The UK’s next generation of signalling system using digital technology will be rolled out on intercity routes in the 2020s, but could be at risk from hacking causing a serious crash, according to Prof David Stupples, a scientific Government advisor. Network Rail takes the threat seriously. With UK testing through the European Rail Traffic Management System underway, Network Rail says, “We work closely with government, the security services, our partners and suppliers in the rail industry and external cyber security specialists to understand the threat to our systems and make sure we have the right controls in place”.
So what could happen?
The new system is designed to make networks safer by reducing driver error, however if the system were hacked with malware, then the speed at which a train travelled could be overridden and the length of time it was programmed to stop could be slowed down, creating either disruption or worse, a potential accident.
With a robust security system to the outside world, the threat is deemed to be greatest from a rogue employee or an ill-informed worker, say plugging in a malware infected device. With an aged and disconnected infrastructure, the rail networks have hitherto not been a frequent target, however as transport systems become more computerised and connected, this threat will only increase.
This comes at a time when the FBI have recently sent out a formal alert to US airlines to warn them of the dangers of their wi-fi network being hijacked, following a tweet by an independent security expert that he had successfully accessed the network through the in-flight entertainment system (IFE) . The FBI and the US Transportation Security Administration are working fast to cover up the cracks, but this is not new news. The concern is that an avionic network could be accessed illegally, and controls for the plane being taken over – either from someone on board or on the ground.
Technology is a wonderful thing, but only in the right hands. The job of defencing network systems can truly be life critical, let alone business critical. Whatever your line of business, take the time to regularly review your security systems and test it for failure. Sometimes it only takes one incident to do irreparable damage to the public’s trust in an organisation. Don’t let that company be yours.