UK rail signals could be hacked to cause crashes, claims prof

Look out, there's a problem! Just buy my thing and you'll be safe again

Prof Stupples, whose research interests cover electronic warfare, has teamed up with Cranfield University to develop a fail-safe system that would kick in when trains acted "oddly".

Security risks that arise from the possibility of hacking modes of transport have been a theme of recent IT news, particularly the possible risks involved in hacking aeroplanes, either via W-Fi or by plugging into a port not intended for passengers to use.

Reg reader Charles pondered that security researchers tweeting about train security whilst commuting might provoke a similar response.

"It would be interesting to see the 7:42 from Crawley South met by armed BTP [British Transport Police] every time someone spots someone doing something on a device that is above their level of understanding," he said.

David Flower, managing director, EMEA, of endpoint security firm Bit9 + Carbon Black recommends that Network Rail has security deployed on each and every signalling device rather than relying on network security alone.

"It’s no surprise to see that Network Rail is looking at ways in which it can improve its own infrastructure by going digital," Flower said. "However, there is of course an inherent risk that such a system could be exposed to attack from malicious cybercriminals. The examples brought to light by Prof David Stupples this morning show that the impact of such an attack could have the most severe consequences."

“As such,” continued Flower, “we would recommend that Network Rail implements rigorous security measures as part of its upgrade. Network security alone will not be enough; it will be essential to have always-on, continuous monitoring and recording on every endpoint. Protecting each endpoint device in this way not only allows organisations to detect any breach much faster, but the replay will allow them to track the ‘kill chain’ left by successful attackers, to better understand the level of risk exposure and defend against future threats.”

Piers Wilson at Huntsman Security added that the ability to spot any suspicious activity is vital, rather than relying on systems that are more focussed on blocking known attacks.

“Given the potential effects of any attack on transportation control networks, it will be critical for Network Rail to react quickly and effectively when necessary to prevent damage or the harmful effects of faults that are introduced into train control and signalling systems," Wilson said.

"The challenge will be spotting that the attack has actually happened before the effects (in the real world) are apparent. With insider threats, there may be very little evidence beyond some small changes in system behaviour that security has been breached until it is too late."

“To avoid this, it will be important to be able to spot not only known, expected threats but also those unknown ones that may not even have been devised yet. The only way to do this is to monitor systems for any unusual behaviour, whether from users or from the system itself, to spot the beginnings of any potential problem," he added. ®