Following the news that railway network has suffered at least four major cyber attacks over the last year alone. IT security experts from Tripwire, ESET, AlienVault and NSFOCUS commented below.

Tim Erlin, Director, Security and IT Risk Strategist at Tripwire:

tim_erlin“The motivations for nation state attackers are very different from the financially motivated cyber criminals we’re used to dealing with. Nation state attackers are often better resourced, more patient, and more interested in causing material harm to life and safety than their criminal counterparts.

Reconnaissance activities in critical infrastructure should be taken very seriously. We should expect that these attackers are doing their homework before executing any serious campaigns.”

Mark James, Security Specialist at ESET:

mark-james“I am sure that like any other critical infrastructure utility company running on computers and reliant on software they suffer security breaches day in and day out. Some major, some minor, a lot of them will be insignificant but a few will undoubtedly be serious enough to make people stop and take note to ensure they are doing all they can to keep them unsuccessful.

Hackers will target anything they can, regardless of the motive it’s no surprise the attacks are happening, some companies will still be using older operating systems or running bespoke applications that will be a logistical nightmare to upgrade, some will be no more than cost related but as a hacker whether it’s fame or fortune, the bait is set and ready for the taking.

Although at first glance it may seem an insignificant target, the stakes are high when we have large volumes of users in flimsy metal containers passing, sharing lines and travelling at high speeds. And of course let’s not forget the fact that Clapham Junction is considered Europe’s busiest station.”

Javvad Malik, Security Advocate at AlienVault:

Javvad Malik“This may even be an optimistic figure erring on the side of caution. As we’ve seen more critical national infrastructure connected online, much research over the years has shown that cyber security investments have not kept pace with the increased risk.

Unfortunately, the cyber-attacks on UK railways aren’t isolated. There are similar concerns regarding power stations, utilities, and other critical infrastructure. Increased regulation, as well as increased industry collaboration and participation is required in order to design robust systems, identify threats, and share intelligence.

This seems to be less about the information that could be gleaned, and potentially more about how the train system could be controlled or manipulated.”

Stephen Gates, chief research intelligence analyst at NSFOCUS:

John Engates speaks during the Reuters Global Technology Summit in San Francisco“Most people don’t realise that the critical infrastructures in our countries are being controlled by computers that are just as vulnerable as our phones, laptops, servers, etc. There are no “special computers” without vulnerabilities running our critical infrastructure. Also, most people don’t realise that SCADA (Supervisory Control and Data Acquisition) and HMI (Human Machine Interface) technologies are widely deployed within critical infrastructure to administer industrial control systems, including railways. All of these technologies have known and unknown vulnerabilities.

For example, when doing a search on www.cve.mitre.org for the term SCADA, the site returns 162 results.  What this means is that there are 162 known vulnerabilities in SCADA systems deployed globally; many that allow remote code execution.  Performing the same search for the term HMI, returns 101 results; many vulnerabilities that again, can allow remote code execution.  Any vulnerability that allows remote code execution can be exploited by hackers to gain remote access, and eventual control over any computing system.

Cyber attackers who have gained remote access and can remain persistent in a network can cause a loss of view, manipulation of view, loss of control, and denial of control for operators running critical infrastructure.  Exploiting these “operational vulnerabilities” could result in a catastrophic event.  The operational vulnerabilities in our railways are no different.”