Railway systems were traditionally not the open access systems as they are today. Although new technologies are applied, the railway industry has not kept up with these developments and many players involved believe they are not affected by the cyber security threats that have come along. 

Lovan Pushparatnam has an important message to the industry. As a board member of the French intelligent transport systems association (ATEC-ITS), he has contributed to a paper stressing the importance of cyber security in railway systems. He will be discussing this paper at the Intelligent Rail Summit, to be held in Vienna from November 28-30.

Awareness

“It is not a technical paper, the expert explains. “Rather, it is a paper for railway managers, stressing the risks they face. These risks are everywhere and therefore, cyber security measures must be implemented at all levels and with any changes made.” Pushparatnam names the ticketing system, but also the equipment area, or communication system as examples of vulnerable areas that may be left without protection. “These places are not just vulnerable to intentional hackers, but also to the unaware employee who uses his personal computer one day and unwittingly downloads a virus.

“Understanding of these threats is developing very slowly. We aim to point out the importance of prevention and encourage all stakeholders to incorporate the security policy into their relevant processes, ensuring security requirements are cascaded down into all contracts not just for technical design of equipment and systems but also for test and commissioning.”

Prevention

According to Pushparatnam, there are three types of hackers: the teenager in his bedroom, getting a thrill out of creating havoc; the cyber criminal that creates distortion to demand money from the railway operator afterwards; and state-sponsored hackers that operate with political motives.

Preventing a system from falling prey to cyber attacks is not just a matter of inserting a USB stick, says Pushparatnam. “However, it is not rocket science either. It is quite simple to block access to a certain system and with that, vulnerability has decreased significantly. The risk remaining is that of the highly sophisticated cyber attack; when it comes to these kind of attacks very little protection can be done.”

Background

Since joining British Rail in 1994, Lovan has spent his career in transport systems engineering, specialising in radio systems. He works for SYSTRA in France since 2006, where he is director of the Tramway Systems and Telecoms Department. He is a Chartered Engineer and an Honorary Senior Research Fellow at the University of Birmingham (UK).

In 2017 he was elected to the board of the French intelligent transport systems association (ATEC-ITS). Bringing together various stakeholders including transport authorities, road and public transport operators, car manufacturers and consultancies, ATEC-ITS aims to inform debate and help formulate policy in intelligent mobility.

Intelligent Rail Summit 2017

On 28-30 November the Intelligent Rail Summit 2017 will take place at the Infocenter of Wiener Linien, Vienna, Austria. High level expert speakers will share the latest research on Automatic Train Operation and Cyber Security in Rail, amongst them is Lovan Pushparatnam. You find more information about this event on the conference website.