Paper published in IRSE NEWS February 2017.
This paper briefly explores the vulnerability of railways to cyber attack, and some of the defences against such attacks. It explains why ensuring and maintaining security and resilience in the ‘cyber’ world requires not only sound technical design, but also strong collaboration between supply chain partners, the sharing of knowledge about changing threats, and unremitting vigilance throughout the operation of the system under consideration. Security should be a concern throughout the entire life cycle of a system, from procurement through design, construction, operation and finally decommissioning and disposal.
Railways are in many senses ‘mature’. They have been around for 150 years, and wherever they have been introduced they have shaped our lifestyles, work patterns, our towns and cities, industrial activity and much more. It could well be argued that in their time, railways have had a more fundamental influence on society than the present information technology revolution.
But it is information technology that is now leading the way, and the world’s railways need to take full advantage of the opportunities that this new revolution offers. In doing so, we also have to recognise the challenges that information technology presents, particularly that of cyber-security. Information technology has made it possible for systems to communicate with each other via computer networks but has also made them vulnerable to attack via those same networks. Cyber-security is concerned with protecting systems against this new threat.