Alex Mathews, Head of Technology EMEA at Positive Technologies talks to Security Buyer about the recently reported cyber attacks on UK railways over the last year.
“At the heart of any modern railway infrastructure lie microprocessor-based railway control systems. They employ object controllers that manage traffic lights, track circuits, switchgear, and rail crossings.
“If hackers manage to gain unauthorised access to such systems and bypass functional protection mechanisms, they may perform a wide variety of actions like throwing points under a train or falsifying data on track occupancy, making busy tracks looks like vacant ones and vice versa. Consequences of such actions may include not only financial losses (railway tracks not used or derailing of a freight train due to misleading signaling that points to a dead-end), but also a human toll (trains colliding due to spoofed traffic light signalling).
“Positive Technologies experts pay close attention to the issue of railway infrastructure security and carefully study existing ICS vulnerabilities to design protection systems to counter these threats. During the last several years, the specialists discovered dozens of high severity vulnerabilities and attack vectors that may directly affect industrial security of railway transportation, which was demonstrated at Positive Hack Days, the international conference on practical cybersecurity. The forum featured a model railway where all its elements including trains, level crossing gates, and traffic lights were managed by an ICS.
“The forum participants were suggested to perform a number of tasks that showcase possible consequences of hacker attacks on railway infrastructure objects. The competition demonstrated that hacking industrial systems some of which were designed without any regard to cybersecurity standards is a task easy enough even for beginners.”
The risks of cyber attacks on modern railway security
About Security Buyer
Security Buyer is the leading authority in global security content, delivering expert news, in-depth articles, exclusive interviews, and industry insights across print, digital, and event platforms. Published 10 times a year, the magazine is a trusted resource for professionals seeking updates and analysis on the latest developments in the security sector.
To submit an article, or for sponsorship opportunities, please contact our team below.
Rebecca Spayne
Managing
EDITOR
Georgina Turner
Sales
Manager
Afua Akoto
Marketing Manager
Read the Latest Issue
Follow us on X
Follow us on X
Click HereFollow us on LinkedIn
Follow us on LinkedIn
Click HereAdvertise here
Reach decision makers and amplify your marketing