UK rail comms are safer than mobes – for now – say infosec bods
Industry told to harden systems to prevent future train smash carnage
Analysis Last week's warning that Britain's railway systems could be susceptible to hacking has triggered a debate among security experts.
Prof David Stupples of City University London made headlines last week with a warning that plans to replace the existing (aging) signalling system with the new European Rail Traffic Management System (ERTMS) could open up the network to potential attacks, particularly from disgruntled employees or other rogue insiders. "Major disruption" or even a "nasty accident" could ensue if miscreants were able to plant malware on the system, the computer scientist warned.
The Station Agent
ERTMS is made up of on-board train, trackside and GSM mobile telephony equipment. The system is intended to replace legacy trackside signalling and voice systems with a modern in-cab signalling and voice communications system, based on a European standard.
The technology is designed to help lay the tracks towards faster, safer trains and more efficient use of the existing rail network. Similar technology is being adopted around the world and not just in Europe. UK testing has already begun ahead of a roll-out expected to take place over five years into the 2020s.
Chris Day, ICS security researcher at security consultancy MWR Infosecurity, commented: "ERTMS has been rightly recognised by the UK government and railway operators as critical infrastructure that is potentially susceptible to computer attack and there are ongoing investigations and remedial actions to mitigate identified risks against ERTMS. The fact this process is already in progress prior to the system being deployed in the UK is an important, proactive step forward in Industrial Control System (ICS) security management."
"This will benefit both rail users and operators, as security issues are cheaper and more likely to be fixed if they are discovered prior to a systems deployment," he added.
Day said that the risk of malware getting introduced to the system, as highlighted by Professor Stupples, were perhaps a little overstated:
"In our experience, the exploitation of core, safety-critical components of ICS presents a very different exploitation challenge to traditional desktop environments," Day said. "Due to the safety-critical nature of ICS, we often see a very low tolerance to malicious activity and failure into to safe modes of operation."
The Stuxnet attacks against Iran's nuclear centrifuges back in 2010 shows that industrial control plant can be attacked with malware, but such attacks remain very difficult to pull off, according to Day.
"Exploiting ICS will require a different approach and toolset to successfully execute attacks," Day explained. "Just as security researchers and black hat hackers retooled to attack mobile devices in the early 2000's, there will need to be a similar retooling period before we see a dramatic increase in ICS exploitation."
"Unlike the mobile sector, there is currently a lack [the sort of] commonality between different ICS vendors which would facilitate widespread ICS exploitation. However, this appears to be changing, as ICS vendors are also slowly converging on delivering products using the ARM architecture and Commercial Off The Shelf (COTS) software to reduce the development costs of ICS equipment and remain competitive. The use of COTS technologies without appropriate security hardening remains a high-risk security weakness for ICS,” Day concluded.
El Reg contacted City University London for comment on Day's analysis, but is yet to hear back at the time of going to press. We'll update this story as and when we hear more.
As previously reported, Network Rail told El Reg that digital in-cab signalling is already used "safely and effectively by dozens of countries in Europe and around the world and is similar to technology already in use on the Tube and other metro systems in this country". Cyber-security is a key part of the plan for introducing digital train control technology, it said, adding that it was working closely with "government, the security services, our partners and suppliers" to ensure safety. Network Rail operates the UK's rail infrastructure, a role that makes it the lead organisation in the rail commas upgrade.
Transport hubs and routers
Countries need to address the problem of cyber-criminal activity, not only on transport systems, but on critical infrastructure as a whole, according to Kaspersky Lab.
David Emm, principal security researcher at Kaspersky Lab, commented: “Whilst Kaspersky Lab is not privy to the security tests conducted by the rail lines, the fact that our train network could be compromised by cyber-criminals is another warning sign of the risks we face as our critical infrastructure becomes increasingly connected."
Attacks against industry control and traffic management systems are becoming more than the staple of Hollywood hacker movies, according to Emm, who said isolated incidents of real attacks are already occurring.
“We’re already seeing examples of cyber-criminals exploiting new technology. For example, in Moscow, speed cameras and traffic monitoring systems were infected with an unidentified Trojan which stopped authorities catching traffic offenders. A seemingly minor attack, which had huge effects on function and revenue collection.
Security should be built into systems from the onset rather than added as an afterthought, according to Emm.
“We should view the recent warning as a wake-up call, not only for the transport industry, but for critical infrastructure as a whole. Governments and businesses around the world are now grappling with the potential threat to ‘critical infrastructure’ installations and the need to defend systems that, if successfully attacked, impact not just the organisations concerned, but society at large," Emm said. ®