From Signaling to Safety: Protecting Critical Infrastructure and the Modern Railway from Digital ...
0Guest: Fahad Mughal, Senior Cyber Solutions Architect - Security
On LinkedIn | https://www.linkedin.com/in/fahadmughal/
____________________________
Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine (https://twitter.com/ITSPmagazine) ] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber (https://twitter.com/RedefiningCyber) ]
On ITSPmagazine | https://www.itspmagazine.com/sean-martin
View This Show's Sponsors (https://www.itspmagazine.com/sean-martin)
___________________________
Episode Notes
Modern railway systems are increasingly digital, integrating operational technology (OT) to enhance efficiency, reliability, and safety. However, as railways adopt automated and interconnected systems, they also become more vulnerable to cyber threats. In this episode of Redefining Cybersecurity on ITSP Magazine, host Sean Martin speaks with Fahad Ali Mughal, a cybersecurity professional with extensive experience in OT security architecture, about the challenges and priorities of securing railway infrastructure.
The Growing Role of Cybersecurity in Railways
Railway systems have evolved from steam-powered locomotives to autonomous, driverless trains that rely on sophisticated digital controls. OT now plays a crucial role in managing train operations, signaling, interlocking, and trackside equipment. These advancements improve efficiency but also expose railway networks to cyber threats that can disrupt service, compromise safety, and even impact national security.
Unlike traditional IT environments, where the focus is on confidentiality, integrity, and availability (CIA), OT in railways prioritizes reliability, availability, and public safety. Ensuring the safe movement of trains requires a cybersecurity strategy tailored to the unique needs of railway infrastructure.
Critical OT Systems in Railways
Mughal highlights key OT components in railways that require cybersecurity protection:
• Signaling Systems: These function like traffic lights for trains, ensuring safe distances between locomotives. Modern communication-based train control (CBTC) and European Rail Traffic Management Systems (ERTMS) are vulnerable to cyber intrusions.
• Interlocking Systems: These systems prevent conflicting train movements, ensuring safe operations. As they become digitized, cyber risks increase.
• Onboard OT Systems: Automatic Train Control (ATC) regulates speed and ensures compliance with signaling instructions. A cyberattack could manipulate these controls.
• SCADA Systems: Supervisory Control and Data Acquisition (SCADA) systems oversee infrastructure operations. Any compromise here can impact an entire railway network.
• Safety-Critical Systems: Fail-safe mechanisms like automatic braking and failover controls are vital in preventing catastrophic accidents.
The increasing digitization and interconnection of these systems expand the attack surface, making cybersecurity a top priority for railway operators.
Real-World Cyber Threats in Railways
Mughal discusses several significant cyber incidents that highlight vulnerabilities in railway cybersecurity:
• 2023 Poland Attack: Nation-state actors exploited vulnerabilities in railway radio communication systems to send unauthorized emergency stop commands, halting trains across the country. The attack exposed weaknesses in authentication and encryption within OT communication protocols.
• 2021 Iran Railway Incident: Hackers breached Iran’s railway scheduling and digital message board systems, displaying fake messages and causing widespread confusion. While safety-critical OT systems remained unaffected, the attack disrupted operations and damaged public trust.
• 2016 San Francisco Muni Ransomware Attack: A ransomware attack crippled the fare and scheduling system, leading to free rides for passengers and operational delays. Though IT systems were the primary target, the impact on OT operations was evident.
These incidents underscore the urgent need for stronger authentication, encryption, and IT-OT segmentation to protect railway infrastructure.
Cybersecurity Standards and Best Practices for Railways (links to resources below)
To build resilient railway cybersecurity, Mughal emphasizes the importance of international standards:
• IEC 62443: A globally recognized framework for securing industrial control systems, widely applied to OT environments, including railways. It introduces concepts such as network segmentation, risk assessment, and security levels.
• TS 50701: A European standard specifically designed for railway cybersecurity, expanding on IEC 62443 with guidance for securing signaling, interlocking, and control systems.
• EN 50126 (RAMS Standard): A safety-focused standard that integrates reliability, availability, maintainability, and safety (RAMS) into railway operations.
Adopting these standards helps railway operators establish secure-by-design architectures that mitigate cyber risks.
Look...