On July 20th over 600 ticket machines at approximately 420 of UK-based Northern Rail’s stations were taken offline when they were infected with ransomware. Rail travelers in northern English towns and cities were directed to Northern Rail’s app, web site, and ticket offices to make their purchases. “This is the subject of an ongoing investigation with our supplier, but indications are that the ticket machine service has been subject to a ransomware cyberattack,” said a company spokesperson.
The defining characteristics of this attack point to a need to raise the cyber defense baseline. SecurityWeek’s Kevin Townsend pointed out that due to Northern Rail’s status in relation to the government, there’s a 0% chance of a ransom payout, which suggests that this is a “spray and pray” attack. “Spray and pray” attack strategies are based on churning out a large volume of attacks that could potentially be effective on a wide variety of targets instead of tailored, time-perfected attacks that are designed for specific organizations. Such attacks are easier to deflect than targeted attacks, which have been designed to penetrate specific organizations or verticals.
CENELEC’s new TS 50701 standards, projected to be available before the end of summer of 2021, will go a long way towards improving the cybersecurity of railway operations. Drawing influence from many existing regulations such as IEC 62443, EN 50126, and CSM-RA, these new regulations will improve synchronization between stakeholders, create an overall rise in safety and security, and promote commercially viable cybersecurity for vendors, manufacturers, and operators. Integrating cybersecurity into every phase of the asset life cycle will be crucial, and special attention will be given to the legacy systems that are common in the railway environment.
The traditional approach to defending operational technology from cyber threats has been re-boxing and re-labeling solutions developed for IT. This provides stakeholders with a short-lived peace of mind that will be lost when operations are impacted by drawn-out maintenance processes, insensitivity to protocols, and difficulty conducting routine checks on stand-alone or mobile systems. Fulfilling these specialized regulations will require solutions that streamline cybersecurity to the constant, unceasing operation of distributed railway subsystems.