"...the growth of the Internet of Things (IoT) has led to a proliferation of connected devices aboard a train, some even as basic as a “smart coffee pot” in the buffet car. These are often very cheap systems, with little or no security...."
As public transport continues to be transformed by digital technology, and our industry becomes increasingly reliant upon it, the attack surface for potential damage is massively increased. Clearly, traditional firewalls are not secure enough to keep pace with the progressively sophisticated attacks from hackers and cyber criminals. Fortunately, since 2007 Waterfall Security has pioneered a different approach to industrial cybersecurity technology. An Israeli company with customers worldwide, Waterfall keeps industrial networks secure with innovative “unidirectional security gateway” technology that provides a stronger alternative to firewalls. To learn more about this crucially important area for the industry, our Editor Luke Upton recently spent some time with Waterfall Security’s CEO and Co-founder Lior Frenkel and discussed why they have taken this different approach, what some of the specific threats are and why rail companies should not depend on firewalls or other IT-based cybersecurity to protect their control and SCADA systems.
Waterfall Security began its work a decade ago servicing the power industry and quickly branched out into other sectors, including public transportation where they now work with metros and railways around the world (who for security reasons must remain anonymous). Although there have been a number of recent cybersecurity breaches, most notably on the San Francisco Metro, most passengers are unaware of the complex systems that ensure they have a successful journey. To maintain the safety of passengers and the reliability of operations, cybersecurity has become a paramount concern for rail and metro transportation.
“Despite hundreds of millions of people utilizing public transport every day, most countries don’t have specific regulations relating to cyber security, with the exception of the Department for Transport in the UK. But rail and metro operators know that today’s threats are extremely dangerous, as any cyberattack can lead to crash or derailment. Lior (pictured left) explains, “The biggest risk to industrial networks occurs when there is a connection to an external network. In many ways, connecting rail systems to the internet is quite reckless, but delivers so many efficiencies that it’s hard to see a day when public transport won’t be connected. What is most concerning is when the mission-critical control systems are connected to the same networks used by the passengers or the business networks. Here you open up the control system to the bad guys, who needn’t even be on-board the train to find a way into the control system.”
Waterfall Security ( @WaterfallSecure ) has developed the ‘unidirectional security gateway’ technology to prevent remote cyberattacks from entering a control network, while providing a critical need for visibility and access to real-time data by headquarters or remote personnel without opening up the network to any Internet connections. The Unidirectional Security Gateway is physically incapable of propagating any virus, DOS attack, ransomware, malware, human error or any information at all into the control network.
Information can only flow out of the control network to a business network – only in that one direction. “Just like the one-way flow of water in a waterfall, hence the name,” adds Frenkel.
This solution is considered as cybersecurity best practices by many regulatory and governmental agencies, including the Department for Transport in the UK. In addition to its use in railways and metros, Waterfall’s Unidirectional Security Gateway can be found deployed in utilities, nuclear plants, on/off-shore platforms, refineries, manufacturing plants, and other industries.
With the time so far focussing on the solutions, Luke was keen to learn more from Lior, a widely respected expert in this field, with over 20 years’ experience about some of the specific threats, and asked, “Where do these threats originate from?”
“These days in rail and metro, the threat comes from criminals using ransomware to extort money from operators. One morning, you get a message flashed up on a screen in a control room demanding $200,000 or the train will be derailed. And then you pay. This is how serious the threat is. And I know of at least one incident similar to this. Yes, there is always a threat from disgruntled former employees or from individuals in a group of particular countries but today, ransomware is where the principal threat exists.”
“Another danger that I want to highlight is that the growth of the Internet of Things (IoT) has led to a proliferation of connected devices aboard a train, some even as basic as a “smart coffee pot” in the buffet car. These are often very cheap systems, with little or no security. In these cases, where the signalling network can be accessed through the passenger network, the “smart coffee pot” network access becomes an entry point for hackers. As CEO of Waterfall, this threat means more business, but as a private citizen I find it very concerning.”
Business networks are under constant attack and similarly, the control and signalling networks that operate our trains and metros are no different. For Waterfall, firewalls are “just a bump when you need a wall” and when it comes to intrusion detection systems “it’s too late to stop an attack.”
How transport professionals deal with this threat is one of the major challenges of modern business. As Lior says, “Stay ahead of the bad guys” by focussing on the prevention of attacks, eliminating remote online attacks from entering your controls - something which Waterfalls’ evolutionary alternative to firewalls provides.
Waterfall Security Solutions is a privately-owned company with its headquarters based in Israel, and sales and support operations in North America, Europe and Asia. For more information visit www.waterfallsecurity.com, email: firstname.lastname@example.org or call +1 703 840 5452.
For more stories focussed on transport security and cyber security strategy ...