Rail bosses warned of cyber threat to new train technology

Trains are pulling out of the Victorian era and into the digital age, but rail bosses have been warned that they also need to address the 21st century threat of cyber attack.

Britain's railway is preparing to close its mechanical signal boxes to run trains with digital technology, finally spelling the end of an age of hand-pulled levers. But experts warn that the new technology, being tested on Arriva trains in Wales, could be vulnerable to cyber attack.

Rail is a critical part of national infrastructure and the new digital system could be exploited by hackers, KPMG and others have warned. Run on a version of the mobile phone network, GSM-R, hackers could create false signals and instruct trains to speed up, slow or stop, potentially causing huge disruption.

"Transport is making a massive leap into 21st century technologies," said Alejandro Rivas-Vasquez, head of cyber at professional services firm KPMG, which has highlighted the risks from the technology. "In contrast to air and highways, rail is behind in adoption of new technologies and managing associated risks."

The warning over the security of the railway comes as the government has moved to tighten defences against cyber threats, highlighting the area as one of the biggest risks to national security.

Experts have warned that rail is a certain target for some form of attack and the Department for Transport is currently reassessing the threat after a private consultation with the industry.

The threats go beyond disruption on the rails. Britain has opted to bring competition into its rail system by franchising train services to the private sector, while leaving the rail infrastructure in public hands.

Because UK rail was privatised, the private sector would be largely responsible for cyber defences, highlighted Charlie Edwards, director of national security studies at the think-tank RUSH.

Peter Gibbons, head of cyber security at Network Rail, has warned in a report that cyber security risk to the body responsible for track and signalling was significantly increasing, as "rail control and management processes are automated, increasing the potential impact of attack".

There had been concern about the new digital signalling technology, known as the European Rail Traffic Management System, he admitted, with the fear raised that a hacker would be able to "inject malicious signalling".

The signalling was still being developed, and whilst there was "no mature view" on how vulnerable it was to hacking, he said he was unaware of it yet being successfully hacked.

Ross Anderson, professor of security engineering at Cambridge university, said "any capable, motivated person can crack GSM".

© The Financial Times Limited 2015. All rights reserved.
FT and Financial Times are trademarks of the Financial Times Ltd.
Not to be redistributed, copied or modified in any way.
Euro2day.gr is solely responsible for providing this translation and the Financial Times Limited does not accept any liability for the accuracy or quality of the translation