As rail gets more advanced, so too does its reliance on the technology that keeps trains running, passengers up-to-date and, crucially, people safe. Now, the focus increases on the provision of digital infrastructure that is out of bounds to cyber criminals. One company helping protect systems I speak of is Cylus, an Israel organisation that specialises in providing tailored cybersecurity for modern rail networks.
Cylus’ CEO and co-founder, Amir Levintal, takes the hot seat this week ahead of his panel discussion at SmartMetro in Paris this month, when he will talk about the potential vulnerabilities of integrating legacy systems with new. Here though, Amir explains to Dave Songer how varied his role at the top of the organisation is, the thrill he gets from helping shape the future of rail and why, when it comes to fighting cybercrime, a non-intrusive approach is best.
Dave Songer (DS): Great to meet you, Amir. Please can you begin with a little about Cylus?
Amir Levintal (AL): Trains are closely tied to a country’s economic infrastructure and play a key part in the lives of its citizens. Over the last years, new high-end technologies have been introduced to the rail industry. While these technologies have improved the safety, efficiency and service availability, they also exposed the railway to a new kind of threat: cyberattacks. We noticed that no company is dealing with this emerging issue As a result we founded Cylus to protect railways from cyber-attacks by detecting malicious activities in their network, early before harm happens.
DS: How about your role of CEO, what does that involve? Is there a normal day?
AL: It might sound cliché but, in a start-up, there is never a typical day and I love it – every day is exciting and different. As CEO, a large portion of my work involves devising a long-term strategy and balancing it with day-to-day matters. I am constantly prioritising a wide range of activities from steering the start-up to align with a strategy to participating in brainstorming sessions with the R&D team. I take pride in the professionalism and creativity of our talented team; in my opinion, building a strong culture with amazing people is the key to moving fast in the right direction.
DS: Cylus has been involved in a Thales cybersecurity programme – what can you tell me about that?
AL: Working closely with Thales is an exciting opportunity to collaborate with experts in rail technologies and to pave the way to providing rail companies with a high-end cybersecurity solution specifically designed for their needs. I am highly impressed by the way Thales promotes technological innovation. It is no trivial matter that a large and central company succeeds in leveraging cooperation with small companies to create innovative solutions that are greater than the sum of its parts.
DS: What is it you most enjoy about being involved in the transport industry?
AL: In recent years, all modes of transportation have made big steps towards automation and autonomy vehicles. These technologies are bound to overcome present and future global challenges of urbanisation, sustainability, and accessibility. I am very proud to be part of this mobility revolution and make a positive impact on urban and rural society as a whole, by helping rail be a safe, secure, and an effective means of mobilising people.
DS: What is the biggest professional challenge you’ve faced?
AL: I’d say that is reaching the point of building a sustainable company that meets the ‘here and now’ needs of customers, while also keeping its sights on the long-term goals of evolving with the dynamic nature of the industry and ecosystem. Remaining relevant and innovative over the years is a major challenge that, as CEO and co-founder, I keep in the back of my mind.
DS: You were part of the Israel Defense Forces for 22 years – what are the key things that you learnt there that helped you co-found @Cylus_Security?
AL: I had the honour to be part of an excellent technological unit that was required to provide solutions, whose level of complexity is difficult to overstate and which is sometimes even considered to be impossible. In order to succeed in making the impossible possible, the unit has developed an organisational culture over the years that combines technological excellence with teamwork, creating a sense of competence in those involved. When establishing the company, I strongly believe in building the right organisational culture from the early stages. Miki, my co-founder and vice president of R&D, and I have devoted much thought to the values that are important to us and how to build a stable infrastructure that will enable us to create a meaningful company.
DS: In terms of cyber security, what are the main challenges that the rail industry specifically faces?
AL: Rail systems are no longer air-gapped, and the introduction of new and connected technologies has extended the attack surface. Once a hacker has penetrated the system, the challenge is then to detect and identify their traces in the network. At Cylus, we rose to this challenge by creating a solution that can provide overarching visibility on the network and monitor its critical communications without obstruction. One of the advantages of this non-intrusive approach is being able to leverage our latest research and handle threats as they arise.
DS: How has the overall approach of cyber security changed in recent years? How do you think that will change in the future?
AL: In recent years we have seen more and more targeted attacks as opposed to ‘spray-and-pray’ ones. Hackers are becoming more capable and are planning sophisticated attacks while studying the target to learn not only what can be exploited but also how to move laterally without being detected. We have witnessed the development of this approach in the automotive sector where specialised solutions are being developed to protect connected cars and fleets. Similarly, rail is a unique and complex ecosystem and protecting it effectively requires a deep understanding of both cybersecurity and rail. That’s why there is no one-size-fits-all solution.
DS: You’re going to be speaking at SmartMetro this month – what will you cover at the show?
AL: I will discuss the bad legacy that legacy systems leave behind. The critical infrastructure of railway systems is made up of legacy components and communication protocols, which are mixed with new technologies. This situation of integrating different legacy equipment from different manufacturers, which weren’t built with cybersecurity in mind, combined with new components that have been added-on, results in what I call a patchwork environment that’s vulnerable to cyberattacks because nobody sees the big picture.
DS: Finally then, we always like to round off the interview with a question about a favourite rail journey. Where’s yours?
AL: I travelled from France to the UK with the Eurotunnel Le Shuttle and that was an amazing experience. Being able to travel under the English Channel in high speed looked like an impossible feat 100 years ago and now it’s reality. I take inspiration from seeing how such ideas in transportation, which were considered imaginary, come to life and become part of a common means of transport. Nowadays, we’re witnessing similar forward-thinking with visionaries like Elon Musk and Hyperloop and Richard Branson’s Virgin Hyperloop One.
DS: Thanks Amir, excellent to speak to you – see you at SmartMetro!
If you enjoyed this interview with Amir, please have a read of our last edition which highlighted some of our favourite answers in 2018.