The United Kingdom is being upgraded with a new railway network, and Cameron’s government will be spending more than thirty million British Pound’s on it. Included within this pricey upgrade is the signaling systems and railway. After the upgrade, the United Kingdom could become vulnerable to cyber attack(s) that might lead to a train collision.
The new signaling system is called the European Rail Traffic Management System – aimed at making the rail lines safer. Security experts have since expressed concerns about the upgrade, saying that the programmable logic controls can be exposed to malware, spyware, malicious code and viruses – technology which could possibly take millions of lives.
Security experts from City University, say that this malware can alter the way the trains will respond. For example, the malware could perhaps tell the system that there is no train on the track when, in actual fact, there is. The train will therefore continue traveling unmonitored.
“We know that the risk [of a cyber-attack] will increase as we continue to roll out the digital technology across the network. We work closely with government, the security services, our partners and suppliers in the rail industry and external cyber security specialists to understand the threat to our systems and make sure we have the right controls in place. It is the smart malware [malicious software] that alters the way the train will respond. So, it will perhaps tell the system the train is slowing down when it is speeding up. Governments are not complacent, individual ministers know this is possible, and they are worried about it. Safeguards are going in, in secret, but it is always possible to get around them. We keep security arrangements under constant review to take account of the threat and any new challenges we face,” responded a spokeswoman for the Department of Transport.
The system will be installed all over the European Union by 2020. But with hacking concerns rising, work is being done to make the system better.
“The weakness is getting malware into the system by employees. Either because they are dissatisfied or being bribed or coerced. Seeing as we have seen nuclear enrichment facilities targeted with state-sponsored malware attacks and ‘massive damage’ done to a German steelworks. You have to ask yourself whether it is likely that a train signal system would be any better defended? The most obvious danger is going to be human. The risk is that staff will either be deliberately and clandestinely assisting attackers or – most likely – make poor decisions, such as plugging in a device that is malware-infected that could expose the system’s security. It would take it back to a safe state,” says Professor Stupples. Stupples has been working with Cranfield University, to develop a security system that will inform the user if the monitoring systems are not responding correctly.