Experts Respond To Railway Hacking Risk

Apr 24, 2015

Following the news that digital upgrades are placing the UK’s rail network at risk from hacking, a number of security experts have commented on the issue.

Professor David Stupples, a networked electronic and radio systems experts from the City University London, believes that terrorists and other cyber criminals could cause massive disruptions or serious accidents.

According to David Flower, managing director EMEA at security firm Bit9 and Carbon Black, Network Rail must have security deployed on each and every signalling device rather than relying on network security alone.

“New, digital technologies are being ushered in to replace and optimise legacy systems everywhere you look. As technological innovation gathers momentum, so too will this trend, so it’s no surprise to see that Network Rail is looking at ways in which it can improve its own infrastructure by going digital,” claimed Flower.

“However, there is of course an inherent risk that such a system could be exposed to attack from malicious cybercriminals. The examples brought to light by Professor Stupples this morning show that the impact of such an attack could have the most severe consequences,” he added.

Flower recommends that Network Rail, which is responsible for the country’s railways and upgrades to the signalling system, implement “rigorous security measures” that are “always-on, continuously monitoring and recording on every endpoint.”

“Protecting each endpoint in this way not only allows organisations to detect any breach much faster but the replay will allow them to track the ‘kill chain’ left by successful attackers, to better understand the level of risk exposure to defend against future threats,” he claimed.

24/7 Monitoring Key

Meanwhile, Piers Wilson, product manager at intelligent security company Huntsman, has said that it is essential to have the technology in place that will allow Network Rail to spot any suspicious activity as soon as possible.

Wilson claims that relying on systems that are focused on blocking known attacks is just not enough because there will be such a variety of new attacks being levelled at the system that the ability to spot any suspicious activity it vital.

“Given the potential effects of any attack on transportation control networks, it will be critical for Network Rail to react quickly and effectively when necessary to prevent damage or the harmful effects of faults that are introduced into train control and signally systems,” the product manager claimed.

“The challenge will be spotting that the attack has actually happened before the effects in the real world are apparent.

“With insider threats, there may be very little evidence beyond some small changes in system behaviour that security has been breached until it is too late. Similarly, attacks are always becoming more sophisticated and developing new ways to penetrate defences.

“As a result, there is every chance that an attack will be completely new and its effects and warning signs completely unknown before it actually affects the signalling network,” he added.  

Problem Faces Other Industries

For Chris McIntosh, CEO at security and communication products supplier ViaSat, this news represents the challenges facing industries wishing to modernise their infrastructure.

McIntosh has drawn upon the example of the energy sector, claiming that criminals need only hack into a smart meter now to cause trouble rather than having to tap into physical lines or break into a secure location.

“While the rail signals network will have fewer potential points of entry than the energy infrastructure, the same lessons will still apply,” the CEO claimed.

“Organisations should assume that any technology that can be hacked, has been hacked and plan accordingly. This means monitoring systems to ensure that any potential attack is swiftly identified and quashed.

“It also means encrypting data so that potentially harmful information cannot be stolen and used down the line. Finally, it requires having fail-safes and backups in place so that the effect of an inevitable attack will be minimised and in order to support a rapid return to normal services provision,” he added.


No comments yet.



Understanding the risks and rewards of public sector cloud 

Download the Whitepaper now




Sign up to receive latest news