Will your railway stand up to the next cyberattack?

This audio was created using Microsoft Azure Speech Services

Cybersecurity attacks are a major threat to railways’ safety and operations

Cybersecurity attacks can be devastating for railways and metro systems – financially and operationally – and they’re increasing in number of attempts and severity. A study on cybercrime across industries found that attacks are up 67 percent in the last five years with the average cost of cybercrime around $13 million. In some cases, the goal is to disrupt critical infrastructure, while other attacks are financially motivated, such as ransomware, or to gain access to company or consumer data.

Railways that base their cybersecurity plan on IEC 62443 take a “secure by design” approach.

There have already been cybersecurity breaches on railway and metros around the world, including in Denmark, Germany, New York City, and Spain. Even relatively minor attacks can be damaging and affect both railways and passengers. For example, it has taken Philadelphia’s transit authority months to recover from a 2020 malware attack. The consequences included blocking employees’ access to their email and preventing the metro system from sharing real-time information with passengers. A cyberattack on critical infrastructure can be particularly dangerous because it can cause safety issues, such as if digital signaling systems are affected in a breach.

That’s because the modern technologies that make railways safe and reliable also make them a target

All areas of the railways’ business are being digitized, including operations, infrastructure, systems, and technology. Digitization makes rail transportation safer, and more reliable, efficient, and sustainable, and improves passengers’ experience.

The downside is that digitization also introduces cybersecurity risks. There has been a proliferation of cyberattacks on critical infrastructure and railways are vulnerable due a number of factors, including:

  • It increases the number of connected devices being used, which also increases the amount of data being generated.
  • There is a new level of interconnectedness, including connecting processes to the cloud, IT infrastructures, and third-party systems.
  • Digital connectivity on rail transportation, such as Wi-Fi on board, enhances passengers’ travel experience. However, connecting passengers to on-board technology can also lead to security breaches.
  • Employees are responsible for an estimated 88 percent of cybersecurity breaches. These are usually caused inadvertently, such as using poor password protection or downloading a malware-infected attachment. The rise of bring your own device (BYOD) in the workplace also introduces new risks from employees.

However, railways can protect themselves by focusing on the three pillars of cybersecurity

With the right foresight, planning, and protection in place, railways’ cybersecurity concerns are alleviated. That’s because railways know they have the systems in place to prevent and stop an attack. This is possible by basing cybersecurity efforts around the IEC 62443 standard.

IEC 62443 provides a comprehensive framework for cybersecurity that addresses security from initial product development using a secure development lifecycle in which security in considered and evaluated throughout products’ lifecycle. The standard offers a consistent, simplified way to define the level of cybersecurity management and is designed for the secure development of products used in industrial automation and control to provide a systematic set of cybersecurity recommendations.

Railways that base their cybersecurity plan on IEC 62443 take a “secure by design” approach. The efforts focus on these three pillars:

  1. People: Railway employees know and follow good cybersecurity practices to protect assets and prevent breaches.
  2. Processes: Railways benefit from a comprehensive set of best practices, processes, and procedures.
  3. Technology: Railways’ operations, assets, personnel, and passengers are protected by using cybersecure products and software and a cybersecure architecture. 

Here’s an example of how the three pillars improve cybersecurity

A railway control center is one example of how railways that focus on all three of these pillars can become more secure. Control centers are the foundation of railways’ operations. They are the base for monitoring all train activity, directing and dispatching emergency responses, and coordinating services.  Having all of these critical services in one place also makes them a prime target for a cybersecurity attack because an attack could have very serious consequences for safety and railway operations.

Railways can protect their control centers by ensuring employees follow recommended cybersecurity practices, controlling access privileges for workers who can physically or digitally access the center, and spreading awareness of the importance of cybersecurity. Railways manage processes by conducting risk analyses, testing and verifying security, and putting plans into place for preventing and recovering from a breach. And finally, railways use cybersecure technology to detect intrusions and protect from attacks and uphold system integrity.

It starts with employees because railway’s cybersecurity is only as strong as its weakest link

Let’s break this down for a closer look at each of the pillars. Cybersecurity is everyone’s responsibility, and it begins with employees. Railways reduce the risk of an attack or data breach by actively involving staff in cybersecurity improvements and giving them ownership over keeping assets cybersecure. This includes mandatory, ongoing training in cybersecurity best practices as part of a company-wide security culture. Railways must create and enforce formalized standards and guidelines, including basic protocol like password regulations, multifactor identification, incident management actions, and user access controls.

Railways can solve the “people problem” by partnering with cybersecurity experts who provide individualized guidance and advice for boosting security. For examples, railways can gain access to end-user training and collaborative resources, as well as instruction on how to put these policies into place, including what to do in an event of a cyber incident.

Railways must also use established processes and clear procedures to help ensure cybersecurity

Railways must establish robust cybersecurity processes, policies, and clear procedures for addressing emerging vulnerabilities and ensuring railways’ security. This includes actions like making regular threat-risk assessments, implementing a strong patch management system, and conducting information security gap analyses.

Threat and risk analyses identify threats that apply to an operator, their impact, and the probability of these threats. Then railways can identify what level of cybersecurity must be met and define the way forward to reach it, taking into account the initial risk analysis.

By working with cybersecurity vendors to follow IEC 62443 best practices, railways know their information is secure and can have confidence that their processes and equipment are up to date and protected from unauthorized access, such as hackers accessing assets or control systems remotely.

Further peace-of-mind comes with the support of especially advanced vendors like Schneider Electric, who complete rigorous independent IEC 62443-3-3 Security Level 1 certification with TÜV.

Then there is an arsenal of technological tools to bolster railways’ cybersecurity

Using products, services, and solutions with built-in cybersecurity features brings end-to-end protection from cyberattacks. Assets are digitized safely using secure products and software that follow a certified process and a secure network architecture guided by IEC 62443 so products are protected through their entire lifecycle.

For example, a defense in-depth network infrastructure involves a multi-layer, multi-technology, and multi-party strategy taken from a system perspective. Thus, the critical parts of the network will be safe even if an attacker manages to access a part of the operation.

Learn how a railway in Southeast Asia boosted its cybersecurity while updating its power system

A leading rail and transport authority in Southeast Asia recently undertook a project to upgrade its power system and replace its power supply. The goal was to help ensure the traction power supply’s reliability and safety and reduce shutdown time while upgrading the existing system.

Cybersecurity was an important facet of the project because all solutions had to fully comply with the railway’s cybersecurity controls and requirements, as well as meet all government regulatory requirements. This customized solution required a resilient, standards-based strategy and approach.

For example, the railway strengthened its operational technology (OT) network with defense-in-depth strategies, such as ensuring that connected systems are patched close to any known vulnerabilities whenever possible. The strategy also included adding layered protection and practices across the digital system with a “zero trust” cybersecurity architecture in which users have only the necessary access to equipment and applications so that the railway can prevent unauthorized users and detect abnormal access.

Railways can protect themselves from security threats – discover how

Railways and metros must improve their cybersecurity efforts at the same pace they are digitizing. This is only possible using a comprehensive, end-to-end cybersecurity plan that helps ensure railways’ assets are protected using clear and robust processes and an in-depth defense system.

Further peace-of-mind comes with the support of especially advanced vendors like Schneider Electric, who complete rigorous independent IEC 62443-3-3 Security Level 1 certification with TÜV.

To learn more, read our white paper “Securing Operational Technology – Addressing digital risks in business-critical infrastructures.”

Tags: , , , , , , ,