Computer hackers 'could bring rail network to a standstill' warns security expert - but would we even notice?



New switching systems are vulnerable to attack

Simplest form of cyber attack could paralyse network

'Could not cause crashes' says expert - but could cause delays

New 'advances' in railway switching have left railway networks vulnerable to paralysing cyber attacks, a security expert warned this week

Railway systems have become vulnerable to the simplest form of cyber attack - one that can easily be mastered by relatively unskilled teenage hackers.



Anyone who knows how to unleash a 'denial of service' attack could bring train services to a standstill, a German security expert said this week.

The vulnerability is due to mobile phone signals used to link railway switching systems together - and would allow hackers to cause massive service disruption.

'Denial of service' campaigns are one of the simplest forms of cyber attack - where hackers recruit large numbers of computers to overwhelm the targeted system with Internet traffic.



The attacks require far less skill than penetrating a computer network or writing malicious software.



Hackers have used the approach to attack sites of government agencies around the world and sites of businesses.



Stefan Katzenbeisser, professor at Technische Universität Darmstadt in Germany, said switching systems were at risk of 'denial of service' attacks, which could cause long disruptions to rail services.



'Trains could not crash, but service could be disrupted for quite some time,' said Katzenbeisser.



Train switching systems, which enable trains to be guided from one track to another at a railway junction, have historically been separate from the online world, but communication between trains and switches is handled increasingly using wireless technology.



The use of 'connected' systems renders them vulnerable to cyber attack.



Train networks have become more vulnerable in recent years as separate switching systems have become connected via wireless signals.

Katzenbeisser said GSM-R - standing for GSM-railway - a mobile technology used for train communications, is more secure than the usual GSM, used in phones.



But it's still vulnerable to hackers who manage to lay hands on one security key.



'Probably we will be safe on that side in coming years. The main problem I see is a process of changing security keys. This will be a big issue in the future, how to manage these keys safely,' Katzenbeisser said.



The software encryption ‘keys’, which are needed for securing the communication between trains and switching systems, are downloaded to physical media like USB sticks and then sent to offices to be installed - raising the risk of them ending up in the wrong hands.

If one of the keys was lost, hackers could then attack and overwhelm a railway network's switching system.





