Consulting

Consulting

×

Defending Railway Networks in the Digital Era

UK digital 1

Introduction

As railway industry change accelerates through digital transformation, the introduction and integration of advanced technologies presents a variety of opportunities, but also unprecedented challenges. Among these challenges, cyber security emerges as a paramount concern.

Rail Infrastructure Maintainers (RIMS) have a wealth of experience managing railway assets, however the constantly evolving world of cyber security introduces a new dimension to conventional railway management. Cyber security may appear complex, however with expert advice these matters can be refined into simple concepts that enable RIMs to understand what is required to better protect their assets.

In November 2023, a large-scale cyber-attack heavily affected operations of DP World, the largest port operator in Australia, responsible for handling around 40% of the countries imports and exports. The breach occurred due to a lapse in applying security patches, exploited through an internet connection. This resulted in a widespread data leak and significant interruptions to shipments. This incident is just one example of how cyber-attacks and security breaches today are a question of "when", not "if".

With the ever-growing list of vulnerabilities – such as the interconnection of IT (Information Techology) and OT (Operational Technology) systems, reliance on legacy equipment, and the proliferation of IoT (Internet of Things) devices - the railway network faces increasing potential exposure to cyber threats. However, there are a range of proactive and effective solutions available that can significantly strengthen cyber resilience and help safeguard our railway networks.

Information Technology / Operational Technology Convergence

Over the previous decade, there has been a variety of successful cyber security attacks launched on the railways globally. These attacks ranged from mild impacts on business operations such as the 2020 India Infrastructure Hack to major operational delays for the Swedish Public Transport Authority in 2021.

A key similarity between many successful attacks carried out today is the convergence of IT and OT environments. Without adequate protections in place, the attacks can have a detrimental real-world impact. Within the railway industry , there is often an unavoidable need for internet connectivity for systems such as ticketing systems and train timetabling, and therefore a heavy reliance on technical controls.

Convergence of IT and OT environments has become necessary in some applications, but this should be implemented securely. A method for achieving balance between efficiency and security is to implement a comprehensive suite of risk assessments against international standards, this will better inform the level of cyber security controls required. Converged IT and OT networks, while interconnected, should also be segmented. Firewalls, access control mechanisms, and best-practice segmentation methods should be leveraged to ensure that, in the case of a breach, core components of the railway system have a lower likelihood of being compromised.

Legacy Equipment

Due to the critical nature of the railway and the intended lifespan of the core supporting system components, a large proportion of equipment currently deployed in our railways is past it’s End of Life (EOL), and often not receiving the software patches that include security updates to resolve known vulnerabilities. There are many reasons why this issue is common in railway infrastructures around the world, including:

  • The "type-approval" of individual systems making changes to the system configuration difficult;
  • Inaccessibility of devices for upgrade (due to criticality and low tolerance for outage);
  • Complexity of integration; and
  • Cost.

Legacy equipment presents several challenges in the railway environment however; several solutions can help to mitigate the risks while maintaining normal operation. One of the most effective solutions at the disposal of the rail operator is the use of a robust security patching regime, to ensure oversight of any vulnerabilities that are applicable to the system, and application of the appropriate security fix.

Internet of Things

The railway has not been excluded from the proliferation of Internet of Things (IoT) devices within the modern world. Today we see a variety of devices that are now interconnected, these include sensors, relays, axle counters, points, probes, and Programmable Logic Controllers (PLCs).

Devices that were previously mechanically or electro-mechanically controlled, are now being integrated into Supervisory Control And Data Acquisition (SCADA) and Industrial and Automated Control Systems (IACS). This merger of individual devices into an overarching control system can be useful and efficient for railway operators, but the risks of interconnecting such devices should be considered.

Due to the high cost and low perceived likelihood of attack, it is common for "simple" devices which complete a single operation (e.g. a PLC), to not receive additional cyber security controls such as encryption, authentication, and secure update mechanisms.

An effective solution to mitigate risks introduced by unsecure IoT devices is to segment the control system into Zones and Conduits, grouping assets based on their criticality and level of risk. This approach to segmentation is supported across a variety of cyber security standards. Segmentation of a control system network can support the effective implementation of further controls such as firewalls and IDS (Intrusion-Detection Systems). Broader solutions to combat some of the typical threats faced today include the integration into a Security Incident and Event Management (SIEM) system. These intelligent systems can provide a variety of services including live threat detection, event correlation, and system health. This is largely achieved through the aggregation of log data from various connected systems, with the SIEM collecting and managing logs from railway devices such as Radio Block Controllers, Interlockings and Object Controllers.

How We Can Help

There are a variety of existing and emerging cyber threats that face the railway industry today. While these threats are recognised as serious, there are some simple solutions that can be hugely effective when considered at the point of project inception.

Network Rail Consulting’s (NRC) role as the System Integrator on the Digital Systems Program in Central Sydney is an example of how our ability to foresee the changing cyber security landscape, paired with our teams of experts, has resulted in a safer and more secure European Train Control System (ETCS) deployment.

At NRC, we have a diverse skillset and real-world experience to support and improve security on your railways. For more details on our technical services and how we can help, visit www.networkrailconsulting.com/regional-focus/australia/contact-us to contact a member of the team.

Rakesh Bhogal
Associate Director, Systems Engineering & Integration (Information & Cyber)
Network Rail Consulting

Back