news about us contact us home

• What We Do
  • Market and Opportunity Definition
  • Business and Marketing Strategy
  • Modelling and Policy
  • Interim Management
  • BWCS Conferences
  • The LRIC Model
• Who We Work For
  • Telecommunications
  • Transport
  • Defence and Security
  • Energy and Waste
• Case Studies
• Privacy Policy

News

How is the Cyber Threat Affecting the Rail Industry?

(23 Mar 2017, BWCS Staff)

National governments, all over the world, are now acutely aware of the threat that cyberattacks pose to their country’s infrastructures and are taking steps to protect their citizens.

Many have already introduced new standards and guidelines for both rolling stock and infrastructure; the US has issued an Executive Order for the Enhancement of National Cybersecurity and in the UK, a new, mandatory framework will come into force in May 2018.

Ahead of the introduction of these new regulations, changes are already being seen with more stringent cyber requirements being included in tenders for new trains. Train operators understand that they must comply with the laws but they also see the huge threat to their brand value that would be caused by a successful attack. 

The new cyber guidelines have a common theme, that ‘walls don’t work’. Throughout the industry, there is a tacit admission that the protection of critical assets will need more than just using traditional methods such as firewalls, Virtual Private Networks (VPNs), and authentication.

The layered approach, with active protection is now recognised as the way to protect the core of the systems, especially when the outer layers (firewalls) have been breached. The new standard calls for active protection that will ‘Monitor, Detect, Report and Protect’ (MDRP), which combined with a layered approach to security now offer the best defence when supported by regular auditing.

Vulnerabilities exist within all connected systems; traction systems, train control systems, passenger information systems etc. whilst station infrastructure is also being targeted by hackers. Attacks have already happened on ticket machines, passenger information displays, passenger WiFi systems here in the UK and abroad.

However, providers of these systems face a dilemma; how to provide compliance with the new standards without replacing or adding more hardware? Trains can’t be updated like data centres and have a unique set of requirements that can’t be met with traditional solutions alone.

This can be a major headache for train operators. Robert Brown the Executive Chairman of RazorSecure, a company that specialises in transport cybersecurity, commented that “Since the first BWCS WiFi on Trains Conference a decade ago, the focus has moved from purely putting passenger WiFi on trains to include other applications that can exploit the use of the bandwidth. I predict the next challenge is how do we protect our systems from the new and unfolding threat of aggressive cyber-attacks from some very unsavoury characters”.

As more and more data is received and transmitted to and from trains it is vital that the industry addresses any and all vulnerable areas. These must be examined, assessed and dealt with before someone exploits them.

For example, are we sure that the passenger WiFi is always kept separate from the on-board control systems or are they using the same systems to communicate to the track side, is the trackside infrastructure secure?

Only last month French national train operator SNCF stressed the importance of cybersecurity as a fundamental pillar in its partnership with IBM Watson's internet of things (IoT) platform. The transport company said it will use the cloud-based system to connecting its complete rail services from trains, railroad tracks and stations to gather insights from real-time information on data.

Speaking at the time, SNCF Chief Technology Officer Raphaël Viard stressed that cybersecurity would be at the very heart of the company’s attempt to streamline its operations which span the scheduling, operations and maintenance of a network covering 30,000km of track, 15,000 trains and 3,000 stations in France.

Developments such as these add another layer of complexity to an already vulnerable transport network as well as open new cyber-threats.

Robert from RazorSecure (www.RazorSecure.com), which has recently developed RazorSecure Delta, a purely software-based, MDRP solution, will be attending the WiFi on Trains Conference in June.

 This year’s WiFi on Trains Conference (www.Traincomms2017.com ) hosted by BWCS in London in June, will feature presentations on the launch of WiFi on both DB Regio and DB’s high-speed ICE fleet. The Conference will cover the expanding market for on-board WiFi services as well as the problems of intermittent mobile coverage, proposed trackside solutions and other issues.

For more information please see www.Traincomms2017.com  or contact Ross.Parsons@BWCS.com  .

This year's Train Communications System Conference is sponsored by Icomera (Gold), Nomad Digital (Silver), Fluidmesh (Bronze), 21Net (Cocktails), LetsJoin (Lunch Day 1) and RADWIN (Lunch Day 2).

Situations Vacant?

BWCS is also in touch with a couple of luminaries of the WiFi on Trains world who are currently looking for new challenges, anyone interested in hearing more should contact us at info@BWCS.com .

 

Back