Co-authored by Domenico Scardicchio.

What happens when cybercriminals target critical infrastructure such as railroads? The good news is that this type of attack is difficult to pull off — but certainly not impossible. Such an incident would most likely stop the train, resulting in financial loss and reputational damage, but nothing more than what we’ve already seen when cyberattacks hit organizations in other industries, such as financial services and health care.

Railroad signaling systems such as the European Rail Traffic Management System (ERTMS) and the European Train Control System (ETCS) are complex and composed of several subsystems that are interconnected, each of which requires its own deep security analysis. Protecting the entire system calls for a holistic approach to security.

Don’t Let Cyberthreats Derail Your Network Security

While not classified as pure information and communications technology (ICT) equipment, these subsystems integrate with many components that rely heavily on IT, thus inheriting numerous cybersecurity concerns. To secure these components, it’s important to think like a cybercriminal. That means focusing on protecting components that are particularly exposed and valuable to fraudsters, such as control systems, power management, and diagnostics and maintenance.

It’s easy to assume that if the railroad’s network is separated, it is impossible to attack. This may have been true when supervisory control and data acquisition (SCADA) systems used proprietary protocols and interfaces, but most railroad operators today use open systems to access the programmable logic controller (PLC) and networks based on IP.

Preventing an attack with traditional security tools is very difficult, but a security information and event management (SIEM) solution can pay big dividends. The key is to be proactive and to treat the railroad system like the human immune system. That means establishing several layers of defense and integrating them to automate policies and block threats consistently and comprehensively — just like the organs in the human body communicate with the central nervous system to create antibodies and prioritize responses.

All Aboard the Security Immune System Express

This security immune system approach is centered around a core of security analytics and orchestration that continuously understands, reasons and learns the many risk variables across the entire ecosystem of connected capabilities. Most importantly, it helps increase visibility into risks that would otherwise be missed.

The best way to achieve this level of visibility is to introduce cognitive security elements into the ecosystem of controls, starting with a smart SIEM solution capable of monitoring, detecting and generating insights related to potential threats. Applying this technology to the incident triage process requires analysts to understand the attack pattern by digesting structured and unstructured data from internal and external sources, such as events, logs, reports, blogs and more. This huge volume of information can be overwhelming; a cognitive system comes in to help analysts sort and prioritize threat data, reducing the incident triage process from months to mere minutes.

The railroad system may be complex and seemingly impenetrable, but cybercriminals make their living by striking when and where security professionals least expect it. A security immune system powered by cognitive technology is the best defense against cyberthreats, especially those targeting critical infrastructure.

Read the complete IBM X-Force Report: IT security risks to transportation

More from Intelligence & Analytics

2022 Industry Threat Recap: Manufacturing

It seems like yesterday that industries were fumbling to understand the threats posed by post-pandemic economic and technological changes. While every disruption provides opportunities for positive change, it's hard to ignore the impact that global supply chains, rising labor costs, digital currency and environmental regulations have had on commerce worldwide. Many sectors are starting to see the light at the end of the tunnel. But 2022 has shown us that manufacturing still faces some dark clouds ahead when combatting persistent…

Cybersecurity in the Next-Generation Space Age, Pt. 3: Securing the New Space

View Part 1, Introduction to New Space, and Part 2, Cybersecurity Threats in New Space, in this series. As we see in the previous article of this series discussing the cybersecurity threats in the New Space, space technology is advancing at an unprecedented rate — with new technologies being launched into orbit at an increasingly rapid pace. The need to ensure the security and safety of these technologies has never been more pressing. So, let’s discover a range of measures…

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…

The 13 Costliest Cyberattacks of 2022: Looking Back

2022 has shaped up to be a pricey year for victims of cyberattacks. Cyberattacks continue to target critical infrastructures such as health systems, small government agencies and educational institutions. Ransomware remains a popular attack method for large and small targets alike. While organizations may choose not to disclose the costs associated with a cyberattack, the loss of consumer trust will always be a risk after any significant attack. Let’s look at the 13 costliest cyberattacks of the past year and…