Hacking threat to national rail network

Passengers waiting for a trainEven a relatively unskilled teenage hacker could bring national rail services to a standstill, according to respected security expert Stefan Katzenbeisser, a professor at the Technische Universität Darmstadt in Germany.

He claims that railway systems have become vulnerable to the simplest form of cyber campaign - a "denial-of-service" attack that floods networks with useless internet traffic.

Attacks of this kind, also known as DoS campaigns, require far less skill than penetrating a computer network or writing malicious software and have already been used to overwhelm the websites of both government agencies and private sector businesses.

Speaking at the Chaos Communication Congress in Berlin, Katzenbeisser said that national rail networks are also vulnerable due to new signalling or switching systems, which guide trains from one track to another at railway junctions, using wireless technology.

Katzenbeisser admits that GSM-R - or GSM-railway - a mobile technology used for train communications that is currently being installed by Network Rail, is more secure than the usual GSM used by mobile phone networks.

However, it is still relatively vulnerable as hackers need just one security "key" to cause havoc.

What's more, the software encryption "keys" that secure the communication between trains and switching systems are generally downloaded to physical media like USB sticks and then sent to offices to be installed - increasing the risk of them ending up in the wrong hands.

"This will be a big issue in the future, how to manage these keys safely," he said. "While trains could not crash, services could be disrupted for quite some time."
Read Full Story