When it comes to state-sponsored espionage, information is power. While railway systems may not be the first target that comes to mind, government-backed hackers are clearly invested in infiltrating every aspect of a country – including its transport systems.
In the UK, which remains a high-profile target for intrigued foreign nations like Russia, China and the US, new figures indicate there has been four major cyberattacks on railway networks over the past year – all blamed on “nation state activity.”
The statistics were revealed by UK-based cybersecurity firm Darktrace, which is employed to guard much of the UK’s rail network from attack. While detail about the full extent of the hacks remains unknown, the firm said that the breaches have been “exploratory” rather than disruptive.
Speaking with Sky News, Sergey Gordeychik, cybersecurity researcher at Russian firm Kaspersky Lab, said access to UK rail could give hackers control over everything from online information boards to the computer systems that manage signals, internal messages and even the trains themselves.
“If they have enough knowledge, then they can create real disaster related to train safety,” he said. “We see at the moment that state-sponsored attackers are already inside critical infrastructure.”
Gordeychik continued: “So they have access, they monitor, they collect intelligence but they don’t try to create a disaster. Why? I believe that they don’t have the order at the moment. But in case of any maybe warfare, it can be an option to use cyber weapon against civil infrastructure. This is scary.”
In response to the figures, Network Rail, the main authority responsible for the UK’s railway network, stressed that Britain has “the safest major railway in Europe.”
It added: “Cybersecurity is a key part of our plan for introducing digital train control technology. Safety is our top priority, which is why we work closely with government, the security services, our partners and suppliers in the rail industry and security specialists to combat cyber threats.”
With more critical infrastructure – from nuclear power stations to electrical grids – increasingly moving online, the threat from hackers and nation-state infiltrators has never been greater.
In one major example from December last year, security experts believe that Russian hackers were responsible for a widespread power grid outage in Ukraine. In the most recent case, US cybersecurity experts named the nation as the culprit in the hack at the Democratic National Committee (DNC).
“Hackers will target anything they can [and] it’s no surprise the attacks are happening,” Mark James, security specialist with security firm ESET told IBTimes UK via email.
“Some companies will still be using older operating systems or running bespoke applications that will be a logistical nightmare to upgrade. Although at first glance [UK Rail] may seem an insignificant target, the stakes are high when we have large volumes of users in flimsy metal containers passing, sharing lines and travelling at high speeds.”
Meanwhile, Tim Erlin, director of security and IT at Tripwire, said: “Nation state attackers are often better resourced, more patient, and more interested in causing material harm to life and safety than their criminal counterparts. Reconnaissance activities in critical infrastructure should be taken very seriously. We should expect that these attackers are doing their homework before executing any serious campaigns.”