Following the news that railway network has suffered at least four major cyber attacks over the last year alone. IT security experts from Tripwire, ESET, AlienVault and NSFOCUS commented below.
Tim Erlin, Director, Security and IT Risk Strategist at Tripwire:
Reconnaissance activities in critical infrastructure should be taken very seriously. We should expect that these attackers are doing their homework before executing any serious campaigns.”
Mark James, Security Specialist at ESET:
Hackers will target anything they can, regardless of the motive it’s no surprise the attacks are happening, some companies will still be using older operating systems or running bespoke applications that will be a logistical nightmare to upgrade, some will be no more than cost related but as a hacker whether it’s fame or fortune, the bait is set and ready for the taking.
Although at first glance it may seem an insignificant target, the stakes are high when we have large volumes of users in flimsy metal containers passing, sharing lines and travelling at high speeds. And of course let’s not forget the fact that Clapham Junction is considered Europe’s busiest station.”
Javvad Malik, Security Advocate at AlienVault:
Unfortunately, the cyber-attacks on UK railways aren’t isolated. There are similar concerns regarding power stations, utilities, and other critical infrastructure. Increased regulation, as well as increased industry collaboration and participation is required in order to design robust systems, identify threats, and share intelligence.
This seems to be less about the information that could be gleaned, and potentially more about how the train system could be controlled or manipulated.”
Stephen Gates, chief research intelligence analyst at NSFOCUS:
For example, when doing a search on www.cve.mitre.org for the term SCADA, the site returns 162 results. What this means is that there are 162 known vulnerabilities in SCADA systems deployed globally; many that allow remote code execution. Performing the same search for the term HMI, returns 101 results; many vulnerabilities that again, can allow remote code execution. Any vulnerability that allows remote code execution can be exploited by hackers to gain remote access, and eventual control over any computing system.
Cyber attackers who have gained remote access and can remain persistent in a network can cause a loss of view, manipulation of view, loss of control, and denial of control for operators running critical infrastructure. Exploiting these “operational vulnerabilities” could result in a catastrophic event. The operational vulnerabilities in our railways are no different.”