The modern railway is increasingly digital, with a wide range of data types blurring the boundaries between the physical domains of the network. Take for example an individual rail car; there are several electronic sensors collecting large volumes of data, be it from its body, bogie or accessories. This data is not solely concerned with the health and usage of the vehicle itself, the ultimate aim is the monitoring of passenger safety.

But vehicle data is just a fraction of all that is collected and analysed in today’s rail network. Electronic data can provide information on:

• the status of systems
• location, status and condition of physical assets and infrastructure
• customers, including passenger, ticketing and journey information
• freight-related information
• nature of traffic and disruption caused by accidents and other issues.

The increase in extreme weather conditions and landslides in recent years means infrastructure owners and managers have had to explore new ways of using the data available to better understand the potential effects of environmental factors. Understanding and interpreting this mass of data can therefore help the rail industry to predict demand and optimise the performance of the network, through minimising disruption, enhancing customer experience, increasing capacity and reducing the environmental impact.

A bigger challenge however lies in exploring how the effective use of data and digital communications can assure the safety and security of both customers and staff as the dependence between the physical and digital environments grows.

Cyber attacks not just in the electronic domain

Advances in electronic sensors and digital platforms for communication and control have brought an enhanced capability for physical security, but increasingly, integrated and interconnected security operations mean that new attack vectors have opened up which, when coordinated across the physical and cyber space, represent a real challenge for the detection and prevention of attacks. Hence, the impact of cyber attacks is above and beyond the electronic domain, with potential for serious physical disruption and violation.

The increased use of electronic ticketing , fare collection and passenger information systems could be used for fare evasion and access control. For example, the Metropolitan Police issued a warning to rail passengers to be on the alert when using electronic ticket machines, as a number of card skimming devices had been placed on keypads at ticket machines at London stations. Card skimming devices are often unnoticed by the customer and will capture all the user’s credit or debit card details. For that reason, passengers are becoming increasingly conscious of mounting privacy concerns when travelling.

Electronic ticketing vulnerable

Electronic ticketing itself has suffered serious setbacks as RFID-based mechanisms (radio frequency identification) have been shown to be vulnerable to eavesdropping, and employing encryption is not effective. In 2008 researchers at Radboud University in Holland managed to crack the encryption on an Oyster card, clone it, add credit to it and take free rides on the London underground. The concern is that the only equipment needed to achieve this was a laptop and an RFID reader to eavesdrop on the communication between a card and a card reader.

Signaling infrastructure violated

More serious, but less frequent, cyber crime attacks have targeted signaling infrastructure. The exposure of onboard sensors, and control and signaling infrastructure may lead to safety violations. This was seen in a case in Lodz, Poland where a 14-year-old modified a TV remote control so that it could be used to change track points. The teenager broke into a number of tram depots to gather the information needed to build the device which turned the tram system in Lodz into his own personal train set. As a result four vehicles were derailed injuring twelve people.

The notion of cyber crime is changing in terms of means, motive and opportunities from large-scale cyber attacks targeting major installations, to smaller commonly re-occurring incidents that originate from more independent sources from individuals to semi-organised groups. This type of crime typically would include trespass, identity theft, financial scams and fraud, extortion and industrial espionage, or operational disruption. Attacks of this kind on critical infrastructures rose to the top of the Council of Europe’s Convention on Cybercrime in 2001.

Building more secure systems

There are some fundamental design and engineering principles that could help build more secure systems that are resilient and operationally safe in the face of deliberate and persistent attacks.

The most fundamental tenets of security are confidentiality, integrity and availability. Confidentiality refers to the prevention of unauthorised disclosure of relevant information; understanding that any piece of information is designed to be accessed only by an authorised system, component or user. Integrity is a similar concept except that it refers to the prevention of unauthorised modification. Availability is slightly different in that it refers to the accessibility of data by authorised components or users to ensure operational liveness.

Another, equally important, principal is authentication which refers to the verification of an identity against the claimed identity. This is increasingly important in a world where multiple independent systems communicate with each other accessing information and influencing the state of the wider system. This notion is related to access control, the design of which is fundamental to any secure system. Classical access control would mandate two important properties of systems with multi-level security: 1) no component is able to access information classified at a higher level of security, and 2) no component at a higher level of security is able to leak any information to those who are assigned a lower level of security. This is important when designing information sharing in passenger journey or ticketing and payment systems.

Finally, another fundamental principle is to do with separation of concerns in systems that are designed to perform a variety of functions. This is to do with compartmentalisation of design such that a part of the system only accesses information to do with the function it is designed to perform. Ultimately, all parts remain distinctively independent. This is particularly relevant to signaling and control systems where different operations could be refined to individual components, providing better maintainability and lower risk of cross-component manipulation.

Cyber security brings higher return

Cyber security will be one of the future challenges to the railway infrastructure. As digital technologies are adopted and begin to play a more significant role in every aspect of rail operation, countering threats will become significantly more important.

Ensuring effective design principles would allow for security of data and availability of all critical processes as needed for rail performance and service delivery. The transition to a more digital railway would be costly. Investment in cyber security, however, both at the design level and operational level, promises a higher return in terms of better system reliability and infrastructure resilience.

Dr. Siraj Ahmed Shaikh is a senior lecturer at the Faculty of Engineering and Computing at Coventry university. Siraj also leads a Digital Security and Forensics (SaFe) research group at the university, which is involved in research and development of security and safety for critical infrastructure including road and rail transport.

Dr. Alexeis Garcia-Perez is a lecturer at the Faculty of Engineering and Computer at Coventry University. His research focuses on the use of data for decision making in the transport industry.  He is a founding member of the International Association for Knowledge Management (IAKM).