Cyber Security In Modern Railways

Uploaded on 2016-01-13 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

Eurostar High Speed Trains at Waterloo Station, London

Railways belong to the critical infrastructure of a country, along with power-plants, water facilities, electric grids. The team of experts are warning of the presence of security holes in the railroad systems that open them to cyber attacks, during the Chaos Communication Congress they disclosed a long list of security issued affecting railroad systems.

The experts did not mention specific trains when presented the results of their study, their presentation was focused on an overview of the security issues that potentially affect modern railroad systems.

In their presentation, the team of experts detailed SIBAS, a train protection system that is widely adopted in Europe. The SIBAS used the Siemens SIMATIC components, including  the WinAC RTX controller, which is designed for different purposes, such as the PC-based automation solutions. The WinAC RTX is affected by several security vulnerabilities that could be exploited by hackers.

The researchers also examined the computer-based interlocking (CBI), a signaling system designed to prevent the setting up of conflicting routes. The hacking of CBI would cause serious problems, including physical damage.

According to Sergey Gordeychik, for threat actors, “it’s absolutely easy,” to exploit these vulnerabilities, despite in some cases, the attackers would need a deep knowledge of railroad systems to exploit the flaws.

Most of the problems affect automated systems in railroad networks, such as signaling components and locks, the experts highlighted the huge presence of technology in modern railway systems.

The railway systems examined by the team are affected by a large number of vulnerabilities, including the lack of authentication protections, poor maintenance, operating systems and software components not updated, and of course, hard-coded passwords.

The attack surface of modern railway systems is enlarging due to the presence of new solutions, including connected systems and entertainment devices.

“We worked with operators for 3 years and at the beginning there was a lot of skepticism, but now they understand the threats,” Gordeychik said via email to SecurityWeek. “A lot of devices work on the same channel: like engineering equipment and user systems,”

Fortunately, there is no news of significant cyber attacks against trains and other transportation systems. While cyber criminals are not financially motivated in hacking such kind of systems, other illegal activities are more profitable for them, nation-state hackers could start exploring this opportunity.

Cyber security of railroad systems must be a priority for any government as the risk that hackers will exploit the vulnerabilities discovered by the experts is concrete.

Security Affairs: http://bit.ly/1kAYd2s

« Ukrainian Power Grid Hack
Top 2016 Big Data Challenges: Skills Shortage »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Softtek

Softtek

Softtek provides comprehensive software Quality Assurance and Testing that identifies the correctness, completeness, and quality level of software products.

PhishLine

PhishLine

PhishLine helps Information Security Professionals meet and overcome the increasing challenges associated with social engineering and phishing.

Exprivia

Exprivia

Exprivia is active in the design, development and integration of IT systems including cyber security.

IGX Global

IGX Global

IGX Global is a provider of information network and security integration services and products.

Viavi Solutions

Viavi Solutions

Viavi Solutions is a global leader in both network and service enablement and optical security performance products and solutions.

Wallarm

Wallarm

Wallarm offers an adaptive security platform including an integrated Web vulnerability scanner and NG-WAF solution with automatically generated security rules based on AI.

MBL Technologies

MBL Technologies

MBL Technologies specializes in information assurance, enterprise security, privacy, and program/project management.

Fly Ventures

Fly Ventures

Fly Ventures is a seed-stage venture capital fund for outstanding teams building Enterprise and Deep Tech startups in Europe.

Global Resources

Global Resources

Global Resources' planning and management capabilities support city, regional, and national utility and infrastructure management, and information systems and cyber security service delivery.

Trellix

Trellix

Trellix is an extended detection and response (XDR) solutions provider created from a merger of McAfee Enterprise and FireEye Products.

ClosingLock

ClosingLock

ClosingLock is the leading provider of wire fraud prevention software for the real estate industry.

Aceiss

Aceiss

Aceiss empowers access security, providing unprecedented visibility and insights into user access.

Binalyze

Binalyze

Binalyze is the world's fastest and most comprehensive enterprise forensics solution. Our software helps you to collaborate and complete incident response investigations quickly.

CloudWave

CloudWave

CloudWave, the expert in healthcare data security, provides cloud, cybersecurity, and managed services to healthcare organizations.

Binarii Labs

Binarii Labs

Binarii are focused on helping enterprises to design and deploy SaaS solutions that utilise DLT (Digital Ledger Technology) effectively, efficiently and sensibly.

Sardine

Sardine

Sardine is a leader in financial crime prevention. Using unparalleled device intelligence and behavior biometrics, Sardine applies machine learning to detect and stop fraud before it happens.