Railway networks around the world are facing an alarming rise in cyberattacks, with the most notable incident occurring in August 2023 when hackers infiltrated the radio frequency communications of Poland’s railway network, causing a temporary disruption in train traffic. In response to the growing threat, nations and rail operators have been working diligently to protect their networks. For example, Saudi Arabia recently announced a partnership to enhance the security of its railway service. Another rail operator, the Tel Aviv Purple Line light rail transport (LRT), which is currently under construction and expected to be operational by the end of the decade, is also ramping up its network protection measures.
To gain insight into the measures being taken to combat cyber threats in railway systems, Dark Reading spoke with Eran Ner Gaon, Chief Information Security Officer (CISO) of the Tel Aviv Purple Line LRT, and Shaked Kafzan, co-founder and Chief Technology Officer (CTO) of Cervello, a rail operational technology (OT) security provider.
Eran Ner Gaon explained that their focus has been on developing a comprehensive OT security strategy to identify and address potential threats. This strategy includes implementing threat intelligence, technological measures, incident response plans, and staff training related to the regulations set forth by the Israel National Cyber Directorate. He emphasized the need for skilled professionals who are well-versed in both cybersecurity and the world of OT, as well as the implementation of protective measures at all network layers, including physical separation, microsegmentation, and identity management tools.
Shaked Kafzan noted that the increase in cyberattacks against OT systems is concerning but not unexpected. He stressed the importance of proactive cybersecurity measures to prevent attacks, rather than merely attempting to fix the damage after an incident has occurred. He also highlighted the need for continuous monitoring, strict access controls, and vigilance in keeping up with cybersecurity compliance standards.
When asked about the challenges associated with patching vulnerabilities in rail systems while keeping them operational, Kafzan likened the process to changing the wheels of a car while it’s in motion, acknowledging that it can be complex and difficult to execute. He emphasized the importance of maintaining high availability and physical safety, which requires the use of passive yet informative cybersecurity solutions that do not disrupt the existing infrastructure and systems.
Looking ahead, Eran Ner Gaon and Shaked Kafzan discussed the potential role of artificial intelligence (AI) in bolstering cybersecurity for rail operators. Ner Gaon expressed optimism about incorporating AI capabilities into their technological tools, citing the potential for AI to perform high-quality actions efficiently. Kafzan echoed the sentiment, emphasizing that AI can help predict security breaches, improve operational efficiency, and provide real-time insights to enhance passenger experience.
In conclusion, the escalating threat of cyberattacks on railway networks has prompted operators to adopt robust security measures to protect critical infrastructure. By leveraging advanced technologies and implementing proactive security strategies, rail operators are working to stay ahead of potential threats and ensure the safety and reliability of their networks.