4SECURail has recently reached its mid-term objectives for the design of a computer security incident response team (CSIRT), which will allow for identified threats to be shared with targeted railway stakeholders across the European railway network.
The project – a two-year initiative part of the EU Shift2Rail programme – aims at enhancing information sharing and cooperation within the European Union, supporting the whole network’s interoperability of signalling systems for railway security.
Launched in Barcelona at the beginning of 2020, 4SECURail is being developed by a multinational consortium of European organisations – including Spanish engineering corporation Ardanuy and the Italian National Research Council.
The need for projects like 4SECURail shows that while railway has not previously been at the centre of cyberterrorists’ threats, the increasing interconnection between railway systems has led to a surge in unwanted interest from cybercriminals.
The cybersecurity risks to European railways
In the last few years, the railway sector has increasingly become victim of cyberattacks, with European companies such as Swiss rolling stock manufacturer Stadler as well Spanish rail infrastructure manager Adif falling victim of ransom demands and data breaches.
According to ProPrivacy digital privacy researcher Attila Tomaschek, the European railway network is prone to the same type of risk as other sectors. “Though the railway sector in Europe may not be the most prevalent target for a cyberattack as compared to other sectors, that doesn’t mean that it’s not at risk of becoming a target,” he says.
“In the past, the European railway sector has been hit with malware, ransomware, DDoS attacks, and data breaches.
“Sometimes attacks like these are aimed at disrupting critical infrastructure systems in general, other times they’re after sensitive company or consumer data, or to hold critical data for ransom.”
European railways have their own ways of dealing with IT threats, but what is missing is a common European framework to react against cyberattacks.
“4SECURail aims to support for the implementation of the CSIRT collaborative model that will increase in a significant way the cooperation, reaction time and quality response between all involved stakeholders in case that a cyber threat occurs,” says Ardanuy innovation project engineer Lambert Grange Vilà.
Tomaschek believes the network is making progress in strengthening its cybersecurity practices.
“Though there are undoubtedly improvements to be made in terms of cybersecurity awareness and updates to be made to legacy systems and outdated processes, things seem to be moving in the right direction towards making the European railway sector one of the most cyber secure railway networks in the world,” he says.
The benefits of 4SECURail
As explained by Grange Vilà, 4SECURail’s primary benefits will involve standardising formal methods of railway signalling system. The project team worked on the development of a formal demonstration of methods, which is set to be released after a cost-benefit analysis.
“The standardisation will result in greater integration between the different European countries and will also help to reduce the costs of railway signalling,” comments Grange Vilà.
Moreover, projects such as 4SECURail that address the needs of CSIRT will strengthen the whole system, both among railway infrastructure managers and freight and passenger operators.
“Using the resources and the media of an increasingly interconnected world offers a wide range of advantages to be exploited, but it also exposes the European railway system as a whole to an increasing number of threats as the ones explained before,” explains Grange Vilà.
“In order to better anticipate, prevent and react to these treats there is a need for a collaborative CSIRT model that can enhance knowledge to respond and manage them in a uniform way.”
“Through such proactive initiatives, the European railway network will benefit from stronger cybersecurity practices across the board, more efficient security response and notification protocols, as well as increased interoperability between signaling systems,” says Tomaschek. “Ultimately, the overall goal is to increase the safety, security, and efficiency of the European rail system.”
Cybersecurity: an issue of today and tomorrow
Rail cybersecurity concerns have only been raised in the last few years, because before the system did not look as desirable to criminals as other infrastructures.
According to Grange Vilà, the pandemic has provided fertile ground for cyberterrorists. “The overall crisis produced by the Covid-19 are causing severe effects in the economy and the entrepreneurial network,” he says. “Organised crime groups likely see this as an opportunity to target organisations in desperate situations.
“On the other side, the increased number of remote working practices bring additional risks and has reported a rise of cyberattacks as more employees work remotely.”
The reasons behind the increase in cyberattacks are plenty, continues Grange Vilà, and could include espionage, organised crime and poor web security and practices.
“Continuing to use deprecated software for which manufacturers no longer provide security patches, using hard-coded passwords for remote systems, existing vulnerabilities in IT or OT devices, or failing to isolate engineering systems from passenger entertainment systems that could provide the attackers access to critical systems.”
Threats will continue to emerge and railway networks, in particular ones as interconnected as the EU, need to step up their game.
“The railway sector needs to make a concerted and proactive effort to stay one step ahead of the various threats posed by various malicious entities,” explains Tomaschek.
As for the future, both professionals stress the importance of coordinating cybersecurity throughout the whole European network. “Through improved collaborative processes and updated systems, the European railway system’s cybersecurity defences will be able to properly keep pace with the rapid digital transformation going on inside the industry and with the evolving threat landscape happening externally,” concludes Tomaschek.
“In addition, the European rail is undergoing a major transformation of its operations, systems and infrastructure due to digitisation, mass transit and increasing interconnections, which will require major cybersecurity measures,” adds Grange Vilà.