Cervello CEO explains the importance of cyber-security for the future of rail
In this interview, Cervello co-founder and CEO Roie Onn shares his perspective on the challenges of cyber-securing the rail industry and the importance of utilising railway-specific technologies that are developed by cyber-security experts with proven rail experience.
What do you consider the biggest cyber-security challenges to be that the railway sector is currently facing?
Despite the advanced automation and digital services, the rail sector is still behind other industries in terms of cyber-security implementation and this is creating more and more challenges. Within the railway network, several systems are responsible for different aspects of the day-to-day operation, and all should be eventually cyber secure.
Outstanding from all, signalling systems should be addressed with the highest priority because of their critical role for rail safety, operation and reliable control of the fleet. The challenge of cyber-securing this segment of systems is probably the biggest challenge for the railway industry due to the following reasons:
- The constantly increasing number of attack vectors as a result of new, computerised, connected, collaborative systems and IoT devices integrated into one flat network
- The combination of various vulnerabilities due to many COTS (commercial-of-the-shelf) components and products, including systems that may be accessed remotely for services and support procedures
- The distributed architecture of the network, the high degree of integration between IT and OT, and the diversity of supply chain and technology – all make it difficult integrating safety and cyber-security
- There are typically long lifecycles of equipment and certification procedures.
Connectivity is a game-changer for the railway industry; how does Cervello’s cyber-security mission fit in with this understanding?
The new age of connected railway systems enables this fast-growing industry to offer new services and technologies to its customers – including on-board Wi-Fi, modern passenger information systems, advanced entertainment systems, predictive maintenance capabilities, improved punctuality, increased on track capacity and more. This connected era exposes railway critical infrastructures to the outside world, and with it, to a completely new landscape of cross-system internal and external cyber-threats.
At Cervello we understand that adding cyber-security solutions to railway signalling infrastructures requires the right strategy and understanding of the threat landscape, as each security challenge requires its own attention and solution. We offer our clients and partners solutions based on our core technology platform (patent pending), fortified by our unique approach, to proactively detect malicious activity that may lead to a significant cyber incident, regardless of the connectivity level of the system. This means that operators can upgrade their legacy systems to new and interconnected technologies, and at the same time, use our cutting-edge technology to detect any hostile activity within.
In what ways does Cervello work with OEMs and railway operators to understand their requirements and can you build bespoke solutions?
For operational and business reasons, the market expectation is to have cyber-security provided by design in rail critical systems. Engaging with OEMs in R&D and testing activities, our team works closely with key vendors to ensure cyber-security is an integral part of signalling systems provided both in current and future tenders. We are investing in constantly fitting our products to the industry’s technological and safety requirements, contributing to shaping global standards as well as demonstrating and testing our capabilities.
On that note, we strongly believe in maintaining deep relationships with partners and clients – establishing the trust to merge between existing and new technologies and applying effective modifications in different stages of the signalling systems’ lifecycle. Furthermore, I can share that we’ve already encountered specifications that required adaptations in our design – what also made us better understanding the differentiation in the market among the OEMs. Overall, our solutions are based on a strong core technology basis and fit-for-purpose modules, enabling each of our products to be designed according to specific industry requirements, being in use and developed globally. The fact that rail signalling is a standardised business certainly helps when developing effective cyber-security solutions.
Would you agree that there are different levels of cyber-security preparedness and protection between different railway operators?
Until a few years ago cyber-threats were only a topic of discussion among some industry leading players across the supply chain, today we see that most of the players are aware of such threats – with understanding that they need to take appropriate steps to raise their preparedness and protection levels. Today they realise there are destructive consequences to cyber attacking trains, critical field elements or operational control centres. Moreover, even though the awareness level is rising, we also notice a clear difference in the level of cyber-security preparedness and protection between continents – just like in other sectors.
Nevertheless, if we look at what steps were actually taken, then there are serious gaps between the stakeholders – ranging from those who still just talk about it to those who actually take immediate actions in different aspects. The problem is that many actors who do try to mitigate the threats, often start tackling the problem with the preparedness and protection of IT systems, while leaving their most critical systems – their signalling systems – unprotected behind.
What are the core benefits of Cervello’s platform and what kind of feedback are you receiving from your clients?
Our clients and partners acknowledge that the only way to cyber protect railway signalling systems is to utilise railway-specific technologies that are developed by cyber-security experts with proven rail experience and domain best practices familiarity. This is exactly what we offer at Cervello.
Alongside a unique technology that understands the proprietary protocols, how an operator’s network works and behaves, that one cannot rely only on learning phases with ‘cyber-clear’ assumptions, our platform is built to safely handle cyber events in various rail critical environments. Cervello develops solutions that perfectly fit the signalling systems internal architecture, convenient to deploy and integrate, with top performance in terms of false-positives and network overhead and delivered through a dedicated cyber-security management dashboard.
By constantly working with our clients and partners, we were able to transform their feedback into a comprehensive cyber-security dashboard that gives real-time intelligence, forensics and visibility on the overall fleet cyber condition. Beyond that, we continuously assess vulnerabilities and weaknesses in the signalling architecture, manage the operator’s assets and configuration, and offer an effective response to threats in order to mitigate risks. Eventually, it all comes to the understanding that we are dealing with an industry in which cyber-security is only a small portion of its much bigger picture. Our aim is to contribute to the overall business strategy and the smooth (and safe) daily operation.
How does the Cervello Security Orchestration Analytics and Response (SOAR) Methodology work and what are the benefits?
Most security teams not only face an ever-expanding threat landscape, but also deal with a variety of operational challenges. We see more and more industries taking a holistic approach to streamlining organisational security operations by uniquely combining security orchestration and automation and delivering these capabilities through a complete SOC (Security Operation Centre) workbench. This trend is becoming common among railway companies as well. It helps operators and infrastructure owners resolve cases faster, handle alerts overloads, manage a variety of tools and assets, build consistent processes and playbooks, understand events in greater detail, track, measure and constantly improve their operation. Railways are also a part of the much wider smart city’s infrastructure, therefore its centralised control and integration with parallel systems is crucial. Cervello helps railway response teams create consistent and repeatable cyber-security workflows – supported by flexible automation to streamline incident response processes, on-board new data resources more quickly and retain cross-organisational knowledge. It is part of our strategy to efficiently integrate with other tools and applications of enterprise SIEM/SOCs to provide smarter and faster cyber-security.
To what extent do you think that more industry regulation and legislation is needed around cyber-security to protect our railways further?
Cyber-security regulation and legislation helps to set the directives that safeguard information and operational technology systems with the purpose of forcing end-clients (companies and organisations) to secure themselves from cyber-attacks. The rail industry is already a ‘regulation heavy’ industry due to its use of critical systems, which shows us that it does understand the sensitivity and importance of dealing with public safety. Having said that, it lacks cyber-security directives for that purpose.
Railway cyber-security is as crucial for business as it is for homeland security, hence it must not be considered as a matter of choice. Although regulation and legislation are indeed important, the rail industry needs more actions to be taken, more collaborations and partnerships to be established, and more training for the authorisation of its professionals. Still, railway stakeholders should be aware and comply with leading cyber-security standards (for example ISO27001, NIS Directive, IEC 62443 etc.) so that this safety critical industry will be prepared to effectively handle and mitigate cyber-threats, both now and in the future. Like any other national critical infrastructure, proper regulations and legislations will certainly improve the level of cyber protection, and the sooner, the better.
How did your career path lead you into Co-Founding Cervello and what do you hope Cervello will achieve for rail within the next 10 years?
Throughout my career path I’ve had the luck to be part of some great problem-solving teams, dealing with extremely interesting, sophisticated and fascinating technological challenges in the cyber domain. However, building a successful company was what I was really passionate about, what I wanted to do.
Playing a key role in global transportation, railways are an integral part of our lives. On a daily basis, everyone we know and care about uses them, many businesses rely on them and they keep our world’s busiest cities moving. For that reason, I knew that the cyber-security challenge railways are facing is something I really care about, that it is a mission I truly believe in and that shaping this industry is something I would love to do and strive for every day.
I am lucky to have co-founded Cervello and work with an amazing group of people, all sharing the same passion, values and culture. We spend every day challenging ourselves to provide the most complete, accurate, effective and safe cyber-defence solutions for railways. Within the next 10 years, I hope that Cervello – as a global leader – becomes the standard for railway cyber-security, having our products deployed across different countries to guarantee passenger safety and enable international railways to operate with confidence.
Roie Onn is the Chief Executive Officer and Co-Founder at Cervello, an Israeli railway cyber-security company providing comprehensive and proven solutions to protect railways against cyber-attacks. Roie leads the vision and direction of Cervello, bringing unique technical background that includes extensive experience in cyber-security – specialising in hacking operations, risk assessments, malware analysis and computer forensics. Prior to co-founding Cervello, Roie was a Network Security Specialist at the Israel Security Agency (ISA) cyber division. Previously, he served in the elite technological unit 8200 within the IDF Intelligence Corps as a Security Researcher and Commander of a cyber-security team that was awarded the prestigious Israel Defense Prize. The Cervello team combines cyber-security experts and industry leaders, amongst them the former CISO (Chief Information Security Officer) of the Israeli Railway national operator.