Cyber-Securely riding the rails

Trains have unique cybersecurity requirements. That is why Siemens Mobility uses a risk-based concept to ensure that passengers and goods safely reach their destinations.

Just who wants to have a hacker seize control of a train racing down the tracks? No one – except maybe the hacker and his shady comrades in crime. Digitalization can make such nightmare scenarios possible. Just like other technical innovations, digitalization involves risks. When it comes to rail operations – a part of our critical infrastructure – steps must be taken to prevent such incidents.

 

It is hardly a trivial task:  Today’s rail operations are unthinkable without digitalization. Signal controllers and control centers must be able to repulse such attacks, just like the trains themselves. Railroad cars pose special challenges for cybersecurity experts. After all, a hacker only has to buy a ticket, take a seat by the window and unleash the attack. “Unlike power plants, you cannot surround trains with fences or introduce biometric access-control systems for them,” says Christian Paulsen, the Product and Solution Security Officer at Siemens Mobility. “The systems must be secure when the hacker boards the train.”

The starting point is challenging, to say the least. A passenger train uses three networks to smoothly travel from point A to point B. It all starts with the passenger network that enables travelers to do such things as watch videos and write e-mails. The operator network comes next. This network displays the next stop and manages the air-conditioning system, among other things. The final system is the one that controls the train itself. It is a system to which only a very limited number of individuals have access. Interfaces connect the networks to one another. The display system in the operator network can be connected to the cloud, a feature that enables information about train connections in the next train station to be shown. It is a densely woven web of systems that, given all of their complexity, have to be protected from intruders – individuals who are committing crimes in the process. “This is where we come into play,” says Krishna Pandit, a cybersecurity expert who oversees the implementation of train cybersecurity concepts at Siemens Mobility. “Our job is to protect the systems against every conceivable attack scenario – for example by using encryption, firewalls and intruder-identification systems.”

Every model of a railroad car is different, customized to meet each customer’s needs.

Risk-based concept

Obviously, not all systems receive the same amount of protection. The information display monitors used in a Siemens Velaro (or ICE in Germany) are not as heavily defended as the train control network is. But that is hardly surprising. Providing equal lines of defense would dramatically drive up fares. For this reason, it is certainly in the realm of possibility that someone traveling home with his girlfriend at his side may suddenly make a marriage proposal to her appear on the train car’s monitor.

Pandit says the different levels of cybersecurity being used are part of a risk-based concept that is designed to provide adequate security at acceptable costs. The risk faced by a network is determined on the basis of three factors: First, a potential attacker is defined – the spectrum ranges from a bored passenger with hacker expertise to criminals with visions of blackmail in their minds. Next, cybersecurity experts think about the barriers that an attacker would have to overcome if a chink in the armor were found. Finally, they determine how easy it would be for someone who exploited such a vulnerability to use it for his or her purposes – like blackmail. 

 

The risk assessment is based on a combination of these three factors. The greater the potential threat, the higher and stronger the barrier that will be erected.  Every model of a railroad car is different, customized to meet each customer’s needs. As a result, the cybersecurity systems for rail vehicles are also tailor-made.

Cybersecurity has to be provided for decades

Components can naturally have vulnerabilities. A productCERT (computer emergency response team) handles this job at Siemens Mobility. It continuously monitors components. But not in traveling trains. Rather, in the cybersecurity centers of Siemens Mobility. When a vulnerability is detected, a solution is developed as quickly as possible and then offered to the operator as a software update. The result speaks for itself: The security record of Siemens trains is exceptional around the world, and not just for disaster scenarios.

Railroad cars also feature other aspects of cybersecurity. These vehicles are frequently used for 30 years and more.  Manufacturers – like Siemens Mobility – have to offer support for this entire time. This work involves not only vulnerability monitoring, but also the job of finding solutions for components made by third parties that no longer offer cybersecurity service. “They do not always have to be technical in nature,” Pandit says. “Let’s say that an operator wants to make sure that a train camera in the operator’s network has not been taken over by hackers. All the operator has to do is to regularly inspect the camera and ensure that it is working properly.” This, in turn, will demonstrate that everyone in a company has a strong cybersecurity mindset.

 

Such monitoring jobs may be performed by artificial intelligence at some point in the future. “With the help of a deep-learning process, you can create an AI agent from the sea of data produced by train fleet operations. This agent can then monitor the data streams produced by trains and recognize patterns that indicate a hacker attack,” says Pandit, who recently sought to have such an application patented.

Cybersecurity standard for trains

Cybersecurity standards and regulations for railroad cars are essential. Such issues are not uniformly regulated in Europe, much less around the world. Nonetheless, a globally accepted industrial cybersecurity standard does exist – the IEC 62443 for IT networks. Siemens Mobility is the only train manufacturer that has received certification under the standard (or, more precisely, Sections 2-4 of IEC 62443).

 

But this standard is written in general terms and was not conceived with the rail sector in mind. It is obviously a problem that has not escaped the industry’s notice. For this reason, European train manufacturers and operators have prepared a technical cybersecurity standard for the rail industry called TS 50 701 that will be released this summer. The aim of the work was to adapt the IEC 62443 to meet the special requirements of trains and the rail sector. It represents a good beginning.  “We need clear and horizontal harmonized security standards and rules that have been adapted to the technology, and are easy to implement and monitor,” says Natalia Oropeza, the Chief Cybersecurity Officer at Siemens. “Non-standardized solutions will cause higher manufacturing costs without necessarily increasing security.”

Subscribe to our Newsletter

Stay up to date at all times: everything you need to know about electrification, automation, and digitalization.