Retrofit or Risk: The Cyber Conundrum of Legacy Trains
The global rail network, once a symbol of unwavering progress, now finds itself at a critical stage. As digitalisation and automation surge forward, interconnectedness within the sector intensifies, bringing with it heightened cyber vulnerabilities within legacy systems. These systems, designed in an era predating widespread cyber awareness, lack the fundamental security safeguards now considered standard, exposing legacy fleets to malicious actors.
However, the challenge is multifaceted, and addressing vulnerabilities in these ageing systems is seen as impossible. Historical absence of strict cyber security standards for rail systems has resulted in significant inconsistencies in existing fleets. Consequently, onboard networks and digital systems often display varying degrees of vulnerability due to weak software development processes and poor understanding of good cyber security practice within subsystem vendors. Furthermore, the labour force of rolling stock maintainers often struggle to spread networking and cyber security know-how across teams. To consider wholesale replacement of the onboard network would be a monumental undertaking, demanding huge investments. Outside of rail, the threat landscape evolves at a relentless pace with new vulnerabilities arising faster, but our legacy systems remain unprotected.
In the following sections, we will delve deeper into the issues surrounding the implementation of improved security for legacy rail systems and chart a course towards effective approaches for existing fleets, and a more secure future for the industry.
Securing Legacy Trains: Challenges in Retrofitting
Modernising security for new trains is vital, but retrofitting existing fleets presents a unique set of obstacles. These hurdles stem from three key areas: network design, accessibility, and physical/system constraints.
Network Vulnerability Landscape
Older train networks are often simpler and not segmented, lacking the security zoning found in newer designs. This "flat" architecture makes them vulnerable to attacks that exploit one system to compromise others. Additionally, the tendency to add new subsystems to existing networks introduces potential vulnerabilities that were not forseen by the original designers.
Maintenance Practices and Access Control Gaps
A significant threat comes from maintenance practices. Trust in technicians often leads to poor access controls, making networks susceptible to both malicious and accidental breaches. Weak passwords, outdated software, and unpatched service laptops further intensify the issue. Addressing these vulnerabilities requires changes to maintenance procedures, which can present an opportunity to improve and reduce manual work.
Software Obsolescence
Software obsolescence is a major concern, as unlike hardware, software relies on updates to fix vulnerabilities and bugs discovered over time. When updates are unavailable, the software becomes obsolete and a potential security risk. Causes of obsolescence range from vendor withdrawal to lost documentation and knowledge. This means that some vulnerabilities simply cannot be patched, requiring mitigation through additional measures, or accepting the ongoing risk. This risk is inherent in all rail systems today, over the life of a train, it can be guaranteed that the Windows maintenance laptop and the Linux kernel used to operate the subsystems will become end of life without updates.
Information Deficits
Often, operators face information deficits that hinder their ability to assess and mitigate risks. Lack of openness with security-relevant information, incomplete or inaccurate documentation, and missing asset inventories make it difficult to identify vulnerabilities and implement solutions. This "Security by Obscurity" approach hinders effective security efforts.
Physical and System Constraints
When fixing vulnerabilities or adding security solutions, physical constraints in older trains come into play. Space limitations can make adding hardware difficult, while network capacity may be insufficient for additional devices or software. Older systems might also lack the resources to run security software like intrusion detection systems, requiring careful resource management and lightweight solutions.
Navigating the Path Forward
Despite these challenges, securing legacy trains is essential, and operators will need to consider adopting a multi-pronged approach that includes:
Flexible and adaptable solutions: Tailoring security measures to the specific vulnerabilities and constraints of each fleet.
The right deployment methods for your fleet. Each fleet requires a different approach considering the impact of the deployment on the overall architecture and operation.
Lightweight and innovative hardware/software: Overcoming physical limitations with space-saving designs and resource-efficient solutions.
Improved maintenance practices: Emphasising access control and secure software updates.
Enhanced information sharing: Fostering open communication and collaboration on security vulnerabilities and best practices.
Effective Security Strategies for Legacy Trains
While retrofitting legacy trains presents undeniable challenges, several effective approaches can significantly enhance their cyber security posture. These strategies focus on maximising coverage and protection within the constraints of resource-limited older systems.
1. Strategic Monitoring: Pinpointing Threats with Minimally Invasive Detection
For legacy trains operating with limited onboard resources, a lean and efficient approach to cyber security is paramount. Enter minimally invasive Intrusion Detection Systems (IDS), strategically deployed monitoring tasked with safeguarding critical network traffic and high-risk systems like communication gateways. This targeted defence offers compelling advantages:
Optimised Resource Utilisation: Minimises network and system adjustments, ensuring operational continuity and minimising disruption.
Focused Protection: Strategically placed sensors prioritise monitoring critical vulnerabilities, maximising detection capabilities and optimising resource allocation.
Cost-Effective Security: Affordable hardware and integration costs make this a financially sound solution for resource-constrained environments.
This approach is ideal for older trains with limited capabilities or vulnerable, obsolete systems. Where extensive retrofitting is impractical, minimally invasive IDS offers an effective means to monitor critical areas and mitigate potential threats, ensuring the security of older fleets without overburdening existing resources.
2. Strengthening Network Resilience: Architectural Enhancements for Secure Digital Fleets
Modernised, digital trains demand proactive cyber defences. Strategic upgrades like switch modernisation, network reconfiguration, and firewalls create secure zones for in-depth monitoring and control, safeguarding these vital assets. For optimal deployment, several key considerations guide the process:
Security Requirements: Defining the precise level of monitoring and protection necessary to safeguard your specific network environment.
Resource Constraints: Tailoring the solution to align with the hardware and resource limitations of your train fleet.
Long-Term Vision: Evaluating the lifecycle cost of implementation and factoring in future upgrade requirements.
Newer fleets benefit greatly from this proactive approach, especially with extra detection measures. Collaborating with OEMs eases vehicle homologation, while the improved network architecture makes future upgrades simpler and cheaper, offering a sustainable and cost-effective long-term security solution.
3. Optimising the Human Element: Access Controls for Enhanced Security
Tight access controls for staff is crucial to bolster security. Implementing multi-factor authentication and segmenting access by user roles drastically reduces attack surfaces, all done quickly and cost-effectively. However, true security transcends technology:
Cultural Transformation: Accompanying technological advancements with a cultural shift towards secure practices is paramount. This ensures staff adherence to the new protocols and fosters a collective responsibility for cyber security.
Empowering Awareness: Equipping staff with comprehensive training and regular awareness campaigns regarding cyber threats is crucial in cultivating a culture of cyber security within your organisation.
By empowering staff with knowledge and secure practices, it creates a human firewall, complementing the technological defences surrounding onboard systems.
With the use of proactive detection, network fortification, and robust access controls, legacy trains are secured, transforming them into valuable assets. These approaches offer a clear roadmap for navigating the complexities of retrofitting and equipping older fleets so that they thrive in the digital age.
10th Annual Cyber Senate Rail Cybersecurity UK and Europe Conference
Alex Cowan, CEO at RazorSecure, will be presenting about an ongoing project with a major European Operator who is currently rolling out a retrofit cyber security solution across their train fleet. Alex will give insight into some of the best practices, challenges and lessons learned so far from the process, as well as a roadmap for the future. The conference will be held in London on February 27th -28th - find out more and register to attend here.