Passengers worry their train may be late, but railroad operators today face a far bigger problem – cyber attacks.
Their networks are vulnerable to hackers with the potential to sabotage signaling systems and digitally-controlled infrastructure, causing delays, system paralysis … or worse.
“Today, not only are railways becoming clear targets for malicious organizations and criminals, but they are also clear targets as national critical infrastructures – like we saw in Belarus with the latest events between Russia and Ukraine,” Roie Onn, CEO and co-founder of Cervello, tells NoCamels. The Israeli-founded company provides a non-intrusive AI-powered cybersecurity solution for railway operators and infrastructure managers.
Cyber attacks on railways around the world have only increased this year. Earlier this month, Russian Railways partly suspended certain cargo shipments moved by transit through Belarus to Poland amid the war in Ukraine. A Russian official claimed that approximately 30 percent of the entire amount of exports by rail are commodities that are subject to sanctions and are not allowed to transit to the country’s exclave of Kaliningrad in the Baltic Sea.
In January, Belarusian hackers announced on Twitter and Telegram that they had breached the computer systems of Belarusian Railways, the country’s national train system, as part of a hacktivist effort the attackers call Scorching Heat. The hackers posted screenshots that appeared to show access to the railway’s backend systems and claimed to have encrypted its network with malware, for which they would only provide decryption keys if the Belarus government met a list of demands.
In March, Italian railway company Ferrovie dello Stato Italiane (FS) said it had temporarily halted some ticket sale services as it feared they had been targeted by a cyber attack. That morning, elements linked to a cryptolocker infection had been detected on the computer network of Trenitalia and RFI, the company said. Italian news agency Ansa quoted unnamed security sources that said the type of attack suggested it was the work of Russian hackers, according to Reuters.
Railway systems have been around for hundreds of years and have been considered safe for decades. But they are undergoing connectivity overhauls that introduce commands, stations, and infrastructure being controlled by digital systems.
The rail system “is something that can be easily manipulated to disrupt the national economy,” to keep operations from being properly executed, and to stop workplace cargo from reaching its destination, says Onn.
His company uses AI and advanced analytics to detect cyber threats and also monitors, analyzes, and cross-correlates railway signaling. It was established in 2018 by Israeli founders with experience in elite IDF intelligence units as well as automotive cybersecurity, network security, and critical infrastructure security.
Cervello’s technology also offers a cybersecurity dashboard that gives operators real-time intelligence, forensics, and visibility on the overall fleet condition. The solution quickly assesses vulnerabilities and mitigates risks and threats. The company has won “Best Solution in Railway Cybersecurity” at the Annual Global InfoSec Awards, granted by Cyber Defense Magazine, a total of four consecutive times, including this month.
Sign up for our free weekly newsletterSubscribe
Earlier this month, Cervello was granted what it’s calling the “first-ever US patent covering AI-based cyber protection for railways.”
The patent “exclusively allows Cervello to develop and offer an AI cybersecurity policy generator to provide real-time, granular threat-detection, analysis, and countermeasures against today’s continuously evolving cyberthreats against rail organizations,” according to US trade magazine Railway Age.
Digital revolution of the railways
The more digitized rail networks become, the more vulnerable they are to cyber sabotage, according to Nikhil Karpoor, a Senior Engineer at the US-based Bechtel engineering firm in a blog post for the ISA Global Cybersecurity Alliance for cybersecurity awareness. Increased signaling network connectivity, and even connected devices (IoT) when connected to the same network as mission-control systems are easily accessible by hackers.
Even as the digital era is exploding, the railway industry remains “very conservative,” says Onn. “It is a very old generation business,” he adds, “And so some of the mentalities in different regions are still keeping the same mindset when it comes to safety as a core principle and working without internet, and without any kind of exposure to outside or external networks.
Meanwhile, cyber attacks are becoming a bigger threat, as highlighted in the first-ever rail cybersecurity panel during Cyber Week at Tel Aviv University on Monday, moderated by Israel Baron, Cervello’s VP of Customer Relations and former Chief Information Security Officer (CISO) at Israel Railways. The panel also included the Rafaeli Portnoy, current-CTO and Tariq Habib, current-CISO, of New York’s Metropolitan Transportation Authority (MTA), the largest public transit authority in the US.
The panel provided stories and experiences from large-scale vendors, like MTA, showcasing that there is “serious justification” for solutions dealing with rail cybersecurity, Onn tells NoCamels.
The company considers itself a pioneer in its disruption of an emerging market trying to keep up with the digital revolution of railway systems that a growing cyber threat landscape
“I think that if you talk to customers…what they will say about Cervello, is not things about the technology,” says Onn, “In railways, and specifically in these types of businesses, the sale is between people. And they create the trust and relationship between entities and organizations because of such a close community in the industry. I think that eventually, the level of commitment, transparency, passion and the dedication that we show, during the whole process — from the first meeting to the last deployment — how we are serving them and supporting them in the process, and the flexibility that we are showing along with the people-oriented approach is what distinguishes us from other companies,” he says.
“In this field, you don’t buy a solution, and replace it after a month. You need to have the mentality that you are choosing the right partner for the journey, because you are making an investment. They invest in their infrastructure. And these operators are basing it on the fact that even when they add software, they will probably not take it out for years,” Onn adds.