FoxGuard Solutions
Railway Cybersecurity – The Pressing Need and Where to Start
This article first appeared in the Railway-News magazine, Issue 3 2022.
As the rail industry continues to embrace new digital technologies, it is also exposing itself to the security risks that come along with operating in such an environment, writes George Ifebuzo, Sales Director at FoxGuard Solutions, a wholly owned subsidiary of Framatome.
When we travel, we’re focused on getting to our destination safely and on time. The average passenger doesn’t give much thought to cybersecurity when they jump on a train; however, it has more of an impact on their daily journey than they realise.
As a passenger, it is easy to overlook the risks associated with modern conveniences provided by digital technology. Tickets can be purchased online before arrival, eliminating the need to stand in line. Apps provide real-time tracking of schedules, automatically notifying passengers of delays and preventing long waits at stations. But as the rail industry continues to embrace new digital technologies, it also exposes itself to the security risks that come along with operating in such an environment. Cyberattacks designed to disrupt travel, gain access to protected data, or encrypt files to hold as ransom, have now become a very real threat. Protecting the rail industry’s IT/OT infrastructure is now more important than ever.
In recent years, a number of cyberattacks on transport networks have made headlines, including Anonymous’ 2018 attack on San Francisco’s Bay Area Rapid Transit (BART) network website, where hackers stole and published the contact details of over 2,000 BART customers.
We’ve also seen the SamSam ransomware shut down back-end operations at the Colorado Department of Transport (CDOT) for a full month, at a cost of 1.5 million USD to the department. Later the same year Southeastern Pennsylvania Transportation Authority (SEPTA) suffered a malware attack compromising real-time travel information, payroll and company email systems. This resulted in months of recovery efforts for SEPTA and a year’s worth of free credit monitoring for employees.
