Cybersecurity for rail systems – how to maintain it in the digital age
Although in fairly moderate steps, the rail industry is moving towards the digital age without a return ticket. What does rail need, to be comprehensively secured on the verge of the digital age?
Modern dispatch systems, connected platform devices, and advanced passenger services have already become the familiar basis of today’s railway world. The main marker of the revolutionary shift of the industry to “digital rails” is the widespread introduction of CBTC, ETSC, PTC, and other digital-based signalling systems. It indicates dramatic changes to the approach to the organization of signalling, revealing digital thinking first. We are already talking with certainty about the digital approach to maintenance, namely IoT-based Predictive Maintenance, and the integral place of rail mode in the smart cities environment. This sounds promising, however, the more extensive the digital network is, the more risks naturally appear. It feels like this is still underestimated. Feels like this is still underestimated.
Consolidated rail systems involve multiple subsystems, which contribute to the seamless operation and safety of rail transportation. In the meantime, its interconnected nature provides an expanded attack surface due to increased access points within a network. Such threads concern not only the Wi-Fi onboard but also mission-critical & safety-critical systems. Does the rail strive to “enter the stratosphere” without a protective suit, or is the scale of cyber risks a gross exaggeration here? What does rail need, to be comprehensively secured on the verge of the digital age? Read on to successfully adopt the world experience of OT and IoT systems’ security into rail. Fortunately, there is something to adopt.
Cyber risks in rail systems – Where are they hidden?
The infamous case of Network Rail is still widely known when more than 146 million data records were leaked due to the vulnerability of the station’s Wi-Fi. Another notorious case occurred in Denmark when a cyber attack on a cloud provider forced trains to stop for several hours. These and other cases often result from the design approach using standardized hardware with an open platform and off-the-shelf components. Most often, cyberattacks are expressed in the interception of information, changing critical instructions, reconfiguring rail systems, transmitting false data, and taking the form of DoS, man-in-the-middle, and unauthorized access points.
Unfortunately, the number of such cases is only expected to increase as modern train control systems are introduced. However, it can happen only if the digitalisation pace will outrun cybersecurity development. Having different architectures, modern signalling systems, traffic control systems, and supervision systems, and their components are built on similar principles and technologies that allow security teams to identify common vulnerabilities and establish risk mitigation approaches. The most vulnerable points here are train-ground communication, dispatch systems and on-board & passenger systems.
How to secure rail systems
There are still no unified comprehensive requirements for rail cybersecurity solutions, but various standards describing security frameworks help improve the network. Thus, the NIST Cybersecurity Framework (NIST CSF) offers best practices for managing cyberattacks, including prevention, detection, and recovery after the attack. ISO 27001 achieves the same goal by prescribing various control options. The requirements necessary to ensure secure communications are also outlined in the EN 50159 standard. Security engineers often refer to ISA99/IEC 62443, which defines cybersecurity in control systems. Modern railways are already a full-fledged IoT ecosystem that has to be protected accordingly.
The best practice here is to apply standards comprehensively. We need to ensure that the settings regarding network risks remain unchanged. Every layer of the rail architecture must be protected on a multi-level basis, and each connection must be secure. Read below how to implement it.
Train-to-Ground communication security
The increased security needs for such communication is beyond doubt since critical information such as ATP data, authorities and restrictions, or interconnected communications is transmitted through it. Modern transponders provide wireless communication, which is not secured by default, despite the wide use of custom protocols. The vulnerability of wireless communication is revealed in the fact that the signal travels beyond the communication areas. Moreover, rail networks often use outdated protocols, such as GSM-R, which involve outdated security standards.
To secure such vulnerable communication, the main focus in modern signalling systems protection should be put on data encryption. Ready-made cyber protection solutions can provide this feature, but they are unlikely to take into account the individual requests of the railways. As a result, the system can suffer from false positives, which can be costly for the railway. Also, off-the-shelf solutions are not so reliable, since you cannot control their updates. For the best possible outcome, critical communication should be custom-secured.
Key management systems have proven themselves as a reliable encryption and safe data transfer method. By involving external service, it generates and distributes cryptographic keys between railway assets when transmitting messages, which allows you to verify the recipient and sender. This is possible thanks to a third-party Certification Authority (CA) authenticator, which guarantees the relevance and security of the keys. It is crucial to ensure this when deploying or upgrading rail systems. The key point is to ensure that dynamic information is transmitted seamlessly, since any delay can endanger the system, providing the attacker with more time to enter and navigate rail systems.
Securing dispatching rail systems
Monitoring and management software is deployed at multiple locations, be it a control room where all signalling operations are transparent, or a dispatching point to monitor a station or asset locally from a laptop. Management software can provide control over interlockings, switches, crossing gates, and other critical assets. This means that any rail system, be it a Traffic Control System or the asset network under the Predictive Maintenance approach, must obey the cybersecurity rules and practices adopted for network IT systems.
Access control is critical here. Only designated dispatchers or administrators should have access to the critical data and change network settings, which has to be verified by the system. Several aspects are essential here. First, by implementing multi-factor authentication (MFA) you build additional “security shields” preventing unauthorized access. Second, as we described in the paragraph about data encryption, an external independent component for authenticating all parties of the interaction is the most reliable validator of both users and services. A method of full-duplex authentication provides complicated security around the enterprise environment. Thus, you should configure secure access to all applications that generate, store, and transmit rail data.
Onboard security & passenger systems
Services that facilitate passenger transportation significantly increase public loyalty, but the data leakage severely undermines trust in the rail. Having onboard things connected via the Wi-Fi is handy, but it also gives attackers direct access to the train’s control system. Since passenger services and controls are often connected over the same network, it appears possible to hack not only the temperature setup but also the brake assurance or door control.
The critical thing here is to provide physical and electronic separation of networks, as well as the isolation of access points. Traffic segregation is vital to ensure that passengers and critical assets are not connected through the same channels. It also enables improved analysis of network traffic and rapid detection of risks and threats. Firewalls have proven themselves as reliable solutions, as well as unidirectional security gateways. The point is that every cybersecurity solution for rail is advisable to be customized for unprecedented security levels. Having all this considered, we provide reliable multi-level rail network protection and ultimate passenger experience.
Final thoughts on cybersecurity for rail systems
- To continue the introduction of the digital age into railways at an acceptable pace, the issue of cybersecurity must be placed on par with the issue of safety-critical systems. Otherwise, the increase in the number of hacker attacks will not take long.
- It’s essential to focus on all the digital components of rail systems, be it signalling, dispatching, onboard, or passenger services. Each component involves custom solutions, but the approach for rail cybersecurity has to be comprehensive through its cohesive nature.
- The challenge for rail cybersecurity is to ensure that the measures taken do not compromise the safety, reliability, and performance of rail transportation.
- Rail cybersecurity can be approached as IoT ecosystems cybersecurity, considering enhanced requirements for connectivity protection.
Guest author Julia Seredovich, Business Operations Manager at Professional Software Associates, provides companies with expertise in the signal design of electrical interlocking, microprocessors and relay-processor systems.
The conference program of the 15th edition of RailTech Europe, which takes place in Utrecht, Netherlands on 6 and 7 March 2024, will host a range of discussions on innovations, services and products that have a huge impact on the future rail infrastructure. A special focus will be on cybersecurity and digitalisation in Session 2 of the conference. You can learn more about the conference program here and register here.