centered security solution

Cybersecurity vendors may market their solutions to railway organizations, but that doesn’t mean they’re designed to address the unique needs and sensitivities of the railway’s mission-critical assets. Here are the five core capabilities of railway-centered security solutions to know:

1. Integration

The ability to integrate directly, effectively, and quickly into the railway infrastructure without causing any system downtime or interfering with highly sensitive railway networks is fundamental to a railway-centered security solution. By integrating a fully passive, non-intrusive railway-centered solution into your systems and architecture, you can guarantee unidirectional information exchange without disrupting business continuity or putting passenger safety at risk.

2. Visualization

Because a railway-centered solution integrates directly into your systems and protocols, it provides in-depth visualization of your operational environment, including operational dependencies. Railway-centered solutions enable auto-discovery to map and segment every connected asset within each security zone, which provides essential context to operators and infrastructure managers who must respond to suspicious activity. With both high-level and granular visibility into all networks and architecture, you can impose safety restrictions, achieve high integrity levels, and meet the strictest railway safety standards.

3. Detection

Railway-centered security solutions replace the traditional perimeter defense model with a zero-trust, yet fully passive and non-intrusive framework. This approach assumes any connection or command is suspicious and therefore requires tailored passive validation and authentication to detect attempts as lateral movement and prevent privilege escalation to potential threats.

This enables real-time threat detection across the entire application layer with a deep understanding of railway-specific protocols. When a threat is detected, it responds by highlighting all potentially impacted connected assets and operational consequences to provide a complete threat profile.

4. Investigation

Generic solutions are not able to translate the potential impacts of cyber threats into the operational reality of the railway. In comparison, railway-centered security solutions are designed specifically to do exactly that.

Railway-centered security solutions isolate attacks and perform deep cybersecurity forensics, which produces a precise view of the threat landscape, raw data, communication logs, data flow, and network analysis. With this information, railway operators and infrastructure managers can accurately assess risk and gain the necessary context to ensure operational continuity.

5. Remediation

After identifying and investigating an attack, railway-centered security solutions automatically provide actionable playbooks with real-time guidance to quickly mitigate threats and contain operational disruptions. Generic solutions are ill-equipped to offer anything of the sort—such guidance can only be developed by cybersecurity specialists with expertise in both cyber and railway.

Cervello is defining the next generation of railway safety

As an industry, we’ve come a long way. Not long ago, many railway organizations considered cybersecurity a secondary concern or dismissed it entirely. Today, it’s widely understood that cybersecurity is a prerequisite to safety. Still, many railway organizations continue to rely on inadequate, generic solutions.

These solutions are simply not equipped to defend against railway cyber threats, which not only pose business risks but also put passengers’ lives at risk. That’s why we developed Cervello, the first railway-centered security solution designed specifically to protect the unique needs and operational sensitivities of the railway’s mission-critical assets.

Cervello was built from the ground up by cybersecurity, intelligence agencies, and railway veterans with vast experience in defending national critical infrastructure from cyber threats. With our experience, expertise, passion, and patented technology, our mission is to elevate cybersecurity for this unique industry needs and keep railways safe.

Railway organizations can rely on Cervello’s railway cybersecurity platform to ensure passenger safety, increase productivity and availability, and maintain business continuity.