The risks of cyber attacks on modern railway security

Alex Mathews, Head of Technology EMEA at Positive Technologies talks to Security Buyer about the recently reported cyber attacks on UK railways over the last year.
“At the heart of any modern railway infrastructure lie microprocessor-based railway control systems. They employ object controllers that manage traffic lights, track circuits, switchgear, and rail crossings.
“If hackers manage to gain unauthorised access to such systems and bypass functional protection mechanisms, they may perform a wide variety of actions like throwing points under a train or falsifying data on track occupancy, making busy tracks looks like vacant ones and vice versa. Consequences of such actions may include not only financial losses (railway tracks not used or derailing of a freight train due to misleading signaling that points to a dead-end), but also a human toll (trains colliding due to spoofed traffic light signalling).
“Positive Technologies experts pay close attention to the issue of railway infrastructure security and carefully study existing ICS vulnerabilities to design protection systems to counter these threats. During the last several years, the specialists discovered dozens of high severity vulnerabilities and attack vectors that may directly affect industrial security of railway transportation, which was demonstrated at Positive Hack Days, the international conference on practical cybersecurity. The forum featured a model railway where all its elements including trains, level crossing gates, and traffic lights were managed by an ICS.
“The forum participants were suggested to perform a number of tasks that showcase possible consequences of hacker attacks on railway infrastructure objects. The competition demonstrated that hacking industrial systems some of which were designed without any regard to cybersecurity standards is a task easy enough even for beginners.”

About Security Buyer

Security Buyer is the leading authority in global security content, delivering expert news, in-depth articles, exclusive interviews, and industry insights across print, digital, and event platforms. Published 10 times a year, the magazine is a trusted resource for professionals seeking updates and analysis on the latest developments in the security sector.

To submit an article, or for sponsorship opportunities, please contact our team below.

Rebecca Spayne picture 2025

Rebecca Spayne

Managing
EDITOR

Georgina Turner image

Georgina Turner

Sales
Manager

Afua Akoto image - Security Buyer

Afua Akoto

Marketing Manager

Read the Latest Issue

Follow us on X

Follow us on X

Click Here

Follow us on LinkedIn

Follow us on LinkedIn

Click Here

Advertise here

Reach decision makers and amplify your marketing

Advertise here

Click Here

Related News

Product Spotlight - HID

Product Spotlight – HID

Access control is evolving into a smart, responsive platform—integrating embedded apps, IoT, and cybersecurity to deliver…
Genetec

Genetec brings new capabilities to Security Center SaaS

Genetec announced new updates to Security Center SaaS, the company’s enterprise-grade Security-as-a-Service (SaaS) solution..
I-Pro

i-PRO Launches Revamped EMEA Partner Program

i-PRO announced a major expansion of its EMEA Partner Program. The move supports i-PRO’s long-term growth strategy and…
ASIs international

ASIS International Introduces New ANSI-Approved Investigations Standard

ASIS International, a leading authority in security standards, is excited to announce the release of its revised American National Standards.
Gallagher Security and Yusuf Bin Ahmed Kanoo Company Limited sign MOU in Riyadh

Gallagher Security MOU with Yusuf Bin Ahmed Kanoo Company

Gallagher Security is proud to announce the signing of a Memorandum of Understanding (MOU) with Yusuf Bin Ahmed Kanoo Company…
Mike Hurst - Security Buyer

Zygal appoints Mike Hurst CPP CPOI

Zygal, which produces cutting edge AI cloud VMS and monitoring solutions for connecting, managing, and monitoring assets…
Secure Logiq

Secure Logiq expands into APAC

Secure Logiq is heading into the Asia-Pacific region with big plans and a clear focus on Australia and New Zealand. Helping to steer…
Sophos

Sophos Enhances Protection and Incident Response

Sophos announces an update to its Sophos Firewall, now including Sophos NDR Essential, which is free for all customers with an…
Dallmeier

Tenerife Airport relies on video technology

Tenerife Norte-Ciudad de La Laguna Airporthas significantly improved its safety by installing state-of-the-art video technology..
ICT

ICT announces Stewart Meyer as Chief Marketing Officer

Integrated Control Technology (ICT®), a leading provider of intelligent access control, intrusion detection, building automation and…
Scroll to Top