Critical infrastructure broadly defined refers to assets or systems that are essential for the functioning of society and the safety and security of a population, and where disruption or destruction of this infrastructure would have a significant impact. This includes a nation’s energy supply, for example, but also its transport network.
That not only makes critical infrastructure a particularly attractive target, it also means an attack has the potential to bring about especially devastating consequences.
With increasing digitalisation in every area of society, cyber security is a vital and growing field that companies, infrastructure operators and governments need to embrace. This includes the rail industry.
The industry has acknowledged that cyber threats are real. The convincing stage was 5 years ago. The number of cyber attacks an industry receives every day is in the region of 50,000 – it is constant background noise. So now the rail industry is focused on learning about its vulnerabilities and problems and finding solutions.
And there have been real cases where rail systems have been hacked. Seoul’s subway system that got hacked over the course of several months in 2014. More than 60 employee computers were infected with malware, resulting in data and information leaks. South Korea accused its neighbour to the north of having been behind the attacks.
In January 2008 a teenager used a modified television remote to hack into a Polish tram system, causing four vehicles to derail. The incident injured twelve people.
In December 2011 hackers attacked a railroad in the Pacific Northwest, disrupting railway signals for two days.
What do hackers want?”: “blackmail, extortion… they’re professionals, often it’s state-funded”.The rail industry is incredibly focused on safety; as a cyber hacking threat, an attack on a safety-relevant feature such as a signalling system is much less likely than an attack on a business-relevant feature. There are major barriers to getting into safety-relevant systems. But attacking a business’s IT infrastructure is an area that’s just more familiar to hackers. They can cause disruption and confusion for economic or political gain. Sometimes, as in the Polish case, it’s a kid messing around. The system’s highly interconnected and a hacker mightn’t even realise the knock-on effects he’s causing in such an interconnected system.
“Just think of the disruption to a city and its economy,” If the London Underground stopped running, the whole city would come to a standstill with far-reaching consequences for the economy. It would also cause distrust in public transport, the government and the police.
Vigilance and a quick response make intuitive sense of course and that’s exactly what the suppliers and customers at the Rail Cyber Security Summit came to discuss. The avionics industry or the power industry will have their own processes, solutions and standards. In the rail industry it can often take a long time to get approval to make changes when you have to bear in mind the safety protocols and reliability requirements.
The railway is not a closed network anymore. It’s interconnected. That opens it up to attacks and allows attacks to have further-reaching consequences, intended or not. Vigilance, preparedness, resilience and rapid response plans will keep passengers safe, companies protected and nations and their critical infrastructure secure.