Frequently Occurring Cyber Security Incidents in Rail Transit
Rail transit has become a vital part in public’s lives, and with the increasing automation of key security systems, such as the communication signals, and the spreading of hacker activities, cyber security incidents have been occurring in an alarming rate.
▪ In November 2016, Muni Light Rail in San Francisco, the seventh largest transit system in the United States, was hacked and the ticketing system turned inoperable. The hacker demanded a ransom of US $74,000.
▪ In January 2016, the Passenger Info-Display System of the subway in Kiev, the capital city of Ukraine, was hacked. On the screen it appeared a photo of the notorious Professor Moriarty in the Sherlock Holmes series, and caused a panic among passengers.
▪ In December 2011, the North Western Railway in the United States was hacked. The railway signaling system was crippled for two days.
The existing vulnerability in railway transit security has caused concerns to many stakeholders. In July 2015, an authoritative data base, Repository of Industrial Security Incidents, has named rail transits one of the most highly risky industries targeted by hackers, next to the power and petro-chemical industries. Railway companies around the world have recognized the severity of hacker attacks, and they must develop with vigor a plan for their network security.
Cyber Security is Particularly Important with Rapid Development of Rail Transit
In recent years, China’s rail transit, particularly in the cities, has developed rapidly and become the main mode of transportation for the Chinese people.
2016 marks the beginning of “the Thirteen Five-Year Plan”, whereas city traffic continues to grow in a rapid trend. According to the statistics from China Association of Metros, by the end of 2016 there were totally 133 lines of operating rail transits in 30 cities of Mainland China, total length up to 4153 kilometers, an increase of 18% from previous year. For the first time, the annual distance of new operating lines exceeded 500 kilometers – a record high of 535 kilometers, an increase of 20% from previous year.
Based on statistics from China Association of Metros, by 2016, a historical high of RMB 384.7 billion has been invested into the city rail transits in the Mainland China. By the end of 2016, 58 urban rail network plans were approved (including 14 plans approved by the local municipal government), total length of which reached 7305.3 kilometers. The scope of the existing and future rail networks, the investments volume, and the construction progress continue to expand and grow in a steadily pace.
The rapid development of our nation’s urban rail transit is self-evident. Following the continuous enhancements in our nation’s rail transit automation and connectivity, network applications have entered the stage of practical development and applications in new technologies such as big data, cloud computing, wireless communication, and etc. When any culprits attack an urban rail transit, hundreds of thousands of people’s lives are endangered, and the consequences may be disastrous. Hence, the key for the rail transit industry to grow and develop in a healthy and steady manner lies in the security assurance of the information and network system.
Cyber Security Protection Ushers in the Arrival of the Intelligent Rail Transit
As yet, there is no single standard designed for railway system cybersecurity. With many different rail systems run by different system suppliers, cybersecurity is a tough job. The leading rail organizations have developed cyber security programs or frameworks to address railway cybersecurity risk based on current and recent guidance for Industrial Control System security, mainly as following:
▪ IEC 62443 Industrial communication networks – Network and system security
▪ EDSA-311:2010: ISA Security Compliance Institute – Embedded Device Security Assurance Functional Security Assessment
▪ EDSA-312:2010: ISA Security Compliance Institute – Embedded Device Security Assurance Software Development Security Assessment
▪ ISO 27001: Information technology – Security techniques – Information security management systems
▪ NIST SP-800-82:2015 guidelines on how to secure Industrial Control Systems
With our experiences on various projects in Asia, Europe, United States, TÜV Rheinland’s cybersecurity assessment can review your railway system to ensure it is secure and resilient against cybersecurity attacks. Unlike a typical IT security assessment, we understand that operation technology systems are different, and require specific knowledge to offer a hacker’s perspective on how a system can, and will be, compromised
|Our scope of assessment normally covers (but is not limited to) the following items:
· Interfacing of the vital and supporting systems
· logical access controls
· Password management policy
· Network segregation
· Process of tracking changes in configuration
· Operating system hardening and peripheral device control (e.g. USB devices)
· Backup and restore procedures
· The ability to discover an attack and process the incident response
|We look at both vital and supporting sub-systems across the entire railway system, including (but not limited to):
- PSCADA, FSCADA
- Platform screen door
- Automatic fare collection
- Electronic access control
- Communication (COM)
- Depot equipment and train washing plant
TÜV Rheinland has been providing technical services for railway applications for over 50 years, covering all types of railway facilities including conventional and high speed railways, metro, light rail, tram, maglev, etc.
We are always committed to growing with our clients by continuously providing them the latest security assessments and certification solutions based on any technological developments, and further provide security protection to China’s rail transit network.