The end of 2022 was a bit rough for the railway industry as it faced the possibility of a massive strike. While that issue settled, another risk continues to grow – cybersecurity. This was recently reflected through the case of rail systems and locomotive manufacturer Wabtec. As reported by SecurityWeek, Wabtec had to undertake the unfortunate task of notifying individuals that they may have been impacted by a ransomware attack that the company experienced last year. Not only is this a serious task considering that Wabtec branches across the U.S., Canada, UK and Brazil were potentially affected, but it also demonstrates the widespread effects that a cybersecurity breach on rail operations can have.
The Rising Importance of Railway Cybersecurity
Railways are both a significant economic and critical infrastructure component. According to StateTech, there are 140,000 miles of track and 28,000 locomotives in the U.S. Plus, the “rail industry moves 1.7 billion tons of goods per year,” Randy Barrett explains. Therefore, ensuring the safety of this industry is essential. And as we’ve explored, that increasingly includes cybersecurity.
While IT and OT used to exist as separate entities within operations, they are rapidly converging in today’s digital environment. This shift is definitely occurring among rail organizations. While this offers efficiency, it is presenting cybersecurity challenges as well. This is particularly true for critical infrastructure, which has become a prime target for cyberthreats since the sector is more likely to pay in order to avoid large-scale problems. And because they fall under the critical infrastructure umbrella, railways are very much involved in this trend.
Developing Railway Cybersecurity Initiatives and Rules
As awareness around rail cybersecurity builds, more and more action plans are being assembled. For instance, some rail operators have taken to running tests that reveal potential IT and OT vulnerabilities.
On a grander scale, the Transportation Security Administration (TSA) announced a new cybersecurity security directive for designated passenger and freight railroad carriers in October. As described in a press release from TSA, the effort is meant to “further enhance cybersecurity preparedness and resilience for the nation’s railroad operations.” The directive features four overarching requirements. They include designating a cybersecurity coordinator, reporting cybersecurity incidents to CISA, developing a cybersecurity incident response strategy and assessing vulnerabilities. Additionally, the TSA put out an Advance Notice of Proposed Rulemaking (ANPRM), which asks owners and operators in the rail industry to contribute cybersecurity input and feedback by January 17, 2023.
To learn more about how Dellfer can assist with protecting rail operations, visit https://dellfer.com/dellfer-certified-to-secure-the-more-than-850000-km-of-global-railways/.
- “US voters want to avoid rail shutdown at all costs: poll” – Karly Evers-Hillstrom, The Hill
- “Wabtec Says Personal Information Compromised in Ransomware Attack” – Ionut Arghire, Security Week
- “How Railroads Mitigate Cyberthreats Against Their Networks” – Randy Barrett, StateTech
- “TSA issues new cybersecurity requirements for passenger and freight railroad carriers” – TSA, Press Release
- “New Federal Cybersecurity Requirements for Railway Operators” – Jennifer Gregory, Security Intelligence
- “TSA Eyes Cybersecurity Rulemaking” – Marybeth Luczak, Railway Age