Saudi Arabia Boosts Railway Cybersecurity
The Saudi Railway Company (SAR) has announced a partnership with “sirar by stc” to bolster the cybersecurity of its critical transit network.
The agreement comes against a backdrop of heightened concerns about the cybersecurity of rail transport networks in general, part of the country’s critical national infrastructure and the target of not-infrequent attacks.
Rail networks rely on a combination of IT and operational technology (OT) components that rely on multiple suppliers and diverse technologies.
In a statement, sirar by stc said, “[We], specializing in comprehensive cybersecurity services, will provide advanced solutions to safeguard SAR’s extensive railway network, contributing to the safety and security assurance of travel and cargo transport across the Kingdom.”
Sirar by stc did not immediately respond to Dark Reading’s request for comment on priorities for its work with SAR, or whether or not it will use internationally-recognized cybersecurity assurance standards as a guide.
SAR is responsible for managing 4,500 kilometers of railway networks in Saudi Arabia. Its ambitious “Land Bridge” project aims to connect Saudi ports from the Arabian Gulf to the Red Sea as part of a strategy to make the country a transport and logistics hub for the region, promoting sustainable development while reducing greenhouse gas emissions.
Departure Board
Railways face the challenge of aligning legacy tech with the latest innovations: introducing IoT signaling and communications technology increases operational efficiency. But operational benefits from modern technologies comes with the downside of increasing the attack surface of networks.
For example, many systems, such as those for switching tracks and tracking train locations — often broadcast wirelessly without encryption.
Chris Grove, expert in critical infrastructure cybersecurity at Nozomi Networks, tells Dark Reading: “Railway networks face a complex and multifaceted attack surface. This includes numerous small components controlling heavy industrial equipment in motion, often spread over vast distances. Other vulnerable areas include trackside infrastructure, train stations, kiosks, digital signage, phone apps, web servers, HVAC [heating and ventilation] systems, and power generation/control facilities.”
Travel Chaos
Recorded breaches have targeted digital signage, ticketing systems, monitoring systems, and other components in stations, leading to widespread service interruptions and data leaks.
Notable incidents include the attack on San Francisco-area transport provider BART by hacktivist group Anonymous in 2011, while in May 2017, Deutsche Bahn in Germany was hit by the WannaCry malware.
Also in March 2022, Italy’s rail network was hit by a ransomware attack that impacted ticket sales, leaked passenger information, and disrupted rail communications.
In August 2023, hackers disrupted the rail network traffic around Szczecin in Poland after breaking into the railway frequencies used between drivers and signalers. The hackers caused some trains to apply emergency brakes, and they also played recordings of Russia’s national anthem and a speech by Russian President Vladimir Putin.
Aaron Walton, a threat intel analyst from managed detection and response company Expel, says: “When we talk about railway security, there’s often concern that the operational technology and Internet of Things (IoT) components of trains will be targeted, as failure of these systems can heavily endanger passengers and transportation. However, the actual cyberattacks we’ve seen primarily disrupt the information technology (IT) components of the organization.”
Rolling Stock
Steps to secure rail infrastructure start with the same fundamentals as bolstering the cybersecurity of enterprise networks — such as conducting a comprehensive risk assessment, building in resilience, and developing disaster recovery plans.
Shaked Kafzan, co-founder and CTO of security vendor Cervello, says a successful cybersecurity approach for railroads should focus on threat and risk prevention rather than detection, starting with having complete and in-depth visibility into every system and asset across all environments, including real-time risks — all within the rail context.
“There is a critical difference between a solution that can identify common IT or OT assets, and one that can pinpoint assets or protocols that are relevant and specific to the rail environment, Kafzan says.