UK Rail Signals Can Be Hacked To Cause Crashes

Rogue employee could hack the new UK rail system and cause a crash. Prof. David Stupples told the BBC that plans to replace ageing signal lights with new computers could leave the rail network exposed to cyber-attacks. UK tests of the European Rail Traffic Management System are under way.

Network Rail, which is in charge of the upgrade, acknowledges the threat. "We know that the risk [of a cyber-attack] will increase as we continue to roll out digital technology across the network," a spokesman told the BBC.
"We work closely with government, the security services, our partners and suppliers in the rail industry and external cybersecurity specialists to understand the threat to our systems and make sure we have the right controls in place."

Once the ERTMS is up and running, computers will dictate critical safety information including how fast the trains should go and how long they will take to stop. It is scheduled to take command of trains on some of the UK's busy intercity routes by the 2020s.

The system is already used in other parts of the world and there are no reported cases of it being affected by cyber attacks.

In fact, it is designed to make networks safer by reducing the risk of driver mistakes. But Prof Stupples - an expert in networked electronic and radio systems at City University in London - said if someone hacked into the system they could cause a "nasty accident" or "major disruption". "It's the clever malware [malicious software] that actually alters the way the train will respond," he explained. He added that he had spoken up to raise awareness of the threat.

According to the professor, the system is well protected against outside attack, but he says danger could come from a rogue insider. Hundreds of signal boxes are being replaced as part of the upgrade. "The weakness is getting malware into the system by employees. Either because they are dissatisfied or being bribed or coerced," he explained. He added that part of the reason that transport systems had not already been hacked as frequently as financial institutions, and media organisations was that much of the technology involved was currently too old to be vulnerable.

All of that will change in the coming years, as aircraft, cars and trains become progressively more computerised and connected.

Prof. Stupples said he was working with Cranfield University to develop a security system that would tell when a train or other mode of transport was acting oddly. "It would take it back into a safe state," he explained.

BBC:     SAGE /Stupples:   ORR

« Locked Shields: NATO Holds Major Cyber-Security Drill
Anonymous Hackers Taking On the Kremlin »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

SCADAhacker

SCADAhacker

SCADAhacker provides mission critical information relating to industrial security of SCADA, DCS and other Industrial Control Systems.

Information Security Group (ISG) - Royal Holloway

Information Security Group (ISG) - Royal Holloway

The Information Security Group, Royal Holloway, University of London, is an Academic Centres of Excellence in Cyber Security Research.

Daon

Daon

Daon offers a universal biometric authentication platform for mobile devices.

Elastic

Elastic

Elastic is the world's leading software provider for making structured and unstructured data usable in real time for search, logging, security, and analytics use cases.

KOBIL

KOBIL

KOBIL is a pioneer in the fields of smart card, one-time password, authentication and cryptography.

FFRI Security

FFRI Security

FFRI is committed to research and development of preventing the most advanced cyber-attacks and breaches.

Capula

Capula

Capula is a leading system integration specialist for control, automation and operational IT systems across all applications and industry sectors.

Haventec

Haventec

Haventec’s internationally patented technologies reduce cyber risk and enable pervasive trust services with a decentralised approach to authentication.

Tech-Recycle

Tech-Recycle

Tech-Recycle was formed to help companies and individuals securely, ethically and easily recycle their IT and office equipment. We destroy all data passed to us safely and securely.

EvoNexus

EvoNexus

EvoNexus is a technology startup incubator with locations in San Diego, Orange County, and Silicon Valley.

SterlingRisk Programs

SterlingRisk Programs

SterlingRisk’s Cyber practice brings experience working with a wide array of clients across a broad spectrum of industries.

Privacy Compliance Hub

Privacy Compliance Hub

Privacy Compliance Hub provide an easy to use platform with a comprehensive data protection compliance programme including training, information, templates and reporting.

Digital Catapult

Digital Catapult

Digital Catapult is the UK authority on advanced digital technology. We bring out the best in business by accelerating new possibilities with advanced digital technologies.

Protos Labs

Protos Labs

Protos Labs enables insurers & enterprises to make better cyber risk decisions through holistic, real-time risk management tools.

Autobahn Security

Autobahn Security

Autobahn Security is a growing team of 80+ experts from 25+ nationalities, established in 5 countries. We’re working hard to make Autobahn Security the No. 1 solution for improved hacking-resilience.

OryxAlign

OryxAlign

OryxAlign offer managed IT and cyber security, cloud and digital transformation, and tailored professional and consulting services.