November 11, 2020


IBM’s Cost of a Data Breach Report for 2020 finds that the average total cost of a data breach in the transportation sector is $3.58 million, with mega breaches having the potential to grow that number 100 fold. The research also finds the sector among those that experience the highest percentage of malicious attacks, with system glitches more frequently the root cause of a breach.

Over the past few years, we’ve seen a growing number of vulnerable rail transportation systems falling victim to cyberattacks and hacking. In 2015 at the CeBIT Hannover Fair, Project Honeytrain was set up to lure hackers so that industry experts could analyze attacks against industrial control systems used in the railway industry. In the first six weeks, nearly 2,750,000 attacks on the simulation were recorded — 10% of which afforded hackers some limited control of the system. In November 2016, hackers attacked San Francisco’s light-rail system, opening up all station gates across the network and putting ticketing machines out of order so that passengers traveled for free. And in 2017, the WannaCry ransomware attack wrought havoc on railway systems in Germany, Russia, and China — bringing down passenger information systems, ticket machines, and closed-circuit television camera (CCTV) networks.

Freight and passenger railroads work closely with government agencies to maintain the highest standards of security while modernizing their systems to deliver high-quality, reliable service to their customers and drive operational efficiencies. However, cyber risk is likely to continue to rise as rail system operators accelerate toward digital transformation — from unmanned trains and IoT devices to monitoring systems — and IT and operational technology (OT) systems continue to converge.

Rail Rapid Transit System Rolls Through IT/OT Convergence Challenges with Support from Claroty

Like regional and national rail systems, rapid transit systems consist of a series of specialized, OT networks for railway electrification, signaling, and communications – but also rely on extensive building management systems (BMS) to support station and tunnel ventilation, lighting, and physical security. To protect their rail rapid transit system from such attacks, one rail operator we worked with realized that gaining visibility and control across their myriad networks without impacting safety and availability was essential, but they faced the following challenges:

  • Connectivity and Digitization: Passengers now expect timely, reliable updates on the status of train arrivals and schedules. Vendors need access to OT assets to monitor performance and service systems. Data from devices and processes need to be available in the cloud for analysis that informs decisions and drives operational efficiencies. However historically, OT systems and devices have been designed with isolation in mind — not to connect and communicate with IT systems and the internet.
  • Visibility: Response and remediation of system failures is difficult because the rail operator has zero visibility into their OT networks. A power outage or closed-circuit television camera (CCTV) malfunction could be a fix for a technician, an incident a cybersecurity specialist needs to investigate, or an act of vandalism to report to local police.
  • Maintaining SIL Standards: The railway sector differs from many other industrial sectors in two main ways: 1) it is deemed to be critical national infrastructure – rolling stock must remain operational all the time, and 2) it must ensure the safety of passengers and cargo. As such, compliance with SIL-1 up to SIL-4 standards is mandatory depending on safety risks associated with each function, system or component. Third-party equipment introduced into the OT environment, including cybersecurity devices, must be able to work completely divided from systems that are safety-critical, or integrate in a way that doesn’t affect those systems and trigger the need for recertification.
  • Legacy OT Assets: This rapid transit system dates back several decades with vast kilometers of networks that are always evolving with new junctions, tracks, and stations. The multiple layers of legacy OT systems that comprise these networks were designed for a lifespan of about 25 to as many as 50 years. The volume and variety of vendors, products, and protocols – many of which are proprietary – along with a lack of security controls, adds further complexity to modernization efforts.
Download Claroty’s rail transportation case study to learn how this rail operator overcame these challenges to secure their expansive, heterogenous OT environment and safely connect with IT systems using The Claroty Platform.
And to learn how Claroty can help your team overcome its own unique OT security challenges, request a demo.