- Mobility & Infrastructures
Categories:
The rapid digital transformation in the railway sector has significantly enhanced operational efficiency and service delivery. However, this digital shift has also escalated cybersecurity risks, making the sector a target for cyber threats that can disrupt service and compromise safety.
Cybersecurity threats in the railway sector range from data breaches and service disruptions to threats against physical safety. The interconnected networks, reliance on automated systems including driverless trains, and digital transformation increase vulnerability to cyber-attacks. Legacy systems, widespread geographic infrastructure, and varying levels of cybersecurity awareness add complexity to effectively managing cybersecurity in railways.
Primary concerns in rail cybersecurity are around critical systems like signaling, train control, communication systems and other control systems such as SCADA, and tunnel ventilation systems, directly impacting train movement and safety. These systems are highly susceptible to cyber threats, highlighting the urgent need for robust cybersecurity measures across the rail infrastructure. In recent years, cybersecurity has emerged as a critical factor in maintaining safety within rail systems. The integration of cybersecurity into System and Functional Safety evaluations highlights its integral role in safeguarding rail infrastructure and operations.
Cybersecurity measures within the railway sector
To counter cyber risks, several standards and guidelines have been developed such as IEC 62443 and CENELC TS 5070, focusing on the security of Operational Technology (OT) systems, both safety-critical and non-critical systems of railway, also considering reliability and safety within railway systems. Regulatory influences like TSA Security Directives in the US and ONRSR in Australia are pushing rail operators toward enhanced cybersecurity practices, aligning with the complexities of system safety and engineering. For the Spanish railway industry, adopting integrated cybersecurity solutions that align with EU directives and local regulations is crucial. Implementing advanced security analytics, control measures for protection, threat detection and response, and strengthening the cybersecurity framework are key recommended strategies. Enhancing collaboration among stakeholders can also strengthen the sector’s defenses against cyber threats.
The integration of cybersecurity measures within the railway sector must consider the specific challenges faced by operators and maintainers. To overcome these challenges, setting up cybersecurity management plans and frameworks, proper threat risk assessment including maturity and criticality assessment of systems under operation is the initial step to define adequate control measures to mitigate cybersecurity risks to a tolerable and acceptable level. Design and engineering of control measures including implementation and deployment of measures into operational systems is another challenge that needs to be addressed through a cybersecurity system engineering approach to minimise service disruption during the implementation phase. To ensure cybersecurity measures are implemented properly, robust cybersecurity tests such as vulnerability assessments, penetration tests, and tabletop exercises are required. Throughout this process, cybersecurity must be considered in conjunction with System Safety and System Engineering process and assurance.
Cybersecurity measures should be both technical and non-technical to ensure comprehensive detection and protection. This could include the implementation of robust intrusion detection systems, effective Security information and event management system, regular vulnerability assessments, network segmentation to prevent and mitigate cyber threats. It’s vital to keep all operational technology (OT) devices patched and updated to protect against known vulnerabilities. Secure authentication protocols should be used to protect communication channels within systems. On the administrative side, developing a strong cybersecurity framework is essential to establish a solid foundation for an Operator’s overall security posture. Furthermore, establishing clear policies and procedures is essential for governance and compliance, managing routine cybersecurity activities, and handling incident response and recovery. These collective measures strengthen railway systems against the increasing sophistication of cyber threats while maintaining the safety and reliability of railway operations.
The development of a holistic cybersecurity strategy and management program that can adapt to the evolving cyber threat landscape is necessary. This includes focusing on continuous risk assessment, implementing adequate technologies through cost-benefit analysis for protection, monitoring, and detection of cybersecurity threats that includes having a Cyber Security Operation Center (C-SOC) in place. Furthermore, as the sector progresses with digitalization, it is essential to enhance the cybersecurity maturity of organizations to ensure the reliability and safety of railway services in Spain.
As the railway sector advances, its approach to cybersecurity must also adapt. By proactively addressing emerging threats through effective governance and by implementing appropriate measures, the railway industry can protect its infrastructure and guarantee the safety of its passengers and operations. The industry should continuously develop a culture of cybersecurity among all stakeholders from operators to suppliers, ensuring that security measures keep pace with technological advancements and the increasingly sophisticated nature of cyber threats.
In conclusion, addressing cybersecurity in the railway sector requires a comprehensive and coordinated approach that spans regulatory and standard compliance, technological integration, and collaborative efforts across stakeholders.
Soroush Tazerji
Director de servicios de seguridad de Tactix Sener Group
Soroush es director de servicios de seguridad de Tactix Sener Group. Tiene una amplia experiencia en proyectos ferroviarios a gran escala en Australia, Norteamérica y Oriente Medio. Su experiencia abarca la gestión de todo el ciclo de vida del proyecto, incluido el diseño, la implementación, las pruebas, la instalación, la puesta en marcha y el funcionamiento de sistemas tecnológicos de ciberseguridad y operación. Ha proporcionado con éxito soluciones de ciberseguridad para diversos sistemas ICS/IACS, ha gestionado importantes programas de mejora de la ciberseguridad y ha creado unidades de operaciones y respuesta de ciberseguridad que forman parte del Centro de Operaciones de Ciberseguridad (CSOC) para Infraestructuras Críticas. También contribuyó a desarrollar normas internacionales de ciberseguridad y sistemas de automatización y control. Traducción realizada con la versión gratuita del traductor DeepL.com