Co-authored by Domenico Scardicchio.

What happens when cybercriminals target critical infrastructure such as railroads? The good news is that this type of attack is difficult to pull off — but certainly not impossible. Such an incident would most likely stop the train, resulting in financial loss and reputational damage, but nothing more than what we’ve already seen when cyberattacks hit organizations in other industries, such as financial services and health care.

Railroad signaling systems such as the European Rail Traffic Management System (ERTMS) and the European Train Control System (ETCS) are complex and composed of several subsystems that are interconnected, each of which requires its own deep security analysis. Protecting the entire system calls for a holistic approach to security.

Don’t Let Cyberthreats Derail Your Network Security

While not classified as pure information and communications technology (ICT) equipment, these subsystems integrate with many components that rely heavily on IT, thus inheriting numerous cybersecurity concerns. To secure these components, it’s important to think like a cybercriminal. That means focusing on protecting components that are particularly exposed and valuable to fraudsters, such as control systems, power management, and diagnostics and maintenance.

It’s easy to assume that if the railroad’s network is separated, it is impossible to attack. This may have been true when supervisory control and data acquisition (SCADA) systems used proprietary protocols and interfaces, but most railroad operators today use open systems to access the programmable logic controller (PLC) and networks based on IP.

Preventing an attack with traditional security tools is very difficult, but a security information and event management (SIEM) solution can pay big dividends. The key is to be proactive and to treat the railroad system like the human immune system. That means establishing several layers of defense and integrating them to automate policies and block threats consistently and comprehensively — just like the organs in the human body communicate with the central nervous system to create antibodies and prioritize responses.

All Aboard the Security Immune System Express

This security immune system approach is centered around a core of security analytics and orchestration that continuously understands, reasons and learns the many risk variables across the entire ecosystem of connected capabilities. Most importantly, it helps increase visibility into risks that would otherwise be missed.

The best way to achieve this level of visibility is to introduce cognitive security elements into the ecosystem of controls, starting with a smart SIEM solution capable of monitoring, detecting and generating insights related to potential threats. Applying this technology to the incident triage process requires analysts to understand the attack pattern by digesting structured and unstructured data from internal and external sources, such as events, logs, reports, blogs and more. This huge volume of information can be overwhelming; a cognitive system comes in to help analysts sort and prioritize threat data, reducing the incident triage process from months to mere minutes.

The railroad system may be complex and seemingly impenetrable, but cybercriminals make their living by striking when and where security professionals least expect it. A security immune system powered by cognitive technology is the best defense against cyberthreats, especially those targeting critical infrastructure.

Read the complete IBM X-Force Report: IT security risks to transportation

More from Network

New cybersecurity sheets from CISA and NSA: An overview

4 min read - The Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA) have recently released new CSI (Cybersecurity Information) sheets aimed at providing information and guidelines to organizations on how to effectively secure their cloud environments.This new release includes a total of five CSI sheets, covering various aspects of cloud security such as threat mitigation, identity and access management, network security and more. Here's our overview of the new CSI sheets, what they address and the key takeaways from each.Implementing…

Databases beware: Abusing Microsoft SQL Server with SQLRecon

20 min read - Over the course of my career, I’ve had the privileged opportunity to peek behind the veil of some of the largest organizations in the world. In my experience, most industry verticals rely on enterprise Windows networks. In fact, I can count on one hand the number of times I have seen a decentralized zero-trust network, enterprise Linux, macOS network, or Active Directory alternative (FreeIPA). As I navigate my way through these large and often complex enterprise networks, it is common…

Easy configuration fixes can protect your server from attack

4 min read - In March 2023, data on more than 56,000 people — including Social Security numbers and other personal information — was stolen in the D.C. Health Benefit Exchange Authority breach. The online health insurance marketplace hack exposed the personal details of Congress members, their families, staff and tens of thousands of other Washington-area residents. It appears the D.C. breach was due to “human error”, according to a recent report. Apparently, a computer server was misconfigured to allow access to data without proper…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today