Security experts have warned that a state-of-the art train signaling system being installed on Britain’s railway network could be vulnerable to cyber-attack.
Professor David Stupples, who specializes in network and radio systems at City University London, told the BBC that hackers could cause a “nasty accident” or “major disruption” by targeting the European Rail Traffic Management System (ERTMS) currently being tested by Network Rail.
The advanced system, which has apparently been installed elsewhere with no reported incidents thus far, is expected to be up and running and managing major UK train routes by the 2020s.
It will put computers in charge of train speeds and other parameters which could theoretically be hacked and altered, especially by malicious insiders, said Stupples.
“The weakness is getting malware into the system by employees. Either because they are dissatisfied or being bribed or coerced,” he told the broadcaster.
“It's the clever malware that actually alters the way the train will respond. So, it will perhaps tell the system the train is slowing down, when it's speeding up.”
A Network Rail spokesman claimed the organization is fully aware the risk of cyber-attacks will increase as it installs more digital technology across the network.
“We work closely with government, the security services, our partners and suppliers in the rail industry and external cybersecurity specialists to understand the threat to our systems and make sure we have the right controls in place,” he added.
The Department of Transport claimed that security is under “constant review” by the government in order to stay on top of any cyber-related challenges.
David Flower, EMEA managing director at Bit9 + Carbon Black, argued that Network Rail must improve its cyber defenses to feature always-on, continuous monitoring and recording on every endpoint.
“Protecting each endpoint device in this way not only allows organizations to detect any breach much faster, but the replay will allow them to track the ‘kill chain’ left by successful attackers, better understand the level of risk exposure, and defend against future threats,” he added.
Piers Wilson, product manager at Huntsman Security, argued that the key will be for Network Rail to spot that an attack has occurred before its effects are apparent.
“With insider threats, there may be very little evidence, beyond some small changes in system behavior, that security has been breached until it is too late. Similarly, attackers are always becoming more sophisticated and developing new ways to penetrate defenses,” he added.
“As a result, there is every chance that an attack will be completely new, and its effects and warning signs completely unknown, before it actually affects the signaling network.”
Malwarebytes malware intelligence analyst, Chris Boyd, argued that systems such as this are built with redundancy in mind, and would allow investigators to spot any malicious insiders fairly easily.
“We may as well ask why they wouldn't just perform a malicious act without the aid of an advanced piece of malware. We could also debate the likelihood that someone with access to these systems would obtain malware like this, or understand how to use it,” he added.
“Developers of attacks such as these certainly wouldn't be giving them away, and I suspect a rail worker probably couldn't afford it – never mind find where it would be on sale in the first place."