Never let the facts get in the way of a good story. That’s an old adage of some tabloid newspapers but it’s not one that I have ever followed, tempting as it might be at times. So when I read extensive media coverage about how the Danish railway system had been hacked in October bringing all trains to a halt as a result of anattack, I kept the cuttings (electronic of course) and waited for the right time to write about it.
The publication late last year of a report by the European Union Agency for Cybersecurity, Railway Cybersecurity, Good practices in cyber risk management, spurred me on to try to discover just how at risk are the railways’ operation and safety from cyber attacks. There have been various stories on the internet about cyber attacks on railway systems in addition to the Danish incident, but that was the starting point. Unfortunately for my story, a brief chat with DSB, the Danish railways revealed that the idea that all trains were stopped by a cyber attack proved to be completely untrue.
That did not, however, mean the tale was without interest. A helpful ‘chefkonsultent’, Martin Sun Larsen, painstakingly took me through what had happened. The supplier of their website, a company called Supeo, had, indeed, suffered a ransomware attack. This is where hackers manage to get into a system, encrypt it so that the original owners cannot use it and then demand a payment in order to restore it. However, this did not affect the operation of the trains. Rather, instead, in order to protect the operation of the network from the attack, the website was temporarily separated from the rest of the railways’ IT system. That had an unexpected effect. The train drivers in the suburban system around Copenhagen use a particular app which provides them with up to date operationally critical information and this was reliant on the same system as the website. It was supposed to be able to continue functioning internally even if disconnected from the web but in fact it failed, and therefore some trains could no longer function. Larsen stressed it was not an attack on the Danish rail system directly which caused the outage and moreover only S-trains which operate the Copenhagen suburban system which were affected.
However there remains many cybersecurity concerns about the railways. For example, perhaps more pertinently, ’hactivists’ – hackers with a political rather than a financial motive – in Belarus were reported to have taken breached computers that control rail movements in the country in an effort to delay Russian supplies to their front line in the early stages of the war against Ukraine. The hackers claimed to have slowed down numerous services by taking over the control system but it is difficult to assess how successful they really were. Both Russia and Belarus use systems that are different from the European Rail Traffic Management System (ERTMS) that is being introduced here and across Europe.
There have been other attacks. Last March, the Italian state owned railway, Trenitalias, suffered a major ransomware attack on its ticketing system, which disrupted sales at stations as well as passenger information screens. In response, Trenitalia blocked the accounts of some passengers and was not able to sell tickets at stations.
The report into cybersecurity certainly lists a wide range of potential risks. There are several, such as data breaches of ticketing systems as happened to Trenitalia or leaks of sensitive data which do not pose a safety risk but are nevertheless of concern. The report mentions in 2020 it was discovered that C3UK, a wifi hotspot provider and Network Rail had allowed a database involving 146 million records from 10,000 people to be accessible without a password. But these would not compromise either the safety or operation of the railway. Other risks might. For example,
a fire at a data store could impact on railway performance as could the theft of an administrator’s password, allowing access into the system and the theft of information. Then there is the possibility of full on attacks on the railway’s control system which may become increasingly vulnerable as more and more digital information systems between train and control are introduced. These could undoubtedly lead to a total stoppage of the whole system, but are they feasible? An academic who specialises in preventing cyber attacks, told me that the risk of a widespread stoppage on the network is ‘probably quite low’ but by no means impossible. It would require a high level of sophistication and a clear financial motive, such as ransomware. All the data used in control systems is encrypted, so the hackers would have to get hold of the code as well as access to the system. One vulnerability is that there are many legacy systems that remain operational in the system, as well as software provided by third party suppliers who might not have gone through all the right procedures. For example, one point of access might be through a box on a train which contains both a public wifi system and highly confidential data for operational purposes.
Certainly, there is no reason to be complacent. At a conference at the end of last year organised by ENISA, which covers a wide range of industries, the executive director, Juhan Lepassaar warned that the railways were a particular vulnerability: ‘When we look at the railway sector [compared with] other transport sectors, specifically aviation, rail is still showing lower levels of maturity…for us, rail is a priority sector for two reasons: you are critical but you still have a way to grow.’ He warned that there were ransomware criminals who were likely to focus on te railways’ One problem is that the very nature of the railways, with its geographically huge extent and its enormous amount of unsupervised equipment, leaves it open to attack.
It is easy to panic and to be over concerned. But there is a lot for the industry to do. Stopping the whole network may prove difficult, but preventing a few trains from running, or focussing on a particular operator may be all too easy. The Rail Delivery Group refused to brief me on this article, even on a background basis, on the grounds that it cannot discuss security matters. This is short sighted. It would be far more reassuring to know of how they assess particular threats and their level of concern. I have spoken to several people in the industry who are concerned especially as Brexit has not helped. It means we are no longer in the European Agency and therefore have to plough our own way. Yet, such cooperation is vital to ensure that rail does not have yet something else to worry about.
Greek tragedy preventable
While the precise explanation of what happened in the terrible Greek rail accident will not be known for some time, there are pointers which can go some way to understanding it. The first is that one major error, the stationmaster changing the points so that the two trains ended up on the same track, should never be allowed to cause a disaster. There should always be back up systems.
Second, the price of neglecting safety issues is very high. In this case, it was borne of overall neglect of a public utility by the Greek government. Moreover, the structural changes, notably the privatisation (oddly to the Italian state owned railways, rather like our franchising system) and separation of track and operation, which the European Union pushed for, inherently pose a risk. The very same changes did put lives at risk in this country as I outlined in my book On the Wrong Line because they were pushed through too quickly and before the implications could be fully understood.
Thirdly, to put all the blame on the hapless station master is clearly scapegoating. This was, as with the majority of accidents,a systemic failure reflective of widespread malaise in the Greek railway system. This tragedy was avoidable in so many ways, and totally predictable, and the scenes of grieving parents and other relatives are unbearable to watch.
One positive aspect to note is that such accidents are far rarer nowadays than even in the recent past. In the UK but also across the world, accidents on railways, which were always the safest form of land travel, have become even rarer. It is interesting to contrast the huge fuss in America about the chemical train derailment in East Palestine which had no fatalities with the daily carnage on the US roads which result in more than 100 deaths per day across the nation.
I have received many examples of Nobody Gives a Damn railway, and pleasingly also some compliments of railway staff going well beyond their normal call of duty. But these domestic examples will have to wait till next time as the Greek train accident was, in a way, the result of the same sort of attitude. So do continue sending them to me.