The recent string of cyber attacks on critical infrastructure has made it clear that the traditional, perimeter defense approach to cybersecurity is no longer adequate. For railway, which relies on increasingly digital and connected infrastructure, a Zero-Trust approach is a crucial component of threat detection and mitigation.Â
A Zero-Trust model enables a contextual, risk-based evaluation of all requests, procedures, and activities, regardless of network location or user rank. It is not only becoming the norm across most industries, but it is also becoming a requirement.Â
In 2021, the Biden administration released new guidance expanding requirements among critical infrastructure organizations and national security systems agencies to adopt a Zero-Trust architecture as part of their plan to defend against known or suspected cybersecurity threats. The NIST (National Institute of Standards and Technology) has also released its own cybersecurity measures and guidelines highlighting the core components of Zero-Trust principles.Â
As the regulatory landscape around cybersecurity tightens, and as railway becomes an even more attractive target to attackers, Zero Trust is paramount to ensuring business continuity and railway safety.
Cervello, which pioneered the railway-centered cybersecurity solution, is the first railway cybersecurity platform to offer a Zero-Trust approach to threat and anomaly detection. In this article, we will examine the concept of Zero Trust, why it’s crucial for the railway sector and the advantages of Cervello’s Zero-Trust solution.Â
What is Zero Trust?
Zero Trust assumes there is no implicit trust granted to assets or users based on their physical location, network, or asset ownership. It requires continuous authentication and authorization of a user’s credentials as they move through a network in order to verify both their identity and that they have appropriate privileges to access secure data and apps.
A mature model architecture performs these checks whenever a user attempts to access different segments of the network. Across many industries, this routine verification is what prevents hackers from gaining lateral access through internal systems and hijacking assets for ransomware or other purposes.
In critical infrastructure industries, such as railway, energy, water, and defense, Zero Trust has to be passive. A passive Zero-Trust model alerts organizations when a threat is detected so they can respond quickly and effectively before extensive damage is done.
Zero Trust vs. perimeter defense model: Comparing generic use cases
A perimeter defense model, often referred to as a “castle and moat” approach, aims to prevent attackers from gaining access to industrial computer and control networks using firewalls, proxy servers, and various intrusion detection tools. It assumes that the “castle” is a closed network, or that all activity inside network systems and assets is safe.
However, if perimeter defense mechanisms fail, attackers who gain access to internal networks can move freely across assets and systems, accessing sensitive data and controlling assets without any A perimeter defense model, often referred to as a “castle and moat” approach, aims to prevent attackers from gaining access to industrial computer and control networks using firewalls, proxy servers, and various intrusion detection tools. It assumes that the “castle” is a closed network, or that all activity inside network systems and assets is safe.
However, if perimeter defense mechanisms fail, attackers who gain access to internal networks can move freely across assets and systems, accessing sensitive data and controlling assets without any further verification.
Although the perimeter defense model is the status quo, it is far from infallible. Cyberattacks across all industries underscore this fact.
Zero Trust resolves the security gaps that a perimeter defense leaves open. Instead of blindly trusting anyone within the system perimeter, a Zero-Trust model assumes the network is already hostile and assumes any connection or command is suspicious.
A generic Zero Trust cybersecurity solution used outside of the critical infrastructure sector reduces the risk or actively prevents hackers from moving laterally through a system or gaining higher data access privileges. As a result, this model significantly limits the potential damage to an infrastructure network.
Cervello’s passive Zero-Trust model is built for the unique needs of critical infrastructure
As the first railway cybersecurity solution based on a Zero-Trust model, Cervello has introduced a new paradigm in railway cybersecurity. Today, railway organizations can actually identify misleading commands and false-positive alerts affecting their mission-critical assets and infrastructure.
Cervello’s Zero-Trust threat detection mechanism assumes any connection or command is suspicious. It performs fully passive authentication and validation of all communications to detect attempts at lateral movement and minimize the risk of privilege escalation to potential threats.
With Cervello, railway operators and infrastructure managers can identify operational traffic that seems valid but is in fact malicious, much earlier on. And, as a railway-centered solution, Cervello is built specifically to understand railway-specific protocols, safety integrity levels, communication and signaling systems, operational activities, and geographic context in order to identify anomalous patterns as suspicious activity.Â
Combatting rising cybersecurity threats with such platform
The most sophisticated cyberattacks—and the ones that wield the biggest operational impact—are those that look like legitimate operational commands but are in fact malicious.
The biggest threats exist in signaling and system-to-system communications in the age of CBTC, which requires continuous communication between mission-critical wayside equipment like interlocking, onboard equipment, and wayside communication systems.
Here’s a breakdown of some of the main avenues cyberattackers take today to infiltrate railway systems, and how a Zero-Trust architecture helps reduce their impact.
1. GSM-R
As the data communication bearer for the ETCS, GSM-R opens the door to attackers to gain easy access to mission-critical systems, such as the onboard unit.
A Zero-Trust-based continuous analysis is the only way to detect anomalies and false-positive wireless train control information sent via GSM-R.
2. Gaps between GSM-R and signaling vendors
The separation between system vendors for GSM-R and signaling equipment, as well as their corresponding maintenance requirements, create gaps that can easily be exploited by a malicious actor.
To mitigate this threat, Zero Trust monitors these systems from end-to-end, thereby covering all of the ground within these gaps, including all technological interfaces, maintenance responsibilities, and vendors.
3. Supply chain
Attackers that access railway systems via the supply chain leverage vulnerable communication channels through their connection to the infrastructure or rolling stock while updating or installing different components.
The passive validation of all commands related to the critical network with a Zero-Trust architecture ensures the reliability of these requests to secure the supply chain.
A no-brainer for railway cybersecurity
Railways are no longer closed networks. There is no question that a perimeter defense model is no match for the ever-evolving and sophisticated cyber threat landscape.Â
In today’s data ecosystem, which no longer adheres to a specific hierarchical flow, contextual, Zero-Trust threat detection combined with dynamic OT mapping is the only way to enable an efficient threat response.
With Cervello’s Zero-Trust, railway-centered cybersecurity solution, a passive authentication mechanism is integrated within the application, network, and safety layers to detect commands and requests for access that appear legitimate but aren’t. It empowers railway organizations to manage their day-to-day more effectively while ensuring railway safety and minimizing the operational impact of cyber threats.Â