It seems these days all the ‘smart’ devices can be hacked and every kind of technology has some sort of severe vulnerability. And to add on to the list, a new vulnerability has been identified in a high-tech train signalling system, allowing hackers to possibly wreak havoc on the railroads by crashing trains and killing thousands.
The latest high-tech railway signalling system being tested throughout parts of the United Kingdom is open to hackers, with the possibility for cybercriminals to route trains on the same path causing the oncoming trains to collide into each other at high speeds, Professor David Stupples has warned. Stupples warning comes as the United Kingdom is in the market to replace its age-old signalling system with the European Rail Traffic Management System (ERTMS).
Network electronic and radio systems expert at the City University in London, Professor David Stupples, has said the plan to replace the aging railway signal with a new network connected system could expose the railway to external cyberattacks, where Stupples believes the hack could cause a “nasty accident” or “major disruption.” He even went on to mention terrorists or cybercriminals could “easily expose the new mainframe.”
“It’s the clever malware that actually alters the way the train will respond,” Stupples said speaking with BBC. “So, it will perhaps tell the system the train is slowing down, when [it is] speeding up.”
Piers Wilson, product Manager of Huntsman Security spoke on the train hacking issue, saying: “it will be critical for Network Rail to react quickly and effectively when necessary to prevent damage or the harmful effects of faults that are introduced into train control and signalling systems. The challenge will be spotting that the attack has actually happened before the effects (in the real world) are apparent.”
Network Rail, the rail operator in charge of upgrading the network connected railway has acknowledged the train hacking threat is real. “We know that the risk [of a cyber-attack] will increase as we continue to roll out digital technology across the network,” the Network Rail spokesperson said. “We work closely with government, the security services, our partners and suppliers in the rail industry and external cybersecurity specialists to understand the threat to our systems and make sure we have the right controls in place.”
The Rogue Employee
According to Stupples, the system is well designed to safeguard from external attacks, but he says real danger lurks in the eyes of a rogue insider.
The professor said the real weakness is employees’, more specifically, infecting their machines with malware.
One of the reasons the transport system hasn’t already been hacked amass of times such as financial institutions and media organizations is simply because the technology utilized is too old to be vulnerable. The current technology has no network connections making it NOT vulnerable to external or internal cyber attacks.
Stupples did note that all this will change in the coming years, when aircrafts, cars and trains all become network connected and digitized.
The ERTMS, which is currently in the testing phase with the new railways is looking to replace the old and aging signalling system in busy UK cities by 2020. Once the new system is configured and live, the ERTMS will be able to control and monitor the entire rail network, including the speed of trains and their braking times.
The ERTMS has already deployed new technology throughout parts of Europe, yet no reports thus far indicate the system has been hacked or taken over by terrorist organizations.