Hacking of wireless communication makes ATO vulnerable
While European cities already have some autonomous metro lines, operators of heavy railway lines are just dreaming about them or making the first steps to this dream. Anyway, the mentioned ambition might never come true or be postponed until a better day due to cyber threats. Experts from Frazer-Nash Consultancy Karl King and Lloyd Tobin talk to RailTech.com about the impact of this factor on Automatic Train Operation (ATO).
“Cyber threats can be very serious for the rail sector in the future,” says Karl King, Senior Consultant at Frazer-Nash Consultancy. On the follow-up question ‘why?’, he brings attention to several important facts in implementing the ATO. The first one is the technical specifications of the systems used by the railway operators and infrastructure managers. “Historically, railway systems have been purchased with lifespans of 15 to 20 years. The rate of technological advancement these days means this will inevitably lead to a lot of outdated equipment, which could be more easily compromised,” explains Mr King.
Politics
Another factor that could have a great impact on the ATO is the dependency of the rail sector from the politicians and political decisions. In some way, this relation results in positive consequences, for example, in terms of state support, subsidies, etc. But from another point of view, the correlation between railways and politics may cause the opposite effect. “No other transport mode has such an intrinsic link between the vehicles and the infrastructure than rail. As the infrastructure is often government-owned, this tends to make railways ‘more political’ and hence more risk-averse than other modes of transport,” explains Karl King.
Text continues below the picture
Costs
The next factor is the costs. “The main barrier to implementing ATO is the cost of doing so,” says the Senior Consultant from Frazer-Nash Consultancy. Of course, every innovation requires a lot of activities and costs to develop, test, upgrade and eventually introduce it for the regular service. All these moves make an innovation too expensive at the initial stage of the development. ATO is not the exclusion.
However, this technology has its own stimuli to increase costs. Mr King names cyber threats and vulnerabilities of the ATO as major cost drivers. “Cyber threats can drive up costs, so in this sense, they are contributing to the challenge of ATO implementation. Although the obvious vulnerability would be hacking the wireless communication channel, a ‘man in the middle’ attack, the most likely and dangerous vulnerability of ATO is probably an insider threat,” adds the expert.
Text continues below the picture
Long-term solution
So what the railway companies should do in order to make the ATO more resistant to cyber threats? Lloyd Tobin, Consultant at Frazer-Nash Consultancy, says that there cannot be exact answers. “The solution to wireless interception vulnerability that may first come to mind is a technical one, such as suitable encryption,” explains the expert.
But this advice is not a panacea because it is dedicated just to one problem. Mr Tobin notes that the rail sector needs more complex and long-term solutions. “Simply implementing a technical solution is unlikely to provide a long-term solution. However, this needs to be considered in combination with more human-based responses, such as governance and standards, and education and awareness to create a security-conscious culture within the railway,” sums up the specialist.
Do you want to know more about cyber threats in the rail sector? Karl King and Lloyd Tobin will deliver a presentation at the Intelligent Rail Summit 2019 that will take place on 19-21 November in Paris. The event programme is available here.
Also read: