Railway technology is continuing to develop at an increasing rate, from improved entertainment and Wi-Fi systems, autonomous trains, to online booking systems. However, as the available technology increases, so does the chance for said technology to be victimised by cybersecurity threats.
Although the digitalisation of railway systems brings with it many positives, it has also increased the vulnerability of railway operations, which if subjected to a cybersecurity attack could result in service disruption, data breaches, derailment, network outage, and more. As a result of these cyberattacks, railway companies could face a range of consequences from legal liability, financial loss, injury, and reputational damage.
Founded in 2017, cybersecurity firm Cylus has been developing technology solutions utilising the power of AI and machine learning to help combat the threat of cyberattacks. ‘CylusOne’ detects cyber threats over rail signalling and control networks, trackside, and onboard systems, to allow a timely and effective response to threats to be carried out.
Amir Levintal, CEO and Co-founder of the company explains the solutions the company can provide for the railway industry.
Frankie Youd (FY): Could you provide me with some background on the company?
Amir Levintal: When we were in the process of founding the company, we understood that the rail industry had undergone a huge digitalisation process, specifically the autonomous trends within technology, but also the integration of commercial off the shelf technologies, wireless and things like that.
These technologies are very unique to the rail industry, no other industry is using them like they are, so in order to protect them, you should develop a solution that understands the protocols and systems. In order to protect them, you need to understand the business logic of the rail system.
Operations are the most important thing. Safety, availability to make sure the train will come on time, and understanding the operations with a deep understanding of cybersecurity, to provide the best solution that can help them to mitigate those threats while operating the lines.
What we practically provide as a company is the ability to continuously monitor the safety-critical systems, the signalling on board, control centre, and things like that.
What are the main threats faced by the rail sector when it comes to cybersecurity?
The easiest one is the disruption to the network. For trains experiencing a threat, there is a failsafe mechanism that by default is stopped, any change in the communication circuit will stop the train. This is the easiest way for attackers to produce the kind of ransomware that we know from computers.
Imagine ransomware where all the trains are stopped and the consequences of that. Using wireless communication allows the attackers to leverage the mechanisms that control the speed of the train. This might result in accidents or derailment. These are things that are very unique to the market, and new technologies expose this system.
There is a process of integration between all modes of transportation, this must continue to evolve with digitalization. In parallel, to enable this process of digitalisation, operators need to protect their systems.
How can Cylus help with this issue?
The way that we do it, is by installing sensors in the system to assess the communication to monitor the different communication channels.
Using machine learning and AI technologies, once we detect an anomaly that might represent attackers we provide actionable insights to the operational staff on what to do. One of the challenges of the rail industry is that these professionals are not necessarily experts in cybersecurity.
We narrow the gap between. We understand what the threats are, we understand what they need to do, and we translate it for them into a language that they understand.
For example, they know a point machine number or switch number x, or train number y, you should go to this location and do that. We simplify this in order to help them to operate the trains.
The technology is fitted in the infrastructure, in the signalling system and all the technologies that are related to controlling the routes, the tracks, and onboard trains. We install on the infrastructure, in the stations, or on the train itself.
Why do you think this technology has not been adopted sooner?
I think one of the challenges is that it’s not easy to provide a solution to this industry. These technologies are diverse types of technologies that are unique.
They were designed for safety, not for security, but safety is a very important thing. In order to develop a solution that fits the industry, it needs to not interfere with the system. This set of constraints makes the challenge very big. Therefore, it’s not easy to get into that.
Digitalisation must continue. In parallel, customers and rail companies must continue to invest in cybersecurity and narrow the gap between the safety issues that might be impacted by several attacks, in order to continue to maintain value to customers.
What does the future hold for cybersecurity in rail?
I think that over time the maturity of the attackers will be higher, they will be able to develop tools that they can replicate in different systems as we can see in the IT environment. There are tools that you can just buy and use.
In order to protect rail, protect the system, we should have a shared environment also for the rail industry, not only for that tech itself. The rail industry must work together in order to learn from one company to another.
I think that in three, maybe five years, there will be other threads that are related to the integration between different modes of transportation.
There are tools today that allow you to move from one point to the other – using cars, buses, and trains. Everything will be integrated in the future, so this kind of thing should also be protected.