top of page

Railway systems could be hackers' next big target — and derailing trains wouldn't be that ha

In early May of last year, the world was rocked by the WannaCry cyber attack, which affected more than 200,000 victims and spread to over 150 countries. Computers had essentially been taken hostage by ransomware, and users were asked to pay up in the form of bitcoin.

Law enforcement agencies, health services, telecommunication networks, universities, businesses, and railway systems were all affected by the attack. Estimates of the total damage ranged from hundreds of millions to billions of dollars.

While a fluke in the coding allowed the attack to be stopped in a matter of days, the ordeal was a prescient reminder that cyber attacks don't merely stay in the virtual world — they can have real, and potentially devastating consequences in the physical world.

Particularly when hackers begin targeting vital systems.

"The next kind of attacks we will see will target critical infrastructure in the form of electrical networks, water companies, and other transportation systems," Amir Levintal, former director of the Israel Defense Forces’ cyber research and development unit and CEO of cybersecurity firm Cylus, told Business Insider.

But railway networks are particularly at risk because rail companies often operate with modern technological components but archaic physical components. That disconnect, Levintal said, leaves their systems vulnerable to hacking.

Modern command centers use wireless connections to control activities, like monitoring train speeds or regulating traffic signals. It's these types of wireless signals can expose a network's vulnerabilities and leave the infrastructure wide open for attack.

"Some train networks use Wi-Fi connections to control critical components of the train, like brakes and doors. Attackers can find ways to access the wireless network to send commands to those components and change the behavior of the train," Levintal said.

"Once attackers succeed in breaching a network to gather information, they can attack the physical elements of the network," he said.

Hackers, Levintal said, "might change the controls on the train or could even access commands in order to derail the train. These kinds of attacks are probable, and once a system is breached it's just a matter of deciding what commands a malicious actor wants to send."

The scenario isn't that far-fetched. In the WannaCry attacks, Germany's rail network, Deutsche Bahn, was incapacitated by its ticketing and information systems going down.

Yet hackers don't need to rely on obvious flaws within a major railway system.

"Attackers can find one company that is not secure, access its tools and software, and find similarities in other components in other countries and companies, allowing them to attack more 'secure' companies," Levintal said.

The key to preventing future attacks, Levintal said, is protecting the physical components.

"We must converge old and new technologies and close a complicated security gap," Levintal said.

"We can no longer think that attacks like these won't happen in the future. Rail networks are huge, complex and connected. It's easier than ever to find ways to get into the systems."

bottom of page