Cybersecurity in Rail Signalling Systems

Railway signalling is a system aimed to direct railway traffic and keep trains clear of each other at all times.

Trains move on fixed rails, making them uniquely susceptible to collisions. This susceptibility is increased by the enormous weight and inertia of a train, which makes it difficult to stop when encountering an obstacle.

Most forms of train control involve “movement authority” being passed from the signalman (or stationmaster) to the crow on the train. The set of rules and the physical equipment used to accomplish this are known as the “method of working” (UK), method of operation (US), or safe working (Aus.).

Here are some of the main Railway signalling systems:
1. ALSN (Russian Federation, Belarus, Estonia, Latvia, Lithuania, Ukraine)
2. ASFA (Spain)
3. ATC (Sweden, Denmark, Norway, Brazil, South Korea, Japan, Australia (Queensland), Indonesia)
4. ATP (United Kingdom, United States of America, Brazil, Australia (Queensland), Indonesia, Hong Kong, Dominican Republic)
5. CBTC (Brazil, United States of America, Canada, Singapore, Spain, Gabon, Hong Kong)
6. PZB Indusi (Germany, Austria, Romania, Slovenia, Croatia, Bosnia-Herzegovina, Serbia, Montenegro, Macedonia, Israel)

ETCS

The European Train Control System (ETCS) is the signalling and control component of the European Rail Traffic Management System (ERTMS). It is intended to replace the legacy train protection systems and the many incompatible safety systems, currently used by European railways. This standard (ETCS) is also adopted outside the EU and is considered to be an option, for worldwide applications.

Railway signalling system
Credit: wikiwand.com

ERTM S uses GSM-R (or GSM for Railway) as the international wireless communications standard for railway communication and applications. GSM-R is typically implemented using dedicated base stations close to the railway, with tunnel coverage effected using directional antennae or ‘leaky’ feeder transmission.

Cyber and Railway signalling systems

Until recently, the operation of railway signalling systems has been considered to be performed using closed networks, and this was the base assumption for the safety of the signalling systems.

Recently, these systems are getting more and more centralized and integrated, thus the assumption that the signalling system is operated within closed networks, is no longer sustainable.

At the same time, railway signalling systems have become more and more IT-based, providing functionality that does not only use dedicated computers and hardware but instead uses regular computers and COTS (Commercial off-the-shelf) components, which are more vulnerable to cyber threats. In addition, we see the increased use of networked control and automation systems that can be accessed remotely via public and private networks.

All these “cyber threats” are requiring new measures and efforts in order to ensure the integrity and safety of the railway system.

Some recent examples regarding Cyber-attacks on Railway systems include:
1. Intrusion into the Lodz tram point control system (2009).
2. De-activating the ticketing system in San Francisco´s public transport system (MUNI, 2016).
3. The so-called “Wannacry” attack in May 2017, which infected more than 200,000 computers worldwide, including passenger information screens at railway stations.

An information monitor at a German train station displays the ransomware message Credit: @Zeichen Taten/Twitter

Conclusions & Recommendations

As was described in this article, and shown in recent attacks, railway systems are becoming much more vulnerable to cyber-attacks.

Access to these systems can be gained remotely, via the Internet or the GSM-R channel, through direct contact with the signalling system infrastructure, or by an insider threat.
Successful cyber-attacks in Railway signalling systems could result in:

1. Threats to people safety
2. Disruption to the rail network and services
3. Economic loss to rail operators, suppliers, or the wider economy
4. Reputation damage to rail companies
5. Loss of commercial or sensitive information (Credit card or personal data etc.)

A good cyber defense plan for railway companies should consider the following:
– Develop strong governance for cybersecurity in the organization.
– Managing and monitoring systems and procedures, to ensure early warning of a cyber-attack.
– Decrease the likelihood of an attack through a multi-layered design and robust operational and maintenance procedures.
– The ability to investigate the attack, after it accrued.
– Force railway suppliers to develop signalling systems that are cyber secured “by design”.

Would you like to learn more?

Continue Exploring

Blog

The Effect of High Gas Prices on Rail Cybersecurity

August 10, 2022
Blog

Conversations With Industry Experts: Antonio Lopez, General Manager of HIT Rail

June 08, 2022
Blog

3 Steps to ‘Harden Railway Cyber Defenses’

April 14, 2022