We take our personal safety for granted when travelling by rail, whether it is a daily metro commute or a cross-border journey by high-speed rail. In the context of the millions of kilometers traveled every year, accidents are mercifully rare.
However, even as the rail transport industry moves to embrace the digitalization of systems and operations to improve the physical safety for passengers (among other benefits), a potential new threat is emerging. It inevitably opens the door to risks, threats and the possibility of cyberattacks.
A vulnerable digital future
The future of rail transport is unquestionably digital. Traditional features provided via electromechanical and/or analog electronics are increasingly being implemented with software. Advanced software solutions are allowing operators to have real-time information on train movements and analyze overall performance—reducing costs by streamlining processes while improving efficiency and reliability. From predictive maintenance to automated signaling, and from driverless operation to enhanced passenger experience, digital technology is improving performance and delivering more benefits to authorities, operators and passengers.
The downside of this exciting future is that trains are increasingly relying on complex computer systems. These, like any digital system, can be hacked.
Railway transportation is as susceptible to cyberattacks as any other industry. The risks include:
Every stakeholder in the development of railway systems, including system integrators, service providers and original equipment manufacturers (OEM), has to contribute actively to the resilience of the overall railway system. They also have to ensure that it has the internal organizations, processes, products and solutions to support this.
We need a different approach
Protecting a railway system is different to securing a typical IT infrastructure, since the goal is the safety and reliability of a mass transportation network. We also need to bear in mind practical issues.
For example, the system architecture is distributed across long distances, with a large variety of contexts, from a centralized control room to on-board embedded equipment. Also, the expected duration of the rail system is much longer than the life cycles of the various technologies that go to make up the overall system. It is also necessary to integrate and secure several generations of technologies, each of which has its own security levels.
From the perspective of operational demands, it is impossible to just halt an entire train network’s operation or access an entire fleet at the drop of a hat, to broadcast a new patch, for example.
To address these issues, it is necessary to implement a Secure Development Life Cycle and a vulnerability management process. An initial Cybersecurity Risk Assessment starts with a risk assessment that identifies the main risks and the required mitigations.
During this assessment, we define the context (likelihood of the threat and system vulnerabilities) and allocate mitigations to the system components, finding the right balance of protection level, operational constraints, time-to-market and to deploy, and cost. It is also necessary to harden equipment and services with protective measures against cyber hacking and put in place reliable mechanisms to detect cyber intrusions.
Security Testing and Security Assurance will ensure the correct implementation of the security measures. Rail networks are operating in a changing context and we cannot assume that security measures, once implemented, will be effective for all time. That is why it is essential for a robust vulnerability management process that detects and addresses any vulnerabilities identified in the system’s components. This is the only way to maintain security throughout the life cycle of the rail network.
Security needs to become end-to-end
We must also recognize that cybersecurity goes beyond developing products and solutions. It must also cover other phases such as manufacturing, testing and commissioning, supply chain and installation, and maintenance, which includes the decommissioning and disposal activities at the end of an asset’s useful life. It needs to monitor the evolving threat landscape and new vulnerabilities, while staying compliant with a strong security incident management approach.
The whole cybersecurity philosophy cannot be abstract—it is crucial that the industry hires the right people and trains them well. We need adequate resources to install, administer, operate, and maintain the system. These steps will ensure that security over its complete life cycle while increasing the threat intelligence.
We must give high priority to elements like a companywide cybersecurity handbook that lays out security policies and processes, backed up by regular mandatory training sessions for everyone interacting with the system, operators and maintenance staff alike.
Powering the engine of collective intelligence
Ensuring cybersecurity cannot be the responsibility of one player alone. The whole industry needs to cooperate to address the issue.
When a new system is being implemented, or a legacy one updated, all industry stakeholders need to sit together and agree on the security risk evaluation and the relevant protection target they want to achieve.
We need a common language, methodology and references. Such collaboration should also cover incident and threat sharing. A common view of identified threats and recorded incidents across the industry can help to set priorities and implement relevant measures.
The current work by international standardization committees, such as IEC 62443 for industry, Shift2Rail, and CEN/CENELEC for railways, is heading in the right direction and should be given more support. These groups will deliver results soon.
Laying down the tracks for cross-industry exchange
It can also be helpful to identify existing best practices with industry partners.
A notable example is an agreement by aerospace manufacturer Airbus to introduce the best practices of the air transport industry to the railway operations. The air and rail industries are both engaged in moving large groups of people and subject to the lethal possibility of terrorism.
The cybersecurity co-operation agreement signed with Airbus in 2017 will support a new risk management model for the transport industry, focusing on the codevelopment of new analysis services concerning transport vulnerability and new shared core protection technologies.
In light of society’s vulnerability to cyberattacks, and the particular risks faced by major transport operators, all stakeholders, including passengers, need the reassurance that railway products and services meet the latest cybersecurity and government specifications.
Ling Fang, senior vice president for Asia Pacific at Alstom wrote this article. The views and opinions expressed in this article are those of the author and do not necessarily reflect those of CDOTrends. Photo credit: iStockphoto/Cebas