UK Rail Signals Can Be Hacked To Cause Crashes

Uploaded on 2015-05-06 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Rogue employee could hack the new UK rail system and cause a crash. Prof. David Stupples told the BBC that plans to replace ageing signal lights with new computers could leave the rail network exposed to cyber-attacks. UK tests of the European Rail Traffic Management System are under way.

Network Rail, which is in charge of the upgrade, acknowledges the threat. "We know that the risk [of a cyber-attack] will increase as we continue to roll out digital technology across the network," a spokesman told the BBC.
"We work closely with government, the security services, our partners and suppliers in the rail industry and external cybersecurity specialists to understand the threat to our systems and make sure we have the right controls in place."

Once the ERTMS is up and running, computers will dictate critical safety information including how fast the trains should go and how long they will take to stop. It is scheduled to take command of trains on some of the UK's busy intercity routes by the 2020s.

The system is already used in other parts of the world and there are no reported cases of it being affected by cyber attacks.

In fact, it is designed to make networks safer by reducing the risk of driver mistakes. But Prof Stupples - an expert in networked electronic and radio systems at City University in London - said if someone hacked into the system they could cause a "nasty accident" or "major disruption". "It's the clever malware [malicious software] that actually alters the way the train will respond," he explained. He added that he had spoken up to raise awareness of the threat.

According to the professor, the system is well protected against outside attack, but he says danger could come from a rogue insider. Hundreds of signal boxes are being replaced as part of the upgrade. "The weakness is getting malware into the system by employees. Either because they are dissatisfied or being bribed or coerced," he explained. He added that part of the reason that transport systems had not already been hacked as frequently as financial institutions, and media organisations was that much of the technology involved was currently too old to be vulnerable.

All of that will change in the coming years, as aircraft, cars and trains become progressively more computerised and connected.

Prof. Stupples said he was working with Cranfield University to develop a security system that would tell when a train or other mode of transport was acting oddly. "It would take it back into a safe state," he explained.

BBC:     SAGE /Stupples:   ORR

« Locked Shields: NATO Holds Major Cyber-Security Drill
Anonymous Hackers Taking On the Kremlin »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

4Secure

4Secure

For over two decades, 4Secure has specialised in cyber security consultancy, safeguarding the worlds critical Infrastructure through securely bridging air gapped networks.

SonicWall

SonicWall

SonicWall provide products for network security, access security, email security & encryption.

Kaymera Technologies

Kaymera Technologies

Kaymera’s comprehensive mobile enterprise security solution defends against all mobile threat and attack vectors.

OmniNet

OmniNet

OmniNet delivers the next generation of cybersecurity and is the only provider in the market to move the edge of small businesses to a virtual, omnipresent perimeter.

HYPR

HYPR

HYPR Decentralized Authentication minimizes the risk of enterprise data breaches while providing an enhanced user experience for your customers and employees.

State e-Government Agency (SEGA) - Bulgaria

State e-Government Agency (SEGA) - Bulgaria

The State e-Government Agency (SEGA) is responsible for matters relating to electronic governance in Bulgaria.

Tyler Technologies

Tyler Technologies

Tyler Technologies is a leading provider of end-to-end information management solutions and services for local governments.

NOW Insurance

NOW Insurance

NOW Insurance provides small business owners and other professional classes with a seamless purchasing experience for general liability, professional liability, and cybersecurity insurance coverage.

Kontron

Kontron

Kontron offers a combined portfolio of secure hardware, middleware and services for Internet of Things (IoT) and Industry 4.0 applications.

Campus cyber

Campus cyber

A project initiated by the President of the Republic, the Cyber Campus is the totem site of cybersecurity that brings together the main national and international players in the field.

Techsolidity

Techsolidity

Techsolidity is an emerging e-learning platform that offers a wide range of upskilling programs worldwide in areas including cybersecurity.

The CyberWire

The CyberWire

The CyberWire gets people up to speed on cyber quickly and keeps them a step ahead in a continually changing industry.

Oort

Oort

Oort is an identity threat detection and response platform for enterprise security. The Oort platform is API-driven, cloud-native and agentless for rapid time to value and high scalability.

Karate Labs

Karate Labs

Karate is an open-source unified test automation platform combining API testing, API performance testing, API mocks & UI testing.

CyTwist

CyTwist

CyTwist is an early warning attack detection platform that complement your existing security suite and provides your security teams with unique detection capabilities of stealth targeted attacks.

System Two Security

System Two Security

System Two Security automates detection engineering and threat hunting.