Technology has led to the advent of connected vehicles intelligent enough to interact with the driver and link to the cloud. But this has opened up a new avenue of cyberattacks in which bad actors could disrupt a vehicle’s operations by hacking into its control network.
With connected vehicles becoming more commonplace on the highways, cybersecurity programs have been pursued to good effect in the auto industry. However, cyberattacks can be equally disruptive to railroads.
FreightWaves spoke with Amir Levintal, the CEO of Cylus, an Israeli rail cybersecurity startup, to understand the potential impact of a hacking event.
“Over the last decade, more and more technologies have been introduced in the rail industry for both signaling systems and the rolling stock. By using wireless communication to control the train, the rail system is exposed to cyberattackers who can get into the network and do sensing and control the same way switches can,” said Levintal.
The rail freight business is based on a failsafe mechanism. When the train detects a communication signal that is not part of the process, the engine stops for safety. “Stopping the train might be safe, but it is not secure [because] if the attacker succeeds to get into the network and send just one command that is not part of the process, it will stop the train,” said Levintal.
While that might not be a catastrophe in itself, it could cause a huge disruption to freight movement. If, for instance, the train carries goods with short expiration windows, such as produce, unexpected halts could spell disaster.
“For rail companies to prevent such attacks, they must have visibility into situations where hackers are trying to attack their network. Once they have that, they can understand what someone is trying to do, and remediate and remove the attacker,” said Levintal. “But to detect the attacker is a real challenge as the networks are very complicated and spread over a large area.”
Real-time visibility into the network will allow railway companies to automatically detect hackers and establish protective measures around the network in case of an attack. According to Levintal, rail companies currently lack that visibility.
“For rail cybersecurity, there is no single solution that fits all. Rail companies need a solution that is specifically designed for them. This is because most of these systems are proprietary technologies and communications, and generic solutions cannot work,” said Levintal.
Levintal explained that Cylus can help here because it is focused on the rail industry and understands the cybersecurity issues that surround it.
The cybersecurity measures start with Cylus nonintrusively analyzing data from networks and then doing more in-depth inspections for data anomalies, which hackers look to capitalize on during an attack. “If we detect malicious activity, we provide actionable insights to the operator and controlling station and let them know what to do with the attack,” Levintal said.
Levintal said solutions like Cylus complement the expertise of the people working at the control system.
“They are great at train signaling and freight locomotives but are not necessarily good at cybersecurity,” Levintal said. “There is a very close relationship between security and safety, and the fact that a system is safe doesn’t mean that it is secure. Once the rail companies understand that cyberattacks might harm safety, they would deal with security in the same way they deal with safety.”