Rail networks are experiencing an increase in cyber attacks, most notably the August 2023 incident in which hackers infiltrated the Polish rail network’s radio frequency communications and temporarily railway traffic interrupted.
This has led nations and rail operators to struggle to protect their networks, such as Saudi Arabia recently announced a partnership to improve the security of your service.
Another operator improving the protection of its networks is Tel Aviv’s Purple Light Rail Transit (LRT) Line, a line currently under construction and expected to be open and operational by the end of this decade.
Dark Reading spoke with Eran Ner Gaon, CISO of Tel Aviv Purple Line LRT, and Shaked Kafzan, co-founder and CTO of Rail Operational Technology (OT) security provider Cervello, about managing the increase in attacks on OT networks.
Eran Ner Gaon, CISO of the Purple Line in Tel Aviv
Shaked Kafzan, co-founder and CTO of Cervello
Dark Reading: What measures have you taken to protect your networks from cyber attacks?
Eran Ner Gaon: To identify OT threats, we have developed a comprehensive approach OT security strategy which includes measures such as threat intelligence, technological measures, incident response plans and employee training related to INCD regulation [Israel National Cyber Directorate].
From a human perspective, dealing with OT threats requires extensive specialization not only on the part of cybersecurity but deep familiarity with OT worlds and their communication protocols. To this end we need skilled workers who, when they suspect an accident, sit in control centers with their eyes and hands directly on the keyboard. From a technological point of view, we provide protection at all levels of the network: physical separation between networks, work environments and micro-segmentation; identity management with advanced tools via PAM; [and] establishing a lab that simulates operational activity and adapts changes to the system before downloading for execution.
DR: Is it possible to fully defend against cyber attacks against OT?
Kafzan shaken: From the perspective of a cybersecurity company, the increase in attacks against OT systems is worrying but predictable. What’s even more concerning is how poorly prepared the critical infrastructure sector is against attacks with potentially fatal or incredibly costly consequences. When the stakes are this high, when the costs are this high, there is no room for risk. Cybersecurity must be implemented as a means to prevent, not to “solve”.
DR: What differentiates rail safety from a protection perspective?
Kafzan: Cybersecurity for the rail and OT sector must be proactive and ongoing. To do this, organizations must implement network segmentation on real network traffic, have rigorous authentication and access controls, ensure continuous monitoring and detection of vulnerabilities and misconfigurations, and stay up to date on what’s happening in the space, including compliance with cybersecurity compliance standards. .
DR: Of course, a robust patching process and best vulnerability management practices are critical to a security strategy. But for an OT organization, what are the challenges of applying patches while keeping systems online?
Kafzan: Fixing a cybersecurity vulnerability within a rail network is like changing the tires on a car while it’s moving: it’s not easy and, many times, it’s not feasible. Although we are a cybersecurity provider, our security strategy must keep in mind the interests of our rail customers, namely high availability and physical security.
This means we must rely on passive but deeply informative operational contextual and rail contextual solutions that will mitigate a cybersecurity incident and strengthen the organization’s cybersecurity posture without any interference in its existing infrastructures and systems.
DR: Every system has its own challenges, so what steps do you take when applying patches?
Goans: Since business continuity is key, we look at any implementation or change in general, meaning we first consider whether the systems support live patching or hot patching, then we will check whether any downtime is needed and what it is [the downtime]? And finally… we will consider the risk of repair versus abandoning the weak point.
In light of these things, we strengthen our operational concept through a strong and updated laboratory environment for the operational environment that supports many tests of the changes we want to implement together with a robust backup system and procedures that allow us to return at any time before the change was made.
DR: As a possible security option, we have seen AI cited as a key cybersecurity trend in 2024, particularly in the field of industrial automation. Does this change the way you work and can OT be better protected?
Goans: In addition to the many threats that AI poses to us, we gain inherent advantages in the technological tools we have chosen that combine the capabilities of AI quickly, efficiently and automatically.
As we move forward, I predict that AI capabilities will be able to perform a large number of high-quality, positive actions for our systems, but we must remember that eventually there will be hands on the keyboard and an interface high quality user. human response that will be able to prioritize events.
DR: From your position as a safety provider for rail operators, how does AI fit into what you offer?
Kafzan: Behind the scenes, AI is more than just a trend, it is an exciting opportunity to more effectively improve the safety of rail systems. It allows us to analyze large amounts of data while staying constantly updated with the knowledge of the global cybersecurity community, in order to quickly identify, respond and remediate threats in real time.
Artificial intelligence will allow us to predict potential security breaches before they occur, based on learned patterns. An immediate benefit of the technologies is their ability to improve operational efficiency, optimize schedules and routes, and enhance the passenger experience by providing real-time information. It can help minimize downtime and extend the life of existing infrastructure by offering predictions about when parts of rail systems or tracks are likely to fail or need maintenance.