With the announcement of a new security directive coming from TSA for the rail industry, cybersecurity has been getting a lot of deserved attention from rail operators lately. Properly managing cyber risks in this sector of the economy is now crucial, since new attack vectors from increasing connectivity and software programs are opening up railway industrial control systems (ICS), such as positive train control (PTC), to new threats. To keep passengers and crew safe onboard, rail operators must implement preventative security measures to avoid cyberattacks that may lead to accidents.
There have been quite a few documented cybersecurity incidents within rail infrastructure around the world, including Denmark, Germany, and New York. Although the motivation for most of these attacks was to install ransomware for financial gain, the fact that an attacker could get that far into a rail operator’s network is a wakeup call for many. Even a relatively minor cyber-physical attack could be extremely damaging because it can cause safety issues if it affects a digital signaling system, which can endanger passengers or destroy infrastructure.
Safeguarding PTC systems and other operational technology (OT) in railways is essential to any country’s national security. The biggest issues with implementing good cybersecurity practices for rail infrastructure are the legacy systems and complex architectures, which can make this task difficult.
Many organizations have relied solely on IT security tools in the past to protect themselves, such as endpoint detection and response (EDR), firewalls or anti-virus software. These are not effective defense methods for control system environments, which are the backbone of our railways. Because ICS operators prioritize reliability and safety over all else, many IT security tools are simply too intrusive for sensitive industrial control system endpoints.
Here are three tips to help rail operators get started with ICS cybersecurity:
As rail transportation continues to expand and play a critical role in the world economy, rail operators must take the appropriate steps to minimize their cyber risk. To help inform your search for an ICS cybersecurity solution, we created our Buyer’s Guide, which explores current trends in the cybersecurity market, 7 qualities to look for in an OT/ICS cybersecurity solution, and best practices for maturing your security program. You can download this Buyer’s Guide here.