As one of the most sensitive sectors, the world of transport is in full transformation, more and more connected and exposed to potentially devastating cyberattacks. In this context, a recent study * highlights that rail infrastructure is now the fourth most targeted sector just behind defense, finance and energy. Securing these infrastructures is therefore essential, but cannot be improvised with regard to the specific business characteristics of this sector.
A digital transformation of the rail sector to supervise
Present on all floors, the digitalization of the railway sector is today a concrete reality. Convergence of IT and OT networks, Internet of Things, cloud or edge computing, automation, robotization and artificial intelligence … So many technological breakthroughs that are rocking the railway industry into a new era. Through this short overview, it is easy to understand the difficulty of effectively securing such a sector.
In this context, three main areas are currently at the heart of this transformation and must be addressed: operational excellence in order to increase the capacities of current networks, passenger safety which wants to be more and more demanding and the traveler experience through the concepts of information, entertainment and digitization of transport tickets. The common point of these elements is to make massive use of communication technologies (IP protocols, Wi-Fi, GPRS standards, 4G LTE, etc.) and to open networks that were traditionally closed, making the IS more vulnerable to cyberattacks.
Risks and vulnerabilities of the rail sector
Concretely, several types of risks exist. Driving assistance and control systems are connected and communicating. They are thus opening up new attack surfaces that can lead to the takeover of the train. We can also discuss the significant financial risks linked to ticketing, in particular the security of payment or the validity of tickets. Another possible scenario is the hacking of communication and information infrastructure on trains or in stations to manipulate users or damage the image of operators.
A final point to be raised is related to technologies from industry 4.0 and applied to the railway world, with for example the compromise of predictive maintenance systems which can pose a significant risk to train passengers, in the absence of equipment overhaul. Far from being science fiction, these scenarios are very likely: the takeover of the Lodz tram network in Poland in 2008 or more recently the Wannacry attack which hit the German railway company Deutsche Bahn. We can also mention more recently the piracy in 2019 of the Ilévia transport authority in the Lille metropolitan area on aspects related to ticketing (fraudulent loading of transport tickets).
Because they require increased availability, accessibility and security, rail transportation IT systems therefore need to be strong and resilient in dealing with cyberattacks. In view of these elements, it is essential that the players in the sector develop their governance by positioning the concepts of risk management, identification of sensitive assets and network segmentation at the center of their digital transformation processes. Beyond the networks, it is the entire chain that must be secure, whether it be the workstations and various other devices but also all of the data, with the privacy issues linked to the videos recorded in the trains and using the Internet and the Cloud to circulate data.
By Stéphane Prevost, Product Marketing Manager Stormshield