Are Trains at Risk from Cybercrime?

This post is also available in: עברית (Hebrew)

Cybersecurity concerns are rising along with political tensions, and it seems that critical infrastructures might be at risk. So far, attacks used to be limited mainly to DDoS attacks that only cause short-term nuisance, but is there real damage that hackers could potentially cause to infrastructures, such as transportation?

Turns out that the ability to “hack a train” is more real than you think- modern trains and railways have complex digital systems for control and navigation, and everything that’s digital on them can also be hacked.

According to Cybernews, in 2022 an anonymous hacktivist group managed to stop trains in Belarus to disrupt Russia’s military build-up in Ukraine. The attack served a political purpose and attempted to disrupt military aggression. However, the fact that hackers were able to access such critical infrastructure is a cause for concern.

There are two main threats to railways- the operational and the non-operational environments.

The non-operational environment affects railway companies’ data, which can be stolen and exploited. An example is an attack from April of this year on the Alaska Railroad Corporation (ARRC), during which cybercriminals stole sensitive information about the company’s vendors and employees from its systems. A similar case also occurred in the Netherlands in March.

When it comes to the operational environment, malicious actors can disrupt the functioning of trains, which can range from stopping them or manipulating their speeds to sabotaging operations by tampering with railway switches or even causing intentional collisions. Another different cause for concern is physical ransomware attacks where malicious actors prevent trains from moving until their ransom demands are met.

Furthermore, trains are autonomous – which makes them vulnerable. Intercity trains have very long braking distances, sometimes up to one kilometer, therefore more complex solutions are needed for train safety because they are controlled wirelessly.

Across Europe, trains use standardized train operating systems which contribute to efficiency in the railway industry. The downside of this is that it opens the door for attackers to break into these systems on a wide scale.

Another risk factor is human error- train control systems are maintained by numerous people, which increases the risks of systems being insecurely connected to the internet or employees using laptops infected with malware.

Trains, as opposed to other industries, have a very extensive lifespan and are expected to remain in service for around 30 years. Consequently, the train control systems currently in use were designed a decade or more ago.

Furthermore, train control systems include a complex system of various elements such as switches, light signals and other components. Maintaining it is challenging, mainly when the maintenance information is either outdated or it is unclear where it is stored.

Two possible solutions are a better and more extensive monitoring system, making sure to keep up to date with the risks of the time, and not getting complacent about the safety of older tech.