American railroads currently face the greatest threat to their critical safety systems in history: cyberattacks. Rail critical infrastructure in America has been subject to a spate of cyberattacks, with severity and incidence increasing daily. The importance of the railroads to America’s economy, the potential for damage on a transcontinental scale to both freight and passenger traffic and the vulnerability of the entire rail system to a dispersed attack are all making the railroads an increasingly attractive target for hackers and cybercriminals.
Railroads are currently adopting smart rail and Internet of Things (IoT) solutions that promise great benefits in terms of efficiency, maintenance, availability of assets and overall performance. However, their adoption also increases the vulnerability of railroads to cyberattacks and hacking. Another contributing factor is the expanding use throughout the rail network of commercial off-the-shelf systems (COTS). Adopting 5G communications as the rail infrastructure communications backbone encourages the adoption of dispersed COTS edge systems as part of critical communications systems and network functions, further increasing vulnerability to cyberattacks. Also at increased risk, is the vast network of legacy control systems, remote control units and SCADA systems upon which the safety and performance of the entire American railroad systems rely.
A spate of cyberattacks
Rail systems both in America and in Europe have already been subject to several significant attacks.
At the CeBIT Hannover Fair in 2015, a rail network simulation was created as an experiment to determine the intensity of attacks against typical rail infrastructure. The simulation was highly realistic, with CCTV feeds, control interfaces, train schedules and running time status updates. Over a period of six weeks, the researchers recorded 2,745,267 cyberattacks on the simulation. In about 10 percent of the attacks, the hackers managed to gain some limited control of the system. Hackers returned again and again, probing deeper into the system each time. If the experiment had lasted for longer than six weeks, hackers might have gained much greater control of the network, with the potential to create significant damage.
In November 2016, hackers attacked San Francisco’s light-rail system. The hack opened all station gates across the network, allowing passengers to travel for free, while paralyzing ticket machines and rendering them out of order. Ticketing systems in station agents’ booths also crashed. The attack lasted for two days. The geographical origin of the San Francisco light-rail attack is unclear, with evidence pointing to Russia, although North Korea and Iran are possible, among others.
In May 2017, Deutsche Bahn, the German national rail network, suffered an attack on its data systems. The WannaCry virus affected 450 Deutsche Bahn computers, bringing down passenger information systems, ticket machines and CCTV networks. The same attack, which is thought to have originated in North Korea, hit the national railway systems in both Russia and China. Two automobile manufacturers, Renault and Nissan UK, were also affected, halting production robots on both companies’ assembly lines. And the largest organization in Europe, NHS England, was attacked, affecting MRI scanners, blood storage refrigerators and operating theatre equipment, causing operations to be cancelled and ambulances diverted from affected hospitals.
Just how vulnerable a rail network can be was demonstrated by a teenager in Lodz, Poland, who in 2008, altered a television remote control and took over the industrial control systems managing light-rail track points in the city. Four trains were derailed and 12 people injured as a result.
Why railroads are so vulnerable
A few factors make America’s railroad infrastructure particularly vulnerable. One of the highest risk factors is the infrastructure’s distributed network architecture—electronic components and industrial control systems are spread across sections of lines and throughout rolling stock. This distributed architecture is coupled with long equipment lifecycles, a diverse supply chain and a range of technologies. As a result, it is common to find legacy equipment and controllers working side by side with the newest solutions. A 20-year-old DCS can be coupled to an IP-based IoT controller. The heterogeneity of the equipment can make it difficult to manage and enforce unified security.
Many of the dispersed control systems feature proprietary protocols that were designed for a non-connected world, where systems ran in their own self-contained and isolated networks. The belief that trackside and rolling stock controllers and systems are protected by being “air-gapped” is a myth. The advent of IoT devices, connected rail systems and on-board entertainment and broadband systems means that every part of the infrastructure, regardless of whether it is a legacy or proprietary system, is potentially connected to the outside world.
Response strategies to attack are crucial
Failing to identify potential vulnerabilities within the railroad network and prepare for any possible attack can be the greatest vulnerability of all. The 2017 WannaCry attack on Deutsche Bahn illustrates perfectly that ignorance is not always bliss.
The Deutsche Bahn security team identified the virus at a very early stage of the infection. However, according to an analysis by DB Netz AG cyber expert Christian Schlehuber, provided to the Intelligent Rail Summit 2017 in Vienna, the organization had no plans for defending against such an attack. Moreover, as the attack took place at night, the team could not reach relevant management to formulate a plan and receive permission to implement it. Schlehuber described the company’s “incident management processes” as “challenged.”
The Deutsche Bahn experience underscores the importance of simulating and emulating various attack scenarios and developing comprehensive response strategies in advance.
Securing rail with active defenses
Faced with the increased threat of a devastating cyberattack, what can rail transportation firms do to protect themselves?
Railroad firms can successfully defend both their IT and their OT infrastructures against the most determined attack by going beyond the static, fixed-line defense strategies of conventional cybersecurity. Instead, rail transport firms should adopt agile, active cyber defenses based on data-driven intelligence and continuous cyber surveillance that covers not only IT infrastructure but also industrial control systems, both IP-enabled and legacy. Cyber surveillance should also include all interfaces between IT infrastructure and control and operational technologies.
Continuous network monitoring, analytics and intelligence enables firms to adopt active defense strategies against cyberattacks. Such an approach also opens the way to intelligence-led and data-driven approaches to technological and legal cyber remedies.
Rail transport companies must aim for defenses in depth. Such defenses require identifying all points of vulnerability, in both operations and information technology systems, and understanding how they can interact, possibly in completely unexpected ways. Defense in depth is crucial: It can slow down attackers, provide early warning and give defenders the time and space to organize and implement prepared response plans to defend rail systems.
Vlad Gostomelsky is managing consultant, Security Consulting at Spirent SecurityLabs.
Gostomelsky is a security researcher with a passion for securing technology that makes civilized life possible. He is focused on satellite systems security, SCADA systems supporting the critical infrastructure and wireless networks.