Cyber criminals could access trains, computer networks or message boards.
Four major cyberattacks have been reported on UK railway computer networks over the past year, according to new statistics revealed by UK-based security firm Darktrace, which is employed to guard much of the UK’s rail network from attack.
While detail about the full extent of the hacks remains unknown, experts indicate that such breaches are typically “exploratory” rather than disruptive.
Speaking with Sky News, Sergey Gordeychik, cybersecurity researcher at Russian firm Kaspersky Lab, said access to UK rail could give hackers control over everything from online information boards to the computer systems that manage signals, internal messages and even the trains themselves.
“If they have enough knowledge, then they can create real disaster related to train safety,” he said. “We see at the moment that state-sponsored attackers are already inside critical infrastructure.”
Gordeychik continued: “So they have access, they monitor, they collect intelligence but they don’t try to create a disaster. Why? I believe that they don’t have the order at the moment. But in case of any maybe warfare, it can be an option to use cyber weapon against civil infrastructure. This is scary.”
In response to the figures, Network Rail, the main authority responsible for the UK’s railway network, stressed that Britain has “the safest major railway in Europe.”
It added: “Cybersecurity is a key part of our plan for introducing digital train control technology. Safety is our top priority, which is why we work closely with government, the security services, our partners and suppliers in the rail industry and security specialists to combat cyber threats.”
With more critical infrastructure – from nuclear power stations to electrical grids – increasingly moving online, the threat from hackers and nation-state infiltrators has never been greater.
In one major example from December last year, security experts believe that Russian hackers were responsible for a widespread power grid outage in Ukraine. In the most recent case, US cybersecurity experts named the nation as the culprit in the hack at the Democratic National Committee (DNC).
“Hackers will target anything they can [and] it’s no surprise the attacks are happening,” Mark James, security specialist with security firm ESET told IBTimes UK via email.
“Some companies will still be using older operating systems or running bespoke applications that will be a logistical nightmare to upgrade. Although at first glance [UK Rail] may seem an insignificant target, the stakes are high when we have large volumes of users in flimsy metal containers passing, sharing lines and travelling at high speeds.”
For security solutions visit: http://cyber.aspida.org