There has been some interesting coverage today on the rise of automated control systems relating to the rail networks in the UK – systems that control signalling, points and train movements around the network. The story – covered on the BBC website but rapidly echoed around the Internet – talks earnestly about the perceived risks and vulnerabilities. See http://www.bbc.co.uk/news/technology-32402481
Given the potential effects of any attack on transportation control networks, it will be critical for Network Rail to react quickly and effectively when necessary to prevent damage or the harmful effects of faults that are introduced into train control and signalling systems. The challenge will be spotting that the attack has actually happened before the effects (in the real world) are apparent. With insider threats, there may be very little evidence beyond some small changes in system behaviour that security has been breached until it is too late. Similarly, attackers are always becoming more sophisticated and developing new ways to penetrate defences. As a result, there is every chance that an attack will be completely new, and its effects and warning signs completely unknown, before it actually affects the signalling network.
To avoid this, it will be important to be able to spot not only known, expected threats but also those unknown ones that may not even have been devised yet. The only way to do this is to monitor systems for any unusual behaviour, whether from users or from the system itself, to spot the beginnings of any potential problem. While not every discrepancy will be an actual threat, the organisation needs to be able to identify every one and then determine which pose a risk to the signalling network, the trains themselves and the thousands of passengers that could be affected by any disruption or accidents that happen on the rail network. Without this level of intelligence, there is always the risk that attacks won’t be uncovered until it’s too late – and we won’t be talking about impacts like data loss or system downtime here, it will be real world events that affect real systems, real people and real lives.
In the case of the train network here in the UK, passengers will know that it doesn’t always have the best reliability and service record anyway – even minor disruptions can affect the rush hour journeys of thousands of people and lead to ruined evenings, missed appointments and additional travel time and cost. If you layer that with the obvious safety issue of trains that get stopped unexpectedly at signals, running too fast or ending up in collisions or derailments – the impacts could easily be very serious.
This will be one system where getting security right will definitely mean a blended mix of preventative controls, advanced detection systems for previously unseen attacks and that gives the ability to respond very quickly when an insider or external attack has been suspected or detected.