Michael Cheng Farrell, Director, TXOne Networks & C. Max, Senior Technical Marketing Specialist, TXOne Networks
Railroads are an important part of the vital system of any country. Maintaining the continuous operation of rail systems requires protection from many threats, and disruption can have drastic effects on a nation’s society, economy and culture. As the railway’s core industry continues to grow, the risk of cyberattacks has increased dramatically.
Therefore, to protect these critical networks and systems, you need a robust cybersecurity solution that can be quickly and conveniently integrated into your day-to-day rail operations. Additionally, these solutions must be resource efficient and transmit data fast enough to sustain commuter traffic and accommodate the decentralized nature of modern rail technology.
Weak architecture of railway assets
Although cyberattacks against national utilities and transport networks have increased significantly in recent years, they are by no means new. In 2015, security experts set up a real simulated railway network at the CeBIT trade show in Hannover and put it online to see how much attention it could attract from hackers. During the six-week runtime, 2,745,267 cyberattacks were documented, and in “approximately 10% of attacks,” an intruder was able to control a simulated asset.[1] A potential attacker’s knowledge of the rail system has advanced further in the seven years since this experiment.
On the one hand, the distributed network architecture of the railway infrastructure allows for remarkable adaptability and the use of various modular assets. On the other hand, many of these assets are no longer up-to-date or unpatched. Therefore, the rapidly changing nature of cyber threats makes the enforcement of security policies difficult due to the long service life and collision/adventure of the diversity of equipment. The same high connection paths that make trusted rail engineers more accessible also increase their accessibility to malicious intruders, so specially designed cybersecurity appliances and software can be invaluable.
Every system needs individual protection.
Each rail subsystem is a different set of assets with unique individual cybersecurity requirements. All rail subsystem applications classified as security-related have been systematically type tested and secured according to the relevant certifications prior to leaving the factory. However, the downside of authentication is that it introduces into your defenses common patterns that hackers can predict and exploit. Defenses for critical services should be more than the minimum required to meet certification or regulation, and should include protections that make hackers difficult. And applying these defenses against emerging cyberthreats requires the ongoing support of dedicated security researchers.
User-friendly custom solutions
Cybersecurity starts with employee training, but the busy day-to-day work of railroad workers leaves little room for it. Therefore, any defense solution should be as secure and streamlined as possible to increase ease of use. Ideally, the rail subsystem would need an appliance with the necessary protocol sensitivity to check network traffic for suspicious activity and reject anomalous or unexpected behavior. These devices have the added benefit of significantly reducing the likelihood of human error.
Each subsystem depends on a solution created to meet its specific needs. TXOne Networks is an OT zero trust approach to operating environment security that includes three phases of network segmentation, scanning inbound and mobile assets with portable high-speed scanning devices, and protecting endpoints with a defense solution tailored to the endpoint type (traditional or modern). to suggest. .
Intruder Blocking and Malware Isolation
Traditional intrusion prevention systems (IPS) were filtering systems that no longer adequately protect critical infrastructure networks. Instead, modern solutions such as next-generation IPS and firewalls in TXOne’s Edge series provide more sophisticated protection for station and roadside assets. Based on the OT Zero Trust methodology, our edge-series defenses detect suspicious behavior on legitimate accounts or legitimate devices, establish a virtual patching “shield” around legacy assets that cannot be patched or replaced, and partition the network to Much more defense possible.
Access points (APs) that trains use for meshing or roaming often run with limited or little security, allowing an intruder to potentially compromise signal control systems. EdgeIPS solutions are ideal for deployment between APs and their switches, preventing attackers from accessing or affecting the network.
Mobile and standalone asset protection
One of the common ways for dangerous threats to penetrate an OT environment is for a vendor or maintenance professional to bring the equipment to the field. That’s why, in addition to regularly scanning deployed technologies, security experts recommend using dedicated mobile security devices to pre-scan new devices before deploying them on your network. These devices can be used to establish checkpoints that scan all laptops and other devices brought to the field. This requires a solution that can perform quick scans without software installation, so it can be used for checkpoint scans as well as sensitive devices that cannot accept installations.
How to protect fixed-use and legacy assets
For fixed-use systems such as ticket vending machines and on-board computers, trust list-based ICS endpoint protection applications are the ideal solution. Even if malware gets into your company’s hardware, it cannot run due to trust list-based lockdown. For example, applications, configurations, data, and USB devices are all locked with a trust list. Excluding all unlisted applications from running, unlisted users cannot change data or configuration. Only administrator-approved USB devices can connect to the device, and only administrators can grant one-time connection privileges to a device.
conclusion
In today’s world, malicious actors and criminal gangs are even more at risk as they prefer to attack via the Internet from their comfortable computer chairs. To safeguard day-to-day operations and maintain passenger confidence, you need to ensure maximum availability while protecting your checkout from interruptions, and avoid using more time or resources than necessary in terms of exchanges. This is why cybersecurity instruments and software designed specifically for protecting rail subsystems are essential.
Additional information can be found here. www.txone-networks.com And https://www.txone-networks.com/white-papers/content/securing-autonomous-mobile-robots
About the author
Michael Cheng Director of TXOne Networks with 20 years of experience in global product management, software development, quality assurance and cybersecurity for IT, OT and ICS environments. He holds the ISA/IEC 62443 Cyber Security Professional Certification.
Michael Cheng You can contact us online at michael_cheng@txone-networks.com or contact@txone-networks.com.
Max Farrell Senior Technical Marketing Specialist at TXOne Networks, working since 2019 with a background in cybersecurity, technology and business. He conducts research related to industry core technology, economy, and culture.
Max Farrell You can contact us online at max_farrell@txone-networks.com or contact@txone-networks.com.
[1] Vlad Gostomelsky,Railroad protection from cyberattacks“, Mass Transit Magazine, Dec. 17, 2019
Fair Use Notice: “Fair use” laws allow other authors to make limited use of the original author’s work without permission. Under 17 US Code § 107, “It is not copyright infringement to use copyrighted material for purposes such as criticism, commentary, news reporting, education (including multiple copies for classroom use), scholarship, or research.” As a matter of policy, fair use is based on the belief that the public is free to use portions of copyrighted material for the purposes of comment and criticism. Fair use privileges are perhaps the most important restrictions on the exclusive rights of copyright owners. Cyber Defense Media Group is a news reporting company that reports cyber news, events, information and more free of charge on its website Cyber Defense Magazine. All images and reporting are conducted exclusively in accordance with the fair use of US copyright laws.