09 June 2018 Featured

Protecting Railway Networks From Cyber Threats

Rail networks, as integral parts of critical infrastructure, continue to come under cyber attack.

Supplied By Morand Fachot, | IEC e-tech

Protecting Railway Networks From Cyber Threats

Inside the drive cabin of a Japanese Shinkansen "bullet train"

Technological And Cultural Change

Railway systems form an integral part of the transport system and as such are seen as part of the critical infrastructure in many countries. Cyber threats to railway networks are assuming increased importance as the digitisation of railway control systems grows.

Signalling and train control systems have relied on various types of switches for a long time. These are essentially closed proprietary systems protected by so-called air gaps.

The traditional air-gap protected systems are not immune to attacks. In 2008, a 14-year old Polish teenager used a modified TV remote control to interfere with the tram track and point system in the city of Lodz. Four vehicles were derailed and 12 people injured in the process.

The railway sector is now introducing open systems that are based on technologies such as general packet radio service (GPRS) and long-term evolution (LTE) for mobile communications, and IP. These systems, being open, represent a technological and a cultural shift. 

However, computer-based systems have introduced the additional dimension of cyber threats. This means that cyber security becomes a concern and must be integrated from the beginning.

In November 2016, the San Francisco Municipal Transportation Authority (SFMTA) was the target of a ransomware attack. Its information systems were encrypted and the operator was forced to disconnect its fare gates and ticket vending machines, resulting in financial losses.

In May 2017, German rail operator Deutsche Bahn was affected by the WannaCry ransomware attack. While this resulted in its electronic boards being switched off in some stations, its train services were not disrupted.

Growing awareness of cyber threats within the railway sector has been highlighted by a range of international initiatives and conferences. A special session on Cyber Security in Rail within the framework of the Intelligent Rail Summit 2017 organised in Vienna in November 2017 by RailTech, a global platform for rail professionals, looked at a range of aspects. This session, attended by e-tech, listed issues in the cyber threat sphere and measures to address them, among them the use of IEC Standards.

Wide Range Of Potential Attackers

The main threat to railway (and other transport) systems does not come from the so-called script-kiddies, like the Polish teenager who hacked the Łodz tram system, but from four different groups of perpetrators in two categories:

  • Criminals who try to extort money, with ransomware being the main tool. This has become a business model with different types of malware being developed and either sold or rented.
  • Others who are determined to disrupt or damage operations. They include:
  • Disgruntled or sacked employees with access (including physical) to computer systems
  • Terrorists and politically-motivated groups
  • Possible state actors

Physical attacks should not be discounted. In September 2016, the Chicago air traffic control centre was closed by a massive fire set by a disgruntled contractor. Thousands of flights were disrupted across the US. Attacks can take a hybrid form that combines physical and cyber-attacks.

Prevention of physical attacks, which are often carried out through unauthorised access, can be ensured by applying International Standards developed by IEC Technical Committee (TC) 79: Alarm and electronic security systems, and by ISO/IEC Joint Technical Committee (JTC) 1/Subcommittee (SC) 17: Cards and personal identification.

Enclosures containing electronic and control equipment installed in remote places along tracks present physical and cyber vulnerabilities.

Protecting Railway Infrastructure From Cyber Threats

The digitisation of the railway sector and the move from electromechanical to digital IP-enabled technology is being encouraged by the European Union in the form of the European Rail Traffic Management System (ERTMS).

ERTMS is a system of standards for the management and interoperation of signalling for railways, which is being adopted not just in Europe, but beyond: in several African countries, in Brazil, Mexico, many Middle Eastern and Asian countries including China and India, and Australia.

Industrial automated control systems (IACS), are no longer isolated from the outside, and railway systems are increasingly interconnected thanks to automatic train operation (ATO) and as part of intelligent transport systems, François Hausman, Alstom Main Line cyber defence manager and Shift2Rail cyber security WP leader told the conference. Cyber-attacks on industrial control systems increased by more than 600% between 2012 and 2014, he said, bringing with them severe financial and safety concerns.

Railway specifics, such as electronic components scattered along tracks or trains, a very long life cycle (in excess of 25 years), diversity both of supply chain and technology and other characteristics make this a complex domain.

Automated, Wireless Signals More Efficient, But Open To New Threats

“The automotive sector has woken up to the critical need for cyber protection. It’s time the railway industry got on board as well,” says Amir Levintal, CEO of Israel-based specialised rail cyber security company Cylus. “The current approaches to cybersecurity do not fit the architecture of railway networks today,” Levintal told the Global Railway Review.

Levintal sees new signalling systems as especially vulnerable to hackers. These systems “are the heart of safety-critical train operations. They have also become more and more automated over the past few years – and are now operated wirelessly,” he explains.

“In the worst-case scenario, hackers could send commands to the train causing them to slow down, stop completely, or even accelerate on curves so that the train would be unable to align itself with the switches on the track. All of these scenarios could lead to disaster,” Levintal warns.

IEC Standards For IACS Central To Railways

Shift2Rail, an initiative that brings together key European railway stakeholders to achieve a single European railway area, is looking at defining how different aspects of cyber security should be applied to the railway sector. It has assessed applicable standards and selected the IEC 62443 series for the following reasons (and others):

  • it is a set of Standards dedicated to IACS
  • it addresses product and system life cycles
  • it covers security risk assessment processes
  • it defines security levels based on functional security requirements
  • it is used by other critical infrastructures.

The choice of IEC 62443 was also highlighted by ERTMS Cyber Security Lead Engineer Sharvind Appiah at a workshop organized by the Railway Gazette. "There’s no reason to develop new standards for railways. There are already many standards for cyber security, whether they are NIST [the US National Institute of Standards and Technology] or ISO/IEC standards (…). The challenge is to see which of these fit in the railway context. That’s what we’re doing in Shift2Rail; we’re looking at industry standards, which means IEC 62443, a complete set of Standards designed for IACS, but we apply them in the railway context."

"For me this is a smart way to bridge the gap. It avoids forcing us to go through the R&D phase, where we have to rewrite the standards. We have standards there; it’s a matter of adopting them and learning how to use them."

The fact that IEC 62443 is emerging as a core set of Standards for the railway sector was highlighted by other speakers at the Vienna conference, in particular by David Rogers of Siemens in his presentation: "IEC 62443: A cyber security Standard approaching the Rail IoT."

The set of Standards involves the three major stakeholders in the protection of plants against cyber-attacks: asset owners, system integrators and product suppliers, Rogers said. A key concept of IEC 62443 is that security requires a set of coordinated measures to be taken, an approach generally described as defence-in-depth.

The fact that IEC 62443 is being widely adopted is illustrated by the German standard DIN VDE V 0831-104; VDE V 0831-104:2015-10: Electric signalling systems for railways – Part 104: IT Security Guideline based on IEC 62443 (62443-3-3:2013).

All Countries Are Introducing Cyber Security Measures In The Rail Sector

The UK Department for Transport has issued a guidance document which is designed to support the rail industry in reducing its vulnerability to cyber attack. It is designed to be high-level and sets out the principles and general approach to cyber security as good practice. It does not provide detailed instructions.

Standards mentioned in a recent public consultation document by the Australian Standard Rail Industry Safety and Standards Board (RISSB) include, in addition to IEC 62443, the ISO/IEC 27000 family of Standards on IT Security Techniques, as well as ISO/IEC Technical Reference (TR) 15443-1:2012 and ISO/IEC TR 15443-2:2012, Information technology – Security techniques – Security assurance framework.

In the US, NIST has published a paper on the performance evaluation of secure industrial control system design for a railway control system.

As railway systems will rely increasingly on mobile communication, connected devices and IP networks, the incidence of cyber attacks from a variety of actors is likely to increase.

International standards, in particular IEC Standards such as the IEC 62443 series, will provide an all-inclusive approach to information technology (IT) and operational technology (OT) security and will be central to protecting IACS from cyber threats.

About The IEC

Founded in 1906, the International Electrotechnical Commission (IEC) is the world’s leading organisation that prepares and publishes International Standards for all electrical, electronic and related technologies. The IEC also administers four Conformity Assessment (CA) Systems certifying that components, equipment and systems conform to standards of quality, including such aspects as safety, efficiency, effectiveness and durability.

Close to 20 000 experts from industry, commerce, government, test and research labs, academia and consumer groups participate in IEC standards development and CA activities.

The IEC is one of three global sister organisations (IEC, ISO, ITU) that develop International Standards for the world. When appropriate, IEC cooperates with ISO (International Organization for Standardization) or ITU (International Telecommunication Union) to ensure that International Standards fit together seamlessly and complement each other. Joint committees ensure that International Standards combine all relevant knowledge of experts working in related areas.

IEC Reaches Out To Developing Countries

The IEC Affiliate Country Programme reaches out to developing countries, giving them the opportunity to get involved with the IEC without needing to become members. The Programme encourages greater awareness and use of IEC International Standards and CA Systems in developing countries; helps those countries understand and participate in the work of the IEC and facilitates the adoption of IEC International Standards as national standards.

IEC In Africa

The IEC has regional offices on five continents. The Africa Regional Centre (IEC-AFRC), in Nairobi, Kenya, is the focal point for the IEC in Africa, helping to promote awareness of the IEC in the region, increase the use of IEC International Standards and IEC CA Systems, and enhance participation and membership of countries in the region. It cooperates closely with the African Electrotechnical Standardization Commission (AFSEC), the African Union and all the other regional bodies that are important for African development. The Centre also helps enhance the governmental level of involvement in African countries participating in IEC work.

In May 2017, the IEC and the Kenya Bureau of Standards (KEBS) hosted the first ever low voltage direct current (LVDC) Conference for Sustainable Electricity Access, in Nairobi. The conference focused on how LVDC could be leveraged to help bring about clean and affordable electricity to the estimated 1,2 billion people, of which 640 million are in Africa, without access to electricity.



IEC Affiliate Country Programme









Related Articles