UK Rail Signals Can Be Hacked To Cause Crashes

Uploaded on 2015-05-06 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Rogue employee could hack the new UK rail system and cause a crash. Prof. David Stupples told the BBC that plans to replace ageing signal lights with new computers could leave the rail network exposed to cyber-attacks. UK tests of the European Rail Traffic Management System are under way.

Network Rail, which is in charge of the upgrade, acknowledges the threat. "We know that the risk [of a cyber-attack] will increase as we continue to roll out digital technology across the network," a spokesman told the BBC.
"We work closely with government, the security services, our partners and suppliers in the rail industry and external cybersecurity specialists to understand the threat to our systems and make sure we have the right controls in place."

Once the ERTMS is up and running, computers will dictate critical safety information including how fast the trains should go and how long they will take to stop. It is scheduled to take command of trains on some of the UK's busy intercity routes by the 2020s.

The system is already used in other parts of the world and there are no reported cases of it being affected by cyber attacks.

In fact, it is designed to make networks safer by reducing the risk of driver mistakes. But Prof Stupples - an expert in networked electronic and radio systems at City University in London - said if someone hacked into the system they could cause a "nasty accident" or "major disruption". "It's the clever malware [malicious software] that actually alters the way the train will respond," he explained. He added that he had spoken up to raise awareness of the threat.

According to the professor, the system is well protected against outside attack, but he says danger could come from a rogue insider. Hundreds of signal boxes are being replaced as part of the upgrade. "The weakness is getting malware into the system by employees. Either because they are dissatisfied or being bribed or coerced," he explained. He added that part of the reason that transport systems had not already been hacked as frequently as financial institutions, and media organisations was that much of the technology involved was currently too old to be vulnerable.

All of that will change in the coming years, as aircraft, cars and trains become progressively more computerised and connected.

Prof. Stupples said he was working with Cranfield University to develop a security system that would tell when a train or other mode of transport was acting oddly. "It would take it back into a safe state," he explained.

BBC:     SAGE /Stupples:   ORR

« Locked Shields: NATO Holds Major Cyber-Security Drill
Anonymous Hackers Taking On the Kremlin »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Blue Solutions

Blue Solutions

Blue Solutions is a consultancy-led, accredited software distributor who provides IT solutions and support to small and medium enterprises.

InfoSec People

InfoSec People

InfoSec People is a boutique cyber and technology recruitment consultancy, built by genuine experts.

SecureWorks

SecureWorks

SecureWorks provides intelligence-driven security solutions for organizations to prevent, detect, rapidly respond and predict cyberattacks.

Cybellum

Cybellum

Cybellum brings the entire product security workflow into one dedicated platform, allowing device manufacturers to keep the connected products they build cyber-secure and cyber-compliant.

GuidePoint Security

GuidePoint Security

GuidePoint Security provide information security solutions that enable commercial and federal organizations to more successfully achieve their security and business goals.

KOS-CERT

KOS-CERT

KOS-CERT is the national Computer Incident Response Team for Kosovo.

PeopleSec

PeopleSec

PeopleSec specializes in the human element of cybersecurity with a comprehensive set of services designed to maximize your security by educating your workforce as a whole.

R3

R3

R3 is an enterprise blockchain software firm working with a broad ecosystem of more than 300 participants across multiple industries to develop blockchain applications.

Accel

Accel

Accel is a leading venture capital firm that invests in people and their companies from the earliest days through all phases of private company growth. Areas of focus include cybersecurity.

CyberKnight Technologies

CyberKnight Technologies

CyberKnight Technologies is a cybersecurity focused value-added-distributor (VAD) headquartered in Dubai and covering the Middle East.

Drip7

Drip7

Drip7 is a micro-learning platform that is re-inventing the way companies train their employees and build lasting cultural change around the importance of cybersecurity.

FCI

FCI

FCI is a NIST-Based Managed Security Service Provider (MSSP) offering Cybersecurity Compliance Enablement Technologies & Services to Financial Services organizations.

SoftForum

SoftForum

SoftForum is a company specializing in next-generation information security solutions in the Quantum-Resistant-Cryptography (PQC) field.

Sequentur

Sequentur

Sequentur is an award-winning Managed IT Services company. We are SOC 2 certified and provide Managed IT Services and Cybersecurity services to businesses nationwide.

Gutsy

Gutsy

Gutsy uses process mining to help organizations visualize and analyze their complex security processes to understand how they actually run, based on observable event data.

Keyrus

Keyrus

Keyrus is a global consultancy that develops data and digital solutions for performance management.