As our world becomes more connected, cybersecurity risks are increasing exponentially.
by Conall Mac Aongusa, Transport Planner
Every day we experience the positive benefits that digital technologies bring to our lives whether it is at home on our PC or watching our Smart TV or connecting with people through our smartphones. Increasingly all our devices are becoming interconnected and we are becoming more dependent on not just the technology devices but also on the connectivity. Just like our personal connectivity transport businesses and transport systems are benefitting from connectivity improvements which enables them to offer better products and services to customers as well as improving their internal operations and administration efficiencies.
In the first half of last year alone over 4.5 billion data records were compromised in cyber-attacks incidents of malicious cyberattacks on IT systems worldwide – meaning that bad actors, or people with malicious intent, hacked their way into the computer systems and accessed the codes that control the transport systems and caused havoc and chaos for the transport operators as well as the travelling public.
The transport and railways sector is particularly vulnerable due to their dependence on technology. A particular challenge is that some legacy transport systems now interface with public applications for ticketing and scheduling and rely on networked devices for routing, positioning, tracking and navigation. This presents multiple potential entry points for hackers.
In 2017 the WannaCry ransomware attack caused havoc amongst major organisations worldwide including Deutsche Bahn and Russian Railways. WannaCry infected more than 200,000 computers in 150 countries within a day of the initial outbreak. Newspapers reported that WannaCry infected German train stations, and passenger information monitors were seen displaying the ransom window. Deutsche Bahn said, “Due to a Trojan attack there are system failures in various areas”. Any organization running unpatched or older versions of Windows can become victims of WannaCry.
Who are the people behind these attacks? They can be mainly grouped as Nation States, Criminal Gangs, Hacktivist, Cyberterrorists, Insiders and Unscrupulous Operators. The key motivator for the vast majority of cyberattacks that we see daily is: Money. But not every perpetrator that will attack an IT system will be motivated by money. Railway systems have a high public profile and an attack can gain attention and notoriety very quickly for the attacker. Motivations can include ransom, Data Theft, Information Warfare, System Gaming and Theft, Revenge and Terrorism.
So, the threat of cybersecurity risks is a real and growing risk for railway operators and transport companies across all modes and types of operations. The risks are there to disrupt commercial and business systems, transport operations systems, ticketing systems and communications systems and much more. As the computer systems and networks become increasingly integrated and connected, the threat of cybersecurity increases because once a hack is made inside one part of the system, the malicious software can spread across all systems if the proper defensive and mitigation measures are not in place.
Railway companies are not immune to the cyberrisks – as they are predominantly large complex sophisticated organisations operating a complex transport service across regions and countries. They require highly developed organisation systems to ensure the trains run on time, that their assets are well maintained, that the timetables are published and the fares are collected and tickets are distributed. All these activities nowadays are supported by extensive company-wide computer systems which are increasingly interlinked. If a hacker gets into the ticketing system, he could easily connect them into the fare collection system, the timetabling system and the communication system. Quite rapidly chaos would ensure not only amongst the company employees but also amongst the travelling public leading to train delays and disruption and leading to security and safety concerns.
Because a cyber threat can develop so rapidly across many systems it rapidly becomes a systemic risk and therefore the response requires a systematic and holistic approach. Strategies and measures to counter cybersecurity risks should be guided from the top of the organisation and informed and supported by the expertise of the IT and security departments.