The modernization of communications networks supporting urban railway systems promises to bring substantial benefits to railway operators and the public they serve in terms of safety, operational efficiency and reliability. Railway operators around the world are moving toward IP-based networking and internet of things (IoT) technologies to support on-board broadband coverage and deliver a range of mission-critical services.
While these networks can support a variety of new services to make urban rail travel more enjoyable and productive, they also tend to be more open and interconnected, with more direct exposure to the internet. In addition, the growing use of connected devices such as meters, surveillance cameras and even payment systems create avenues into the system that hackers could potentially exploit. Similarly, railway operators are increasingly utilizing wireless networks to support a range of operational and passenger services. Together, these developments create potential cyber vulnerabilities that need to be managed.
Cyberattacks are becoming increasingly sophisticated, and the potential damage that can result is growing — not only are operations disrupted, but lives can be at risk as well. As a result, protecting rail infrastructure in the future will demand stronger and more robust railway communications network security, coupled with new practices applying both technologies and process measures.
While high-profile hacks by governments or criminal organizations get a great deal of attention in the media, the dangers to infrastructure such as railways are often more mundane — as are the vulnerabilities. Many breaches result from human error; things like compliance failures, configuration problems or simple lack of attention. IT organizations can become overwhelmed by the volume of alerts that need to be responded to and addressed, and even relatively passive dangers like viruses and malware can negatively impact operations.
One approach that can help to mitigate this challenge is automation — or supporting the execution of frequent, repeatable actions without intervention — which can help speed up investigation and mitigation of incidents. This in turn can help address another common challenge: a lack of qualified personnel. There is a shortage of skilled cybersecurity professionals worldwide, which places obvious limits on human-centric approaches.
More broadly, a structured approach to security is needed, which encompasses both business processes and technology-based interventions, including:
- End-to-end security that encompasses network operations and processes
- Security analytics to correlate security-related information from across the network
- Devices and cloud layers to spot suspicious activity and provide insight into threats
- Multiple layers of encryption to protect network traffic
- Security automation
- Incident response plans
- Regulations and policies
An emerging capability that can also enhance cybersecurity efforts is machine learning; a technique that can be used to assess threat information from across the network, connected devices and cloud-based services to unearth potential security compromises that can then be quickly identified and mitigated in the future.
Combined, these strategies form a multi-layered, defense-in-depth approach that can address today’s security threats, while also providing a framework for the judicious management of limited resources.
The risks to critical infrastructure such as railways are quite substantial, and cut across both economic and national security dimensions. Governments throughout the world, including the U.S., have created robust frameworks to address these threats. As operators of an important strategic asset, railway operators have an important role to play in the development and implementation of infrastructure protection measures.
At the center of a railway operator’s cybersecurity threat mitigation strategy is an advanced communications network. Today’s networks can help provide intelligence to detect and track new threats, reduce vulnerabilities and provide analytics to correlate data from multiple domains to help identify suspicious, malicious or inadvertent anomalies.
Combining threat intelligence data and security analytics makes it possible to detect threats and prescribe the appropriate response more effectively — providing strategic mitigation to strategic threats.
The benefits of this approach are manifold. Security incidents can be very costly for railway operators, not just from the loss of revenue from disrupted passenger services, but from recovery and restoration costs, potential lawsuits, damage to brand reputation, compensation to users and non-compliance penalties. Speaking of which, railway operators face increasingly stringent legal, regulatory and compliance requirements — making them directly accountable for ensuring effective information security and data privacy.
Karsten Oberle is the head of the Global Railway Practice for Nokia.
