:format(webp)/f/149518/1920x1080/a2661856d1/meet-cylus_-the-defender-of-railway-cybersecurity.png)
Photo credit: iStock
By TAM Hock Chuan, Nikodemus JAYA and Calvin TAN
In January 2022, a group of hackers breached computers used by Belarus’ railway network and encrypted data stored on them[1]. They also threatened to take control of the safety-critical rail switching systems if their demands were not met. Then last year, Northern Rail, which services the north of England, experienced a ransomware attack which caused system outages and shut down hundreds of its self-service ticket machines[2].
These train disruptions are not isolated incidents on a global scale. Over the last decade, other cyberattacks have happened in the US, South Korea, South Africa, and across Europe[3], costing millions of dollars and putting many lives at risk.
The sophistication and frequency of railway-focused cyber-attacks have increased, and with it the public and regulators’ interests in the sector. Governments are cognisant that national critical infrastructures are likely to be targets of cyberattacks[4] and the railway infrastructure is an especially prominent and vulnerable target, with a large attack surface and the relative lack of cybersecurity system in place.
The Enhanced Automation of Railways: Kryptonite for the industry?
Rail operators are under enormous pressure to automate and implement new technologies – from improved entertainment (high-speed WiFi onboard), automated traffic management system, self-driving, real-time tracking and reservation, and many more. This is problematic.
Many train systems today are running on legacy operational technology (OT) systems that is rarely upgraded for fear of causing disruption and degrading customer service. Unfortunately, these OT systems were not designed to work seamlessly with modern IT systems like hand in gloves. In fact, they speak different “languages” and often use proprietary communication protocols instead of the standardized protocols.
As a result, the rail system has evolved into a complicated patchwork of disparate solutions, each provided by a different vendor and with their own proprietary protocols. When combined with the addition of new systems and integration with external networks, creates a huge attack surface and making the rail system more vulnerable, whether to deliberate attack or unintended negligence, which is a terrifying prospect.
A cybersecurity breach could cause service disruption, data breaches, derailment, network outage, and other disastrous consequences. Rail operators may face a variety of consequences, including legal liability, financial loss, injury, and reputational harm. As the preceding examples demonstrate, a technological assault can be far more devastating than bad weather or a late driver.
The Cybersecurity Challenge
The sheer size of railway networks as a primary people-mover system makes monitoring especially challenging. This is made worse by the proliferation of added systems, as well as the increased use of open systems and connectivity, all contribute to a larger attack surface and create more entry points for attackers. Given the complexity of the railway system and lack of asset-level visibility, it is extremely difficult to make accurate and timely detection of malicious activities.
“Because a train typically has a lifespan of 30 years, even if rail systems were updated to deal with cyberattacks and changed over time, that fails to account for the fact that the attacker's abilities can improve as well. At times, this may create a gap between the attacker and defender, as the attacker gains more resources and expertise, but the defender’s systems remain static. Thus, we firmly believe that implementing a multi-level cyber protection platform, tailored for railway operational systems, is really the only way to close that gap” said Miki Shifman, CTO of Cylus.
Without a centralised platform for oversight management, hackers can easily exploit blind spots and slip through the cracks.
Addressing Asset Visibility, Integration and Disruption
Nobody can afford to ignore the risks any longer. Rail operators must prioritize asset visibility in order to build more robust rail systems. This is where Cylus, an Israeli global leader in rail cybersecurity, can help by offering an OT security solution for rail operators to avoid safety incidents and service disruptions caused by cyberattacks.
Cylus, a cybersecurity firm founded in 2017, harnesses artificial intelligence and machine learning to protect and proactively monitor the operational network of the rail system for malicious activities that could jeopardise or impact train safety, continuity, and service availability.
“Without any architectural modifications, CylusOne monitors all network traffic and operational communications between various trackside, along with onboard critical systems. With our ML/AI-driven platform, we can identify anomalies within railway operational assets that most definitely represent malicious activity within the rail network. This allows us to identify a plethora of cyberthreats and risks in real-time and activate remediation playbooks effectively,” said Amir Levintal, CEO of Cylus.
The Future of Cybersecurity in the Rail Industry
As software and data management systems evolve, so will the variants and volume of cybersecurity threats be directed at them. The incident in Belarus was not the first of its kind, and it is very likely just the beginning of an increasing number of attacks on critical rail infrastructure. There is a growing awareness of the need to fortify the defences of railway systems.
In December 2021, the US Transportation Security Administration (TSA) issued new security directives to strengthen cybersecurity across all critical infrastructure in the US, including passenger and freight railroads, as well as rail transit agencies. Likewise, the European Union (EU) published its own set of railway cybersecurity standards in an NIS Directive in the same year. CENELEC, the European Committee for Electrotechnical Standardization, created the CLC/TS 50701 framework to provide requirements and recommendations for the European railway sector to handle cybersecurity in a unified manner.
Having a reference framework is good, but finding and implementing the right solution that is compliant is still a gargantuan task for operators – Cylus seeks to alleviate this. The CylusOne system has been developed in full compliance of the TS50701 and other international standards. Not surprising therefore, that CylusOne has already been installed in a number of railway systems around the world.
Given the long lifespan, regulated and stable nature of railway and metro projects, Cylus’ early credibility can potentially translate into eventual market dominance, especially as it continues to innovate and develop new solutions.
We believe Cylus’ solution is designed to integrate railway and cybersecurity operations, and it is primed to provide immediate threat protection for a spectrum of railway protocols and systems.
