Expert and government adviser Professor David Stupples has warned that a new high-tech rail system could be hacked, leading to a serious crash…
The high-tech signalling system that is set to control trains in Britain could potentially be hacked, according to a leading rail expert and adviser to the government.
Network Rail is overseeing the upgrade and has acknowledged the threat. A spokesperson said: “We know that the risk [of a cyber-attack] will increase as we continue to roll out digital technology across the network.
“We work closely with government, the security services, our partners and suppliers in the rail industry and external cybersecurity specialists to understand the threat to our systems and make sure we have the right controls in place.”
The European Rail Traffic Management System (ERTMS) is currently being tested in the UK. Once it is launched computers will dictate critical safety information. This will include how fast the trains should travel and how long they take to stop. It is expected to be rolled out across some of the UK’s intercity routes by the 2020s. The system aims to make networks safer by reducing the risk of driver error.
The system, which is already in use in other parts of the world, has never seen any reported cases of cyber attacks. However, Professor Stupples, who is an expert in networked electronic and radio systems, said hacking into the system could result in a “nasty accident” or “major disruption”.
He said: “It’s the clever malware [malicious software] that actually alters the way the train will respond.
“So, it will perhaps tell the system the train is slowing down, when it’s speeding up.”
He added: “Governments aren’t complacent. Certain ministers know this is absolutely possible and they are worried about it. Safeguards are going in, in secret, but it’s always possible to get around them.”
A spokesperson for the Department of Transport said: “We keep security arrangements under constant review to take account of the threat and any new challenges we face.”
Professor Stupples said the system was protected from outside attacks, but warned danger could come from a rogue on the inside.
“The weakness is getting malware into the system by employees. Either because they are dissatisfied or being bribed or coerced,” he explained.
The professor said the main reason the system had not been hacked as frequently as financial institutions and media organisations was because much of the technology used was too old to be vulnerable. This will change in the future as aircraft, cars, and trains become increasingly computerised.
Independent security expert Graham Cluley agreed with the professor. He said: “Seeing as we have seen nuclear enrichment facilities targeted with state-sponsored malware attacks and ‘massive damage’ done to a German steelworks, you have to ask yourself whether it is likely that a train signal system would be any better defended?”
“The most obvious danger is going to be human.
“The risk is that staff will either be deliberately and clandestinely assisting attackers or – most likely – make poor decisions, such as plugging in a device that is malware-infected that could expose the system’s security.”