Rail

2 Rail Sector Rail Sector 3

The cyber landscape

The railway industry has historially focused on physical security. But, with the advent of electronic systems and connected solutions, secure technology has become critical.

In-cab signalling, train computer management systems and passenger information all potentially share the same space and are vulnerable to compromise.

With the high density of customers using the rail network, all of these systems need to work seamlessly and uninterrupted to match the requirements and expectations of customers.

Inside the train

There are a growing number of attack vectors inside trains.

The move to in-cab signalling solutions has added information processing, sensors and a range of electronic equipment to modern trains. Because passengers are on-board, potentially for hours at a time, the security and integrity of all these systems is critical.

Driver advisory systems help optimise traffic flow so trains run efficiently, but these often rely on external inputs from GPS and public cellular networks, both of which are vulnerable to attack.

Wi-Fi and passenger information systems add more points of entry onto a train’s network.

The number of manufacturers, system integrators and installers responsible for a vast array of systems can become extremely overwhelming.

However, experts from NCC Group can help secure these complex solutions.

Safety is the rail industry’s top priority and to achieve this, a system must be secure

The move to more connected platforms significantly increases the attack surface

A successful attack against a train will not just impact that vehicle but the entire network

Minor disturbances can cascade to major network disruption and this will have an impact on reputation and ultimately the bottom line due to the cost of compensation

Radio-Frequency Identification (RFID)

used for train positioning can be

tampered with

Remote Condition Monitoring uses a range of wireless technologies that could be exploited

Operational radio (GSM-R, TETRA &

Wi-Fi) may interfere with train control & signalling systems

In-cab signalling should adopt cyber security principles

Infotainment, Wi-Fi & Help Points

situated close to operational

systems

Advanced technology and connectivity in the rail industry means greater efficiencies can be achieved, however, with this comes an increase in cyber security risks.

Public Cellular Networks

(2G/3G/4G) are feeding customer

information systems

Vehicle Control Systems (TCMS) to

control systems that are critical for

safety

Ethernet or serial cabling allows

connection to the on-board network

4 Rail Sector Rail Sector 5

Trackside

With the introduction of electronic monitoring of devices and network infrastructure, connectivity has extended to all parts of the railway.

The variety of infrastructure and the challenges of access control means unattended equipment could be an access point into critical systems.

Stations

Systems within stations can vary greatly, but some common aspects include ticketing, customer information and public safety systems, all of which are likely to have a network connection.

Security of local devices and the network architecture that connects them, is crucial to smooth and secure operation.

A range of personnel work within a train station and many won’t have experience in cyber security

Control Centres, trackside and stations create a large and varying attack surface which is difficult to monitor

Greater connectivity of maintenance and support systems increases the cyber risk

Train stations and depots are often classed as Critical National Infrastructure and therefore must adhere to security best practice

Back-up systems are available in

case of failure but are these as

reliable & secure as the normal operating systems?

Communications Infrastructure is

distributed along the trackside, this

could be vulnerable to tampering

A Control Centre allows for centralised management of a

region so, if compromised, a large area will be

impacted

Retail outlets could provide a pivot

point onto various areas of the

station’s network

Station control have numerous networks that are connected making it difficult to

adopt a robust security architecture

Signalling is often conducted remotely

with little human supervision & so could provide a

potential entry point for attackers

Combined control centres in the rail industry bring together a large number of systems, which increase the points of entry for attackers.

Control Centres

The hub of railway operations has a unique viewpoint over most systems that make up the railway.

These locations are great single management points but care should be taken to ensure system segregation is sufficient.

Centralised locations are an obvious attack point for malicious activity.

If a customer information system is hacked to display

an unofficial message, it could

cause mass confusion to customers

Ticketing is a major source of income

that, if disrupted, or exploited could

result in significant financial loss

6 Rail Sector Rail Sector 7

Radio systems

With the increased accessibility of Software Defined Radio (SDR) technologies, we have developed a range of tools to assess the security of complex radio frequency based communications protocols.

CCTV & SCADA

Monitoring, surveillance and control systems are used within a wide range of different industries and, as such, we are regularly exposed to them during large security assessment engagements.

IT & web presence

Of all the technologies assessed by NCC Group, IT systems and web applications are those that have been most prevalent during client engagements and the expertise we have in these fields is unrivalled.

Telephony

The tools, techniques and methodologies that we have developed enable us to comprehensively assess both traditional POTS (Plain Old Telephony Systems) and Voice over IP (VoIP) systems.

Wi-Fi

Wireless connectivity to networks is now expected by consumers in public places, including transport. Our approach to assessing the security of these networks is therefore mature.

IP networks

We have been assessing the security posture of IP networks since the late 90’s and therefore, our capabilities in this area are well established.

Public address

Automated public address systems have been assessed by NCC Group in a range of different environments, such as public transport, sporting arenas and Government offices.

Ticketing and payment systems

We regularly perform security assessments for, and provide advice to, organisations that process payment card data and therefore fall within the Payment Card Industry (PCI) compliance regulations.

Parking control

Modern automated parking solutions often rely on Automated Number Plate Recognition (ANPR) systems. We have performed numerous security assessments of these systems for both commercial organisations and for police forces around the world.

Cyber security capability Other services

Application availability

Within a sector increasingly reliant on business critical applications our escrow agreements provide a fundamental level of security, protecting business continuity.

Source code verification

We verify the source code behind applications ensuring that should it ever need to be recreated from the raw source code all of the component elements and knowledge are available.

Secure verification

Using our in-house technical teams and experienced consultants we provide an independent assessment to identify any critical vulnerabilities within the application source code.

SaaS continuity

With low set-up costs, rapid deployment and high scalability the sector is making the move to Software-as-a-Service (SaaS) applications. Our SaaS Assured services provide the reassurance that in the event of SaaS provider failure you can have access to verified deposits, the documented processes and supporting information required to put your SaaS continuity plan into action.

Bespoke software testing service

The software testing division provides a professional, tailored service with a flexible delivery model that ensures that the software used in the rail industry functions as designed and meets the requirements of the users.

Our testing solution architects work with customers in the rail sector to identify the best solution for their needs.

Return on investment

The specialised services we offer ensure that our customers’ investment in testing provides value and delivers a clear perspective on product quality.

Specialist testing services

The software testing division delivers test excellence across all forms of functional, non-functional, digital and specialist testing services to include performance and automation.

The Transport Assurance Practice provides clients with access to a pool of over 300 highly-qualified software testing professionals to deliver our services on-site or from our dedicated testing facilities.

+44 (0) 161 209 5111 transportsecurity@nccgroup.trust www.nccgroup.trust/transport

For more information from NCC Group, please contact:

About NCC Group

NCC Group is a global expert in cyber security and risk mitigation, working with businesses to protect their brand, value and reputation against the ever-evolving threat landscape.

With our knowledge, experience and global footprint, we are best placed to help businesses identify, assess, mitigate & respond to the risks they face.

We are passionate about making the Internet safer and revolutionising the way in which organisations think about cyber security.