Defending Railway Signalling Systems Against Cyber Attacks

In this article, I will try to share some of my thoughts and insights about developing fit-for-purpose railway-specific cyber security solutions that can eliminate or minimize the cyber threat in signalling systems, and why this is the time to act.

This was my second year in a row speaking at the 4th annual Rail Cyber Security Summit – last year as the CISO of Israel Railways, and this year as the Director of Business Development at Cervello – participating this year as the Summit’s Co-Sponsors alongside Siemens. I was very impressed to see that most of the major railway manufacturers and operators decided to send high-level management representatives. We had the opportunity to meet new and existing colleagues, share knowledge and present our solution to protect railways against cyber attacks.

One of the speakers, I decided I would not just talk about technology and solutions this year. Instead, I would share my thoughts that it is time to take actual action to protect rail critical systems from cyberattacks. The railway infrastructures are changing and evolving into an all-new connected era.

New, computerized, connected, collaborative and intelligent systems are integrated deep inside this unique industry to enable it to be much more advanced in fields of predictive maintenance, customer service, punctuality, and more. As a result, they pose more opportunities for cyber-criminals and terrorists to attack such critical systems.

With billions of passengers/kilometers per year, the railway industry is one of the major assets in any country’s transportation system across the globe. Until recently, this industry was considered to be safe regarding cyber threats due to the fact it relied on proprietary, segregated networks, with very specific commands and protocols for the signalling systems and networks.

This assumption is not sustainable anymore due to the following reasons:
1. Signalling systems have become more IT-based with functionalities that use not only dedicated computers and hardware but also ordinary computers and COTS (commercial off-the-shelf) components that are more vulnerable to cyber threats.
2. There is increased use of network control and automation systems that could be accessed remotely via public and private networks.
3. Deployment of ETCS, which is the control component of the European Rail Traffic Management System (ERTMS), which uses GSM-R links to transfer lineside data to the cab/locomotive as part of automatic train operation.

During the years, I’ve been in many cybersecurity events for the rail domain, both as a speaker and as an attendee. I’ve heard and participated in professional panels, read countless articles and posts, and even wrote some of my own. But lately, I have the feeling that we need to do more, that I should do more. Most of the people we know and care about use trains every single day – our friends, our colleagues, and our families.

I can’t let go of the thought that every day that goes by, and no one handles this important issue, catastrophic incidents due to a cyber attack are becoming more likely, and this makes me extremely worried.

It’s a known fact at this point in time, that most of the railway operators tackle mainly their IT environments, while the signalling systems are left without any cyber detection capabilities at all – meaning they are a complete blind spot. I have no doubt that in order to defend those critical systems we must first eliminate this blind spot.

To do so, as Israel Railways’ CISO, I’ve examined many cyber solutions that were designed to monitor standard IT systems and OT networks. Unfortunately, none of them were fit to monitor the rail signalling systems and produce the desired cyber insights and alerts of attacks when and before they occur. This led me to the conclusion that to properly protect rail signalling systems, a railway-specific system should be developed.

After extensive and long research, I have no doubt that only solutions with the characteristics listed below, will have the chance to be adopted/tested in this traditional unique industry in order to make the necessary change to face the upcoming threats.

1. Railway-specific technology
2. Seamless integration & deployment
3. Minimum false-positives
4. Non-intrusive

Furthermore, because of the special characteristics of this industry, integrating cyber defense solutions require a step-by-step approach and should include the following steps before going live:
1. Cyber survey map the operator’s critical assets to be protected
2. Learning process understand the operator’s critical network and special characteristics
3. Offline POC (Proof of Concept) – an offline installation of the cyber defense solution and the use of recorded data from the operator’s network
4. Connection to a test environment – a live unidirectional connection to the operator’s test environment or lab equipment/resources
5. Connection to a production environment – in a unidirectional way (the usage of diodes can be evaluated)
6. SIEM – an optional step, as some operators could ask to integrate the signalling cyber security solution in their existing SIEM/SOC

As shown, developing and integrating cyber security solutions for the railway industry is a challenging task, but nevertheless – it is a possible and important task. One of the first things I’ve learned during my time as a CISO is that we are not only responsible to protect systems and technologies – we are also responsible for public safety!

This is why at Cervello we set our mission to protect global railway operations and passengers by offering a solution that secures all connected rail & metro signalling systems against cyber attacks. With a team that brings decades of experience in cybersecurity and the rail industry, our unique technology and security services support international standards and protocols to provide the most complete, accurate, effective, and safe cyber defense solutions. Furthermore, we work closely with OEMs and operators to ensure cyber security will be an integral part of any signalling system, without compromising on safety or productivity.

Would you like to learn more?

Continue Exploring

Blog

Conversations With Industry Experts: Antonio Lopez, General Manager of HIT Rail

June 08, 2022
Blog

What is Rail Cybersecurity?

April 29, 2022
Blog

3 Steps to ‘Harden Railway Cyber Defenses’

April 14, 2022