Top-5 Cybersecurity Challenges Rail Operators Face in 2022
By Miki Shifman, CTO, Cylus
As the rail industry becomes increasingly digital and connected, cyber threats are growing rapidly. The number of viable pathways for breaches and cyber threats on rail systems is growing rapidly.
With cyber-attacks against rail systems doubling themselves every year over the past five years, resulting in millions of Euros in estimated losses, rail engineering teams now face a broad and complex attack surface.
Rail operators must therefore adopt new solutions to defend their networks against these new challenges.
Here are five of the top cybersecurity challenges rail operators are facing in 2022.
Rail operational systems are difficult to patch due to safety constraints, which make them prone to common vulnerabilities
Rail systems nowadays include off-the-shelf components such as Windows-based machines and Unix-based servers that are in widespread use. Those systems are exposed to many known common vulnerabilities and require periodic patching and software updates to maintain a secure state, which is impossible by the nature of safety in rail. As a result, those components typically remain unpatched and pose a severe risk.
Insecure connections between rail safety-critical systems and support systems
Railway applications require connectivity between systems with different safety levels. A good example would be the link between CBTC zone controllers, Traffic Management Systems (TMS) to Interlocking systems for dispatching and continuous monitoring of train movement. Typically, these implementations lack proper security measures, thus exposing the critical systems to penetration from unprotected networks.
Train control is based on train-to-ground wireless communications, and therefore air gap does not exist
Wireless train-to-ground communication is used to perform train control, instead of relying only on visual signals. Most of the wireless technologies used in rail are using outdated encryption techniques, and are potentially vulnerable to a wide array of risks that can lead to spoofing of malicious commands, disruption and train hijacking.
Most IT/OT security measures are ineffective in rail environments and lead to poor ROI
Rail operators that try to use IT or even OT security solutions in their environment, quickly realize that they cannot deliver real security value. Those safeguards are not enough due to the widespread use of proprietary, rail industry-specific communications (over 80% of all traffic). Installing tools that haven’t been intended in rail, often result in massive hidden costs in the form of expensive safety approvals, and long manual work that should be done in order to tune them from scratch.
Safety is in the DNA of the rail industry. Security is still not
The long lifecycle of rail systems, which is sometimes over 30 years, means that in any given point, the vast majority of the rail systems in the world has been deployed in times with less cyber awareness. In addition, the mindset in building rail systems is inclined toward safety, but security is still not part of the default DNA when building a rail system. As a result, you cannot make any assumptions about the system's security, unless you have explicitly tested it - in both your existing and future systems.
Ready to tackle your rail cybersecurity challenges? Feel free to learn more about how Cylus can help here.