“The coronation ceremony for King Charles on Saturday will be the most glorious display of pageantry seen in Britain for a generation and will provide an economic boost to the nation,” its organizer and Buckingham Palace have said.
This Saturday, May 6, millions of people are due to arrive in London to watch the Coronation, far more than the 2,200+ dignitaries from 203 countries – including more than 100 heads of state, who are formally invited “inside.” As much of London will be closed to private vehicles, the Tube and railway trains will be the primary mode of transportation for the general public.
While the ceremony itself is estimated to cost $120 million, security expenses are estimated to range even higher – from $180 million to double at $300 million. That fee covers “boots on the ground” – police personnel, private security, etc. and does not consider the massive technical security infrastructure.
As global international “celebrities,” the Royal Family itself has been the target of threats in the past. For example, in 2017, Israeli company Sixgill discovered ISIS threats on Telegram toward Prince George.
Britain’s infrastructure has also been a common attack target. In January, the Royal Mail faced ransomware from Russian hackers. Last August, the NHS was attacked as well.
It isn’t farfetched to consider that threat actors will take advantage of the volume of railway traffic this weekend to make their own appearances.
The Rail Cybersecurity Risks Surrounding King Charles’ May 6 Coronation Weekend
The London Underground, the Tube, has 11 lines and 270 stations, handling up to five million passengers per day, with more than 543 trains running simultaneously. On a “normal” day, more than 600,000 people arrive in London through the National Rail, which connects through 10+ stations in Greater London.
The infrastructure of a typical rail network provides ample touchpoints for disruption – signaling, networks, telecommunications, and rolling stock can all be attacked; vulnerabilities are inherent to rail connectivity due to the extensive volume of IT, OT, and IoT devices.
Attacks can occur anywhere:
- Operational Layers
- The rail traffic management systems, enable management and control over the entire infrastructure and operations.
- Safety Layers
- The physical and digital safety layer for train protection and remote control.
- Element Control Layers
- The communication message transport layer connects the safety layer to the field elements, such as radio, optical fiber, copper cable, or cellular.
- Field Elements Layers
- The endpoint/edge components of the railway, such as signal heads, axle counters, level crossings, balises, and so on.