The Saudi Railway Company (SAR) has announced a partnership with “sirar by stc” to strengthen the cybersecurity of its critical transit network.
The deal comes amid growing cybersecurity concerns rail transport networks in general, they are part of the country’s critical national infrastructure and the target of not infrequent attacks.
Rail networks are based on a combination of IT and operational technology (OT) components that rely on multiple vendors and different technologies.
In a declarationstc sir said: “[We]specializing in comprehensive cybersecurity services, will provide advanced solutions to safeguard the SAR’s extensive rail network, contributing to the safety and security of travel and freight transport across the Kingdom.”
stc’s Sirar did not immediately respond to Dark Reading’s request for comment on priorities for its work with SAR, or whether or not it will use internationally recognized cybersecurity assurance standards for guidance.
SAR is responsible for managing 4,500 kilometers of railway networks in Saudi Arabia. Its ambitious “Land Bridge” project aims to connect Saudi ports from the Persian Gulf to the Red Sea as part of a strategy to make the country a transport and logistics hub for the region, promoting sustainable development and reducing greenhouse gas emissions .
Departures board
Railroads face the challenge of aligning legacy technology with the latest innovations: rollout IoT signaling and communications technology increases operational efficiency. But the operational advantages resulting from modern technologies come with the disadvantage of increasing the attack surface of networks.
For example, many systems, such as those for track switching and train position monitoring, often transmit wirelessly without encryption.
Chris Grove, critical infrastructure cybersecurity expert at Nozomi Networks, tells Dark Reading: “Rail networks face a complex and multifaceted attack surface. This includes numerous small components that control heavy industrial equipment in motion, often spread across large distances Other vulnerable areas include platform infrastructure, train stations, kiosks, digital signage, phone apps, web servers, HVAC [heating and ventilation] energy generation/control systems and plants.”
Travel chaos
The recorded breaches targeted digital signage, ticketing systems, monitoring systems and other components in stations, leading to widespread service disruptions and data leaks.
Notable incidents include the attack on the San Francisco area transportation provider BART from the hacktivist group Anonymous in 2011, while in May 2017, German railway in Germany was hit by the WannaCry malware.
Also in March 2022, The Italian railway network has been hit by a ransomware attack this affected ticket sales, leaked passenger information and disrupted rail communications.
In August 2023, Hackers have disrupted traffic on the rail network around Szczecin in Poland after violating the railway frequencies used between train drivers and signalmen. The hackers had emergency brakes applied to some trains and also played recordings of the Russian national anthem and a speech by Russian President Vladimir Putin.
Aaron Walton, threat intelligence analyst at managed detection and response company Expel, says: “When we talk about rail security, there is often a concern that the operational technology and Internet of Things (IoT) components of trains will be targeted, due to the failure of these systems.” can seriously endanger passengers and transport. However, the current cyberattacks we have witnessed primarily destroy the IT components of the organization.”
Rolling stock
Measures to protect rail infrastructure begin with the same fundamentals as strengthening the cybersecurity of corporate networks, such as conducting a comprehensive risk assessment, strengthening resilience and developing disaster recovery plans.
Shaked Kafzan, co-founder and CTO of security provider Cervello, says a successful approach to cybersecurity for railways should focus on threat and risk prevention rather than detection, starting with complete, in-depth visibility of every system and resource across all environments, including real-time risks, all in the rail context.
“There is a fundamental difference between a solution that can identify common IT or OT resources and one that can identify resources or protocols that are relevant and specific to the rail environment, says Kafzan.