Train cyberattaque

The British rail network came under attack from hackers 4 times in 2015. Although the attacks are said to have been purely exploratory in nature, the consequences could have been dramatic both for the company and for the passengers.

This surge in malicious acts in the space of a year can be said to be symptomatic of the security flaws that can be seen in the British rail network. Darktrace, the private cybersecurity company that manages the majority of the UK’s network, encourages us to «  be prepared » as attacks are inevitable. At a time when rail networks are growing and becoming increasingly automated, cyber security must be at the center of development.

Rail networks vulnerable to attacks

SCADA StrangeLove, a group of cybersecurity researchers, have demonstrated the flaws in a certain number of the components that make up the so-called « smart » trains.

One fault may result in multiple attacks

Their operation shows how intruders can use a single flaw to access all components on a train. European trains are controlled by the SIBAS system. Although this system is deemed safe, the WinAC RTX controller, one of the SIBAS’ components made by Siemens, is said to be a security vulnerability. Breeches in the different systems make the computers controlling the trains extremely exposed. Another example of a potential system under threat is the CBI, that enables a train to start its journey correctly and to avoid collisions.
SIM-GSM cards are another component questioned by SCADA StrangeLove researchers. These cards are used to geo-position trains. However, the cards can suffer from connection breakdowns leaving the train to its own devices, with minimum protection, and prone to mobile attacks on its modem.

Human risk

SCADA StrangeLove research also sheds a light on another important factor; integrating human factors into risk assessments. Many train drivers use the factory default SIM-GSM PIN code: 1234, leaving the door open to uninvited guests. Rail networks staff may infect the entire network without their knowledge, unaware of the fact that they are carrying and spreading viruses such as « Trojan Horses ».

The consequences of these faults in train cybersecurity can have legal, financial and human implications for a business that is poorly prepared for this type of malicious act.

Cyber security on trains: an anticipatory protection

Even if most rail networks continue to employ train drivers to mitigate some failures, many operations are now automated and remotely controlled by computers.

Increasingly automated systems

The automated train operation (ATO) is combined with the automated train control (ATC) system. Together these systems regulate traffic, provide automated guideways and manage daily train activity planning. There are 5 grades of automation for trains ranging from a tram navigating through a town with little automation, to train lines that are completely automated and operating without drivers. It is in cases such as these that cybersecurity plays an essential role in enabling companies to avoid devastating tragedies and losses.
Beyond the theft of user’s personal data or sensitive information about a company, intruders in the IT network can take over trains and railway lines. Malicious acts could result in tragic accidents with fatal consequences.

Consequences which are difficult to overcome

A company’s reputation will suffer as a result any incident: revealing a fault in a train’s security system will inevitably cause passengers to lose confidence. But consequences will also be important for a company at a judicial level. A company’s criminal and/or civil liability may be invoked in court in the case of an incident brought on by an attack. This may be initiated  by the government or employees and passengers who feel that they have been damaged by the incident.

Attacks against a modern train’s components constantly challenges cybersecurity. Attackers can exploit even the slightest flaws that can be found in IT systems. With an attack lasting just a few seconds, a poorly prepared company that is unable to address the problem can expect to suffer for a long time.

Railway services still have a bright future  — market projections show that train travel will continue to increase over the next 6+ years! This increase is consistent with growth in urban living. Trains will become more and more automated just as Paris Metro Line 14 and Lyon Metro D-line have done.  However, automation does not only apply to operating trains, but also to payment management, train station security , etc. And, as a consequence, automation will result in increased risk due to flaws and breaches in train security systems. To combat this, it is of vital importance that companies integrate cybersecurity into their modernization processes to better anticipate and manage the threat of intrusion.