Rail industries are a vital part of any national economy, and demand for transporting passengers and freight typically exceeds the supply. Where budgets are available, investments are made in this critical infrastructure, particularly towards moving to digital systems (which are now considered a necessity). Unfortunately, with the rise of sophisticated cyberattacks, increasing Internet connections means an exponential jump in the size of the cyberattack surface, leaving rail systems more and more vulnerable. The issue here is the sheer scale of interconnectivity. All connected systems play a role in this vulnerability: From entertainment devices and services, to remote monitoring, to utilizing cloud services with data from the digital signaling systems.
Cyberattacks on rail systems are far from hypothetical threat. In November 2016, there was a ransomware attack on the San Francisco Municipal Transportation Agency (SFMTA). In 2015 Japan Railways Hokkaido was attacked by an allegedly Chinese-backed group. Later that year, a more successful attack was conducted by (allegedly) North Korean hackers on a South Korean supplier of railway control equipment.
Remote control attacks, propagation of malware and remote extortion attacks are the main threat facing industrial systems today, and railway systems are no different. Fortunately, we can remain optimistic despite this disturbing trend because there are ways to reduce the risks of cyberattacks.
How to draw a safer cybersecurity line
Though the increased attack surface is a serious cause of concern, it can be secured to prevent remote online attacks from entering the control system of rails or metro systems.
Let’s look at some of the specific places where vulnerabilities can be found in rails systems.
- Public Schedule: Although publishing the exact location data of train schedules on big display boards is incredibly convenient, it requires connections that are easily attacked. It would be prudent to enable public access to train schedule information without public access to train systems.
- Maintenance: Among the important information that is pushed from the control network relates to track conditions and maintenance activities; where, when, and what is needed. Here the connection for information is not just an issue of convenience, but rather for efficiency reasons that translate to operational savings, and track quality that influences passenger safety. However, critical train data equipment status, speed, location and other factors that allow operators to improve operations require remote access to operating systems, i.e. connections that leave the rails system extremely vulnerable. That said, are these capabilities worth the risks associated with network access into the railway control systems?
In the examples above, the access to real-time data for informational and operational purposes is already an integral part of rails and metro systems. However, the connectivity with external networks is dangerous and its outcome may outweigh all the benefits.
The mistaken reliance on IT-based cybersecurity
In the IT ecosystem, firewalls and intrusion detection systems are perceived as sufficient solutions. Unfortunately, within industrial environments, and railway control systems specifically, this is completely false. Firewalls are network routers with filtering capabilities, and no filters are perfect. They forward network traffic from one network to another. They try to determine if a message is allowed or not, and if they think it’s allowed they let it through. When they fail to recognize a bad message that gets through, too. Attacks get in through firewalls.
Intrusion detection systems, by definition, detect intrusions. They detect an attack after the fact, in most cases days and weeks after the fact. Although very good for a bank, to assess damage and recover client accounts, however, this is not a relevant protection solution for a rail system.
Waterfall Security’ flagship product, the Unidirectional Security Gateway, represents an evolutionary alternative to firewall technology. The difference is that nothing gets past a Unidirectional Gateway. It is physically impossible.
This is why a growing number of international guidelines and regulations are starting to recommend Unidirectional Gateways. One example is the UK Department for Transport (DfT) in its recently released Rail Cyber Security – Guidance to Industry, stating clearly that signaling networks should be protected with unidirectional gateways and there should be a clear separation between enterprise and operational networks.
Waterfall’s Unidirectional Security Gateways are hardware-enforced protection enabling safe network integration. The unidirectional gateway allows data to flow out of a control network, such as the signaling system, into an external or corporate network, but prevents any flow of communications back by creating a physical barrier securing the industrial network.
By deploying Waterfall Unidirectional Gateways, operational personnel are able to have real-time access to operational data and monitor their control system equipment as usual. Gateways fulfill the primary need of visibility and access to real time data. In operational environments, managers, vendors and inspectors have a valid ‘need to know’ what’s going on in the system, and in real time. Although this need is valid, you don’t want to open up all these platforms to the Internet. Waterfall has designed the technology that enables the business requirement to be fulfilled with access to this data, without the need to access the control network.
By instituting these measures, security teams can eliminate the possibility of online cyberattacks in all areas of vulnerabilities and divert their resources to secure secondary and residual cyber risks. Following this best practice puts rail systems in the UK in line with defined blueprints for cybersecurity at industrial sites around the world.
Waterfall Security already protects a growing number of rail networks in North America, Asia and in other countries around the world. The company’s market-leading unidirectional security products are deployed globally by all segments of critical infrastructure including power plants, water and wastewater facilities, oil and gas on/offshore platforms, refineries and others.