The so called Cyber Cold War has been raging globally. The manifestation of this new form of war has been prevalent from the 1990’s and since the proliferation of the cyber domain. This cold war has not only been restricted to the financial sector but also to many industrial setups. Railways has also been in the forefront of Cyber attacks from the era when it has resorted to digitization and cyber enabling of the Railway Services.
The Indian Railways has announced recently that the it is planning to do away with the 167 year old signalling system and is preparing to replace them with the latest Automatic Train Protection (ATP) systems in which the new automated train protection technologies – European Train Control System and Train Collision Avoidance System will be implemented.
What is New?
The National Rail Plan had earlier earmarked Rs 50,000 crore for the modernisation of railways’ signalling and telecom systems over the next five years. This plan includes the implementation of two ATP systems – European Train Control System (ETCS) and Train Collision Avoidance System (TCAS).
ATP is a safety system which looks at preventing accidents due to collision, jumping of signals (SPAD, or signal passing at danger, in railway parlance) and over-speeding. These projects include the amalgamations of SCADA, IoT, Enterprises Solutions, IT Infrastructure, ICT and also Cyber Security Overlay. The integrated anti-collision technology, which is a core element of the ATP system, is based on GPS data obtained from satellites for position updates. Further, both the TCAS and ETCS are meant to keep tabs on over-speeding and signal pass and will be using the 5 MHz of spectrum in the prime 700 MHz band.
Cyber Threat to Digital Infrastructure
The forms of cyber threat to Railways across the globe is not new. However robust the implementation may be, the continued and evolving Cyber Security and Resilience measures is the only solution to a continued Business Process where Cyber Dependency is high.
On 31 July 2020, Iran claimed that it has been able to sabotage the Israeli Railway system and has been able to effect 28 Israeli railway stations. A group by the name, Cyber Avengers said in a statement that it had targeted more than 150 industrial servers of Israel’s railways, affecting operations at 28 train and subway stations. The statement was published by Telegram channels that is linked to Iran’s revolutionary guards (IRGC).
The attacks on Railway Networks is not new:
- In January of 2008 it was reported that a teenager hacked the trams signalling system, taking control of the trains. As a result, four vehicles were derailed injuring twelve people in the city of Lodz, Poland.
- In the summers of November 2016, the ticketing system of San Francisco Bay Area Rapid Transit (BART) was affected by a ransomware attack.
- The recent WannaCry Malware resulted in a Cyber Attack that had infected the German train systems in May 2017, leading to passenger information monitors being corrupted and the display displaying the ransom window.
The Characteristics of railway infrastructure make them targets for cyber-attacks due to the following:
- Increased connectivity within the Digital Train
- High degree of integration between IT and Operational Technology (OT)
- Distributed architecture
- Long lifecycles for equipment and certification processes. Once a component of the system is certified, it might be obsolete from a cybersecurity perspective in particular, considering the quickly evolving threat landscape.
- Diversity of supply chain and technology
- Traditionally the rail business has been very safety-orientated and there is a difficulty integrating both worlds, cybersecurity and safety.
Need of the Hour
The Indian Railways is the oldest in India and is also the largest employer. the Indian Railways stared way back in 16 April 1853 is one of the largest networks in the world. Rail systems have been in operation for more than 167 years, dealing with a vast array of issues and threats and has always been threatened by vulnerabilities and other forms of sabotage. The challenge today is to add cybersecurity awareness and cyber defense measures to the rail industry culture in the same manner that safety has been added to the culture of manufacturing and transportation. This will reduce the risks to rail and metro companies and their supplier base from cybersecurity incidents and possible liability should an incident take place.
- Establishment of CERT-Indian Railways: The CERT or the Computer Emergency Response Team is a mandatory organisation, especially when there is large scale dependency on IT and ICT infrastructure is resorted to. Notwithstanding, the Indian railways is part of the Critical Infrastructure of the Country.
- Cyber Security Organisations: The Cyber Security Technical Organisation with cross-functional capabilities, consisting of consultants, control systems engineers and IT professionals is to be established. The goal is to leverage experience in various industrial sectors and create tighter integration between IT and ICS systems to address cyber security concerns. This organisation along with the functional engineering group can help identify, protect, detect, respond, and recover from threats as necessary to ensure Cyber Security and Resilience.
- Project Honeytrain: This is a new perspective, that will pay dividends over a long run. This initiative of setting up the Project Honeytrain will put the existing threats to rail infrastructure into perspective. Project Honeytrain, under the ambit of the Cyber Security Organisation can be setup to learn how attacks on rail systems could be performed and also to gather information regarding the existing cyber criminal community. A virtual rail infrastructure can be created reproducing real rail system. The captured attacks on the Honeytrain Project can leverage automation and also can validate the existing tools. this can also test the configuration of industrial components and the signalling system, which as mentioned before is safety critical. This Project will also provide knowledge of SCADA systems, firewall components and other security infrastructure used in the railways.