Role of cybersecurity in safeguarding the rail modernization mission

Indian Railways is one of the largest rail networks in the world. The recent modernization efforts of this network are largely being laced with digitalization. As the railway sector adopts digital solutions to enhance customer experience while ensuring passengers’ safety and efficient operations, there emerges a new set of cybersecurity threats the rail industry must be prepared to tackle. The digitalization of railways services in India began with ticketing, freight operations, train operations, and asset management, which are now heavily reliant on IT systems. Trains of the future will be complex computer systems increasingly reliant on digital technology..

The deployment of advanced, new technologies that come with digitalization inevitably increases the attack surface and opens the door to new threats and cyber-attacks making the railway system vulnerable to potential risks.

Over the past few years, the Indian government implemented several measures to maintain safer railway travel. These measures include RailCloud and Rail Saathi application, which aims to work as an integrated platform to fulfill passenger requirements such as ticket booking, inquiry, onboard cleaning, and ordering meals.

The Indian rail system has now expanded to digitizing the operation of trains through electrification and remote monitoring. Recently, the central government approved a five-year plan to implement the use of 4G technology for modernizing communication networks among railway stations and improving the security and safety of train journeys.

Today, the focus of the transport paradigm has shifted from infrastructure to service and from providing ready-made to tailored solutions. Rapid digitalisation in railways enhances infrastructure, system, services, rolling stock, and signalling along with improving operational efficiency. Senior officials from Indian Railways have highlighted the increasing reliance on technologies such as cloud management, internet of things (IoT), and interconnection of (once-isolated) railway signaling control systems as the journey towards modernization progresses steadily.

Advanced software solutions now allow operators to have real-time information on train movements and analyze overall performance – ultimately reducing costs by streamlining processes and improving efficiency and reliability. From predictive maintenance to automated signaling, and from driverless operation to enhanced passenger experience, digital technologies enable a more advanced performance and delivers benefits to authorities, operators, and passengers. One such interesting technological integration is the Operation Control Center (OCC) at Prayagraj, built on Integrated Control and Information System (ICONIS) signaling platform, which has capabilities to integrate/offer digital security solutions to stations, lines, or networks.

ICONIS studies image and sound footage from the deployed sensors and detects suspicious movement, tunnel intrusion, abandoned articles, gunshots, explosions, or breaking glass using specialized analytics modules. The integrated human-machine interface allows operators to respond and perform quickly, ensuring undisturbed functioning of the train’s movement.

However, with an increase in technological capabilities and connected devices, the vulnerability to cyber-attacks also increase. Railways are a crucial artery of both transport and logistics, and as digitalization picks up pace there’s need to institute new frameworks for cybersecurity. Ensuring the security of railway system is significantly different from securing a typical IT infrastructure. There are practical issues to be borne in mind – the system architecture is distributed across long distances, with a large variety of contexts, from a centralized control room to onboard embedded equipment. Also, the rail system’s anticipated lifecycle is much longer than the lifecycles of the various technologies that make up the overall system. It is also necessary to integrate and secure several generations of technologies, each of which has its security levels. Additionally, from the perspective of operational demands, it is merely impossible to halt an entire train network’s operations or access fleet at the drop of a hat, to broadcast a new patch.

It is necessary to evolve our current architecture to prepare for the future while defining measures to secure the existing infrastructure already in service. There is a need to implement a Secure Development Life Cycle and a vulnerability management process to address potential cybersecurity issues. This journey begins with an initial Cybersecurity Risk Assessment to identify the principal risksand the mitigations to be implemented. During the risk assessment, the threat likelihood and impact of feared events on the system is analysed. Based on the risk assessment, a secured architecture and associated mitigation is put in place with a right balance of protection level, operational constraints, time to market and deploy, and – naturally -cost. In case design changes are not feasible, mitigation measures like hardening of equipment and services are implemented to reduce the risk., it is also necessary to place reliable mechanisms to detect cyber intrusions. Finally, Security Testing and Security Assurance will ensure that the selected security measures are correctly implemented. Rail networks are operating in a rapidly changing context, and it cannot be assumed that security measures, once implemented, will be set once for all. That is why it is essential to put a robust vulnerability management process in place that allows the detection and mitigation of vulnerabilities identified in the system’s components. Thus, this process is the only way to maintain security throughout their lifecycle.

It must be recognized that cybersecurity goes beyond development of products and solutions. It must also cover other phases such as manufacturing, testing, commissioning, supply chain, installation, and maintenance, including the decommissioning and disposal activities at the end of an asset’s useful life. It must consist of monitoring the evolution of the threat landscape and vulnerability watch over time, compliant with a robust security incident management approach. The whole cybersecurity philosophy cannot be abstract – it crucially demands that the industry hire the right people and train them well. Adequate resources must be

provided and trained for continuous security operation and monitoring of the system. These steps will ensure security over the complete life cycle and also evolve our understanding of the threat landscape.. High priority must be paid to elements like a company-wide cybersecurity handbook that lays out security policies and processes backed up by regular mandatory training sessions and crisis exercises for everyone interacting with the system, operators, and maintenance staff alike.

The task of ensuring cybersecurity cannot be the responsibility of one player alone.

The whole industry needs to cooperate to collectively address the issue. When a new system is being implemented, or a legacy one updated, all industry stakeholders need to sit together and agree on the security risk evaluation and the relevant protection target they want to achieve. A common language, methodology, and references are needed. Such collaborations should also cover incident/threat sharing; we need to have a standard view of threats identified and incidents recorded at the industry level. Such processes will support the definition of the relevant measures and priorities the industry should adopt.

A global survey 1 of over 3,000 IT decision-makers was conducted to understand their data protection strategies for the next 12 months. The report states, the accelerated adoption of digital technologies in the last two years has severely impacted the cybersecurity landscape resulting in a spike in the number of organizations having witnessed cyberattacks.

The key findings indicate that 84% of Indian organizations have a protection gap between how much data they can afford to lose after an outage and how frequently data is backed up, 93% of organizations plan to increase their data protection budgets during 2022.

As a large organisation and one of the country’s biggest employer, railways handle humungous volumes of data. In the past, website of Iran’s transport ministry and railways went out of service after cyber-attack in computer systems. The cyber-attack resulted in messages about train delays or cancellations being posted on display boards at the stations across country. The electronic tracking of train across Iran also failed. Therefore, the vulnerability of railway systems to cyberattacks, malware etc cannot be ruled out. Real-time, fast connectivity will lead to an explosion in data generation, processing and analysis. The mismatch between data processing and protection would be an acute issue. Work is currently being carried out in international standardization committees, with the TS50701 technical specification for railways being released in 2021.. It can also be helpful to identify existing best practices with industry partners.

Cybersecurity plays a prominent role in enabling the digital transformation of railway industry. A consistent and standardized industrywide approach is needed to secure railway products and services, to meet the latest cybersecurity and government specifications. A collective strategy will go a long way to protect the rail landscape from evolving cyber threats and assure all stakeholders including major rail operators and passengers of a safe, efficient and disruption free service.

END OF ARTICLE

Source link

Tagged with: cybersecurity • India blog • mission • modernization • Rail • role • safeguarding • Thameem Kamaldeen blog • Voices blog