Cyber-attacks received in the railway sector

Critical infrastructures are increasingly exposed to possible cyber-attacks. Connectivity and the use of technology in all sectors has improved the service provided to citizens, optimising processes and resources, and improving the quality of each operator’s actions. But this connectivity also has its dark side, facilitating the actions of malicious actors who can attack and disrupt the corresponding service. 

When we talk about critical infrastructures, we refer to those systems or infrastructures that are essential for the functioning of a country’s society and economy. For this reason, they need special protection for their security, as their impact on the country is very high. The railway sector, as a critical infrastructure, is a focus of cyber criminals, as it is increasingly connected at all levels. Everything involved in railway operations has become increasingly digitized, making the systems more efficient for all actors involved, but at the same time opening the doors of all these systems to possible cyber-attacks.

The sector faces several cyber threats that can significantly affect its operations. The main components that could be targeted by cyber-attacks include control and signalling systems, communication networks and traffic management systems, passenger information and ticketing systems, as well as maintenance and asset management infrastructure. An attack on any of these elements could cause anything from service disruptions and delays in train schedules to serious accidents such as collisions or derailments. In addition, the unavailability of accurate passenger information and the inability to make effective ticket sales could result in significant financial losses for railway undertakings, in addition to the worsening of the railway undertaking’s image. It is therefore essential that these organisations implement robust cybersecurity measures to protect their systems and ensure the security and continuity of their operations.

In addition, the complexity of the systems also means that many critical infrastructures are connected to each other, as is the case of the railway with telecommunications systems and the energy system. An attack on these two service infrastructures is also a factor that would affect the railway service. These reasons and the increasing complexity of cyber-attacks make it extremely necessary to protect against them, and to be well prepared for the need to mitigate these attacks.

To be able to fight against possible disruptions and attacks, railway organisations have adopted measures for this purpose. All of them have action plans in case of cyber-attack, which cover from a preparation phase for all staff and systems, to prevent and be prepared for an attack, procedures covering the attack stage, for detection, control and response purposes, and finally an aftermath and mitigation phase, returning the service to its normal activity, and trying to reduce as much as possible the impact caused, both in terms of operations and data management. These phases must be aligned with the applicable regulations in terms of cybersecurity, but must also be aligned with public security agencies, such as police and cybercrime experts, who help to resolve and investigate problems that may occur.

In recent years, there have been several significant cyber-attacks against rail networks in different parts of the world, some of which are outlined below:

  • In 2018 in Germany, a ransomware attack affected train information screens.
  • In San Francisco in 2016, a public transport system experienced a similar attack, also ransomware, which resulted in services being offered free of charge during the affected period.
  • In 2015, a coordinated attack in Ukraine compromised the railway signalling system, causing temporary blockages and disruptions to operations.
  • A distributed denial of service (DDoS) attack in Poland in 2015 disrupted train services for several hours and in different parts of the country.
  • An unauthorized access attack in India in 2017, where a group of hackers managed to gain access to India’s train control system, raised the need to improve the security of the country’s train control systems.
  • In 2020, the UK suffered a ransomware attack affecting the country’s rail signalling system, resulting in the cancellation and delay of numerous rail services, and demonstrating a low responsiveness to service recovery.

Each of these attacks underlines the importance of cyber security in the rail sector and the need for robust preventative measures to protect critical infrastructure and ensure service continuity. As can be seen, the number of attack types and possible services to attack is manifold, which increases the complexity in the search for protection and mitigation. Moreover, it must be considered that this type of attack will increase, both due to the increase in the number of connected railway services, as well as the improvement in the complexity and quality of cyber-attacks.

Tools such as those developed in the PHOENI2X project will allow operators of critical services to better and faster mitigate, block, control and manage cyber-attacks received, to ensure that the service offered to users is affected as less as possible. The technical projects promoted by the European Commission increasingly address cybersecurity needs, and it is the responsibility of all companies involved to move forward with the necessary actions to better protect against cybercriminals.

Author

Carles Miralpeix i Llorach

Innovation Technician and International Consultat

Ferrocarrils de la Generalitat de Catalunya (FGC)

References:

AEGIS Rail. “A Timeline of Cyber Attacks on the Rail Sector”. LinkedIn, 19th January 2024. Available at: https://www.linkedin.com/pulse/timeline-cyber-attacks-rail-sector-aegis-engineering-systems-crcve/?trk=article-ssr-frontend-pulse_more-articles_related-content-card

ENISA. “Building cyber secure Railway Infrastructure”, 28th February 2022. Available at: https://www.enisa.europa.eu/news/building-cyber-secure-railway-infrastructure

Kapoor, Nikhil. “Understanding Railway Cybersecurity”. ISA Global Cybersecurity Alliance, 2022. Available at: https://gca.isa.org/blog/understanding-railway-cybersecurity

Molina, Jesús. Cybersecurity Imperatives for Vital Rail Networks at Operations Control Centers (eBook). Waterfall Security, 2023. Available at: https://waterfall-security.com/ot-insights-center/transportation/cybersecurity-for-the-rail-industry-ebook

Preston, Robert. “EU cybersecurity agency reports on threat to rail”. International Railway Jornal, 22nd March 2023. Available at: https://www.railjournal.com/technology/eu-cybersecurity-agency-reports-on-threat-to-rail/Railway Academy. “Railway Cybersecurity: Everything you need to know”. Railway Academy (blog), 2022. Available at: https://railwayacademy.org/railway-cybersecurity-everything-you-need-to-know/