article

Protecting our railways with full-spectrum cyber-security solutions

Posted: 5 March 2018 | | No comments yet

Amir Levintal, CEO, Cylus, discusses how a modern security approach is required to protect the rail network and its customers from the ever-developing cyber-threats…

The ongoing trend1 towards ever-greater urbanisation of the world’s population will continue at a dizzying pace over the coming years, with three in five people projected to live in cities by 20302.

But urbanisation comes with a complex set of challenges. Amongst the most pressing: How to move people around in cities which are rapidly growing larger and more congested. 

Quality transit systems are vital to any metropolis, aiding productivity and fostering social mobility. By 2020, China plans3 to have 60 per cent of its 1.4 billion people living in cities, with high-speed rails linking all cities to at least 500,000 people. In the US, demands for massive new infrastructure investments – including rail and metro systems – are coming from both parties. 

As the world urbanises and the mobility ecosystem adapts, people enjoy a wide range of options for moving from A to B. They can use trains, but also cars, buses, and sometimes even aircraft. In this increasingly competitive landscape, railways must offer commuters trains that move faster, that are more readily available and that provide a quality passenger experience – all without compromising safety. Achieving these ends requires trains to be more connected, harnessing the latest in modern technology.

Indeed, as our automotive mobility is becoming increasingly connected, so are our trains and metros. Increased connectivity will make our railways and metros faster, safer, more efficient, more comfortable and more punctual. But like on our roads, heightened connectivity on our rails makes our trains and metros increasingly vulnerable to highly disruptive and potentially lethal cyber-attacks.

A threat gaining steam

The threat of railway cyber-attacks is hardly new. Ten years ago, a Polish teenager made headlines4 after allegedly hacking into the Lodz tram system, altering tracks and derailing four trams, leading to several passenger injuries but no deaths. Other recent hacks include those reportedly attempted by North Korea5 on South Korea, as well as ones targeting the UK rail system6 and the Deutsche Bahn7, and an ‘inside job’ by a rogue IT administrator8 working for the Canadian Pacific Railway. In December 2011, a railroad in the Pacific Northwest of the United States had its systems hacked9 on two separate days according to a government announcement, disrupting services and delaying train schedules.

As railway systems grow more connected and as hackers grow more sophisticated, these types of attacks will only grow and the fallout could be devastating. In countries where millions rely on their daily commute to get to work, shutdowns of major rail systems in DDOS attacks threaten to cause havoc on local and national economies. Moreover, with more people on the rails, the possibility of physical harm to passengers cannot be ruled out.

Fast-tracking security

Recognising the threat to ever-busier trains in our burgeoning urban environments, with populations increasingly reliant on mass transit for mobility, governments have increased their safety-focused investments. Ahead of the Chinese Lunar New Year, officials there rolled out new artificial intelligence-driven facial recognition glasses for police officers to use when patrolling the railways and other public spaces. Police officials credited10 the glasses in the apprehension of seven major criminal suspects at the East Railway Station in Zhengzhou. The government of India in its latest national budget significantly boosted11 investment in railways, calling passenger safety the government’s ‘highest priority’. Six hundred stations will feature CCTV cameras to promote safety, with cameras also installed in the trains themselves.

But investments in physical security are just one aspect of security. Experts project that cyber-crime will cost12 the world $6 trillion a year by 2021 – a 100 per cent increase since 2015. Governments and railway executives must implement full-spectrum cyber-security solutions to guard against cyber-threats.

Unfortunately, most railway systems were built at a time before cyber-crime posed a threat, making it difficult to integrate incumbent cyber-solutions into legacy railway and metro networks.

Getting railways back on track

How can railway officials prepare for the connected, cyber-age?

First, planners must assess the digital infrastructure upon which the physical railway system relies. Mapping out the connected technologies that power modern rail networks will cultivate a deeper understanding of networks’ specific needs, help identify key vulnerabilities and guide officials as they move toward implementing cyber-security solutions attuned to their needs.

Industry executives and security experts must seek out solutions that factor in the full range of cyber-vulnerabilities, efficiently detect threats and thwart hacks before they endanger economic vitality and passenger safety. And cyber-solutions tailored to railways must provide ongoing risk and threat assessments, updating security protocols just as bad actors themselves seek to constantly improve their weapons and methodologies. 

A matter of necessity

In 1960 — after many of the world’s largest urban railway networks had already been constructed — barely over one-third of the global population was urbanised13. With that figure on pace to reach 60 per cent just two years from now, the billions of people who rely on railways and metros for transport and commerce deserve better than 20th century railway protection amidst 21st century threats.

References

  1. https://data.worldbank.org/indicator/SP.URB.TOTL.IN.ZS
  2. http://www.un.org/en/development/desa/population/publications/pdf/urbanization/the_worlds_cities_in_2016_data_booklet.pdf
  3. https://www.reuters.com/article/us-china-urbanisation/china-plans-investment-and-reform-to-ease-urbanization-drive-idUSBREA2F0O420140316
  4. https://www.theregister.co.uk/2008/01/11/tram_hack/
  5. https://www.reuters.com/article/us-northkorea-southkorea-cyber/north-korea-tried-to-hack-souths-railway-system-spy-agency-idUSKCN0WA0B6
  6. http://www.independent.co.uk/life-style/gadgets-and-tech/uk-rail-network-railways-hacked-four-times-hackers-trains-a7135026.html
  7. http://www.telegraph.co.uk/news/2017/05/13/cyber-attack-hits-german-train-stations-hackers-target-deutsche/
  8. https://www.crowelldatalaw.com/2018/02/former-it-administrator-sentenced-to-prison-for-hacking-canadian-pacific-railway-network/
  9. http://www.nextgov.com/cybersecurity/2012/01/hackers-manipulated-railway-computers-tsa-memo-says/50498/
  10. https://www.wsj.com/articles/chinese-police-go-robocop-with-facial-recognition-glasses-1518004353?mod=e2tw
  11. http://pib.nic.in/newsite/PrintRelease.aspx?relid=176073
  12. https://www.csoonline.com/article/3153707/security/top-5-cybersecurity-facts-figures-and-statistics.html
  13. https://data.worldbank.org/indicator/SP.URB.TOTL.IN.ZS

Biography

Amir LevintalWith a Master’s degree in Electrical Engineering from Tel-Aviv University, Amir Levintal is the CEO and co-Founder of Cylus, an Israeli start-up offering military-grade cyber-solutions to protect connected railways and their passengers. Previously, Amir served as a Director of the Cyber R&D Division of the Israel Defense Force’s Elite Technological Unit. With over 20 years of management and cyber-defence experience, Amir has lead highly skilled teams in the development of complex cyber-security, software and hardware projects.

Related organisations

Related people

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.