“The coronation ceremony for King Charles on Saturday will be the most glorious display of pageantry seen in Britain for a generation and will provide an economic boost to the nation,” its organizer and Buckingham Palace have said.
This Saturday, May 6, millions of people are due to arrive in London to watch the Coronation, far more than the 2,200+ dignitaries from 203 countries – including more than 100 heads of state, who are formally invited “inside.” As much of London will be closed to private vehicles, the Tube and railway trains will be the primary mode of transportation for the general public.
While the ceremony itself is estimated to cost $120 million, security expenses are estimated to range even higher – from $180 million to double at $300 million. That fee covers “boots on the ground” – police personnel, private security, etc. and does not consider the massive technical security infrastructure.
As global international “celebrities,” the Royal Family itself has been the target of threats in the past. For example, in 2017, Israeli company Sixgill discovered ISIS threats on Telegram toward Prince George.
Britain’s infrastructure has also been a common attack target. In January, the Royal Mail faced ransomware from Russian hackers. Last August, the NHS was attacked as well.
It isn’t farfetched to consider that threat actors will take advantage of the volume of railway traffic this weekend to make their own appearances.
The Rail Cybersecurity Risks Surrounding King Charles’ May 6 Coronation Weekend
The London Underground, the Tube, has 11 lines and 270 stations, handling up to five million passengers per day, with more than 543 trains running simultaneously. On a “normal” day, more than 600,000 people arrive in London through the National Rail, which connects through 10+ stations in Greater London.
The infrastructure of a typical rail network provides ample touchpoints for disruption – signaling, networks, telecommunications, and rolling stock can all be attacked; vulnerabilities are inherent to rail connectivity due to the extensive volume of IT, OT, and IoT devices.
Attacks can occur anywhere:
- Operational Layers
- The rail traffic management systems, enable management and control over the entire infrastructure and operations.
- Safety Layers
- The physical and digital safety layer for train protection and remote control.
- Element Control Layers
- The communication message transport layer connects the safety layer to the field elements, such as radio, optical fiber, copper cable, or cellular.
- Field Elements Layers
- The endpoint/edge components of the railway, such as signal heads, axle counters, level crossings, balises, and so on.
Some attacks against rail networks can lead to simple disruptions – delays, theft of passenger or freight information, informational confusion on timetable screens, etc. The main issue for rails, though, is that a single attack may cause major loss of life; a disruption to signaling can lead to a collision resulting in a mass-casualty event.
That’s one reason the rail industry is increasing its focus on becoming more cyber-aware. Direct attacks are increasing, as well. In November, Denmark’s rail service was disrupted. Russia is attacking Ukrainian railways to disrupt supplies.
Government regulators are also putting railways on notice. Regulations such as ENISA and NIS in Europe and TSA Directives in the United States require railways to strengthen cybersecurity.
What makes rail cybersecurity different from “traditional” cybersecurity is that each type of attack can have a different operational impact, so automated risk prioritization is critical. Furthermore, the entire rail network needs to be covered in one railway cybersecurity platform – IT, OT, IoT, signaling, rolling stock, and legacy assets – to ensure operational and business continuity.
Safe and reliable Tube travel is the norm – until it isn’t. The coronation is an attractive time for threat actors to demonstrate their capacities for interruption and destruction, and the rail systems need to be prepared.