During the webinar ‘Cybersecurity for rail digital transformation projects during the pandemic’ held on 2 December 2020, rail cybersecurity experts debated what should be prioritised by rail operators and infrastructure owners when securing networks. The webinar was organised by the International Railway Summit in association with Waterfall Security Solutions.
Over recent years, the digitalisation and interconnectivity of railway systems has continued to accelerate, resulting in many benefits such as improved efficiency and interoperability, together with data-driven predictive service planning and asset maintenance. However, the more information we place online and the more we interconnect, the more avenues are opened to cyberattack.
Marie-Hélène Bonneau, Head of Security at UIC, provided the audience with the worldwide cyber threat context and an overview of UIC-related activities. She highlighted the involvement of UIC in several research projects funded by the European Commission, particularly the Safety4Rails EU project, which started few weeks ago and focused on combined cyber and physical attacks against rail and metro systems. She said that this kind of hybrid threat was emerging and would be addressed by providing an information system to better prepare and manage such crises.
She also highlighted that international cooperation regarding cybersecurity was very challenging, as the information was very sensitive, especially regarding vulnerabilities. However, exchanges on past events, lessons learnt, and best practices were key in order to better manage risks. That was what was developed as much as possible at UIC.
Her presentation also provided an opportunity to highlight that digitalisation was accelerating; any object could now be connected online with the ability for communication and data capture. Regarding communication, the introduction of 5G for rail – the Future Railway Mobile Communication System (FRMCS) – was one of the most important digital projects currently managed at UIC. It would define and specify the new communication system that would replace GSM-R and would definitely be the enabler for railway control-command digitalisation.
Finally, she mentioned the UIC’s ongoing programme on Railway System Modelling (RSM) which was also a key enabler for the digital transformation of rail.
Indeed, webinar moderator Stefan Deutscher, Partner & Associate Director, Cybersecurity & IT Infrastructure at Boston Consulting Group, warned that digital transformation without adequate cybersecurity was a train wreck waiting to happen.
Jesus Molina, Director Industrial IoT, Waterfall Security Solutions, agreed that rail had overlooked cybersecurity for too long, and stated that it was a prerequisite for successful operations and for the safety of critical rail infrastructure such as control centres, signalling and rolling stock.
Vish Kalsapura, Principal Engineer – Network Services, Network Rail, talked about the UK infrastructure manager’s ‘Digital Railway’ programme. The rail system had to be considered holistically, as a system of systems.
Dr Molina introduced Waterfall Security Solutions’ hardware-enforced Unidirectional Gateway technology, which allowed digital information to travel only one way. No attack could propagate back to the industrial network and the technology was future-proof.
Mr Kalsapura said that although the technologies were there, “organisational resistance” could remain an obstacle to companies’ security improvements. Dr Molina shared his experience that those who had invested more in cybersecurity had subsequently shown a greater ability to innovate. For Vijay Devnath, General Manager (Infra & Security) & CISO, Centre for Railway Information Systems (CRIS), Indian Railways, human resources were both the biggest asset and the biggest threat. As more than half of Indian Railways’ 1.3 million employees were not sufficiently cyber-prepared or technically proficient, they had embarked on an extensive training programme.
All speakers agreed that international collaboration, stronger regulations and strict global standards were essential. Ms Bonneau informed participants that UIC had set up a cybersecurity working group within the rail system department and was also hosting ER-ISAC (European Railways – Information Sharing and Analysis Centre) to strengthen this collaboration.
A poll of the webinar audience found 100% agreement that more ‘should be done’ to recognise and proactively deal with rail cyber challenges. Of those respondents, 43% expressed that ‘nowhere near enough’ had already been done. The webinar aimed to raise awareness and provide pathways to greater security in the decades to come.
More information and an on-demand video are available at:
(Source : IRITS)