Could you hack a train?

Next story

 

Next up in our “Could you hack…” series, a Train: Plans to upgrade the UK’s train signalling system could potentially be hacked to cause serious disruption or even a crash. Is this the cost of staying up to date?

We’ll see if the “Could you hack…” series actually becomes a thing but it is a little disquieting when a story about hacking a plane and then a story about hacking a train come out within a week of one another.

This particular story involves an effort to modernise the UK’s rail system with a flashy new signalling system which, it turns out, could potentially be vulnerable to cyber-attacks.

Spokesmen both for and against the change had their say in this BBC article. We asked Mark James, ESET security specialist, what he thinks.

 

Worth the risk?

 

If these ‘improvements’ are going to open a system to new, and potentially catastrophic, vulnerabilities then should they be implemented in the first place?

“We have to always look at upgrades and improvements,” explains Mark.

“If the system will be better because of it then we need to ensure that appropriate measures are in place to protect against any attack just like any other IT system.

“Using the latest technology to better serve the public should be a priority, the internal safety of that system like any system just comes with the territory.”

 

A rogue element

 

Prof David Stupples, a scientist who advises the government, was quoted in the BBC article as saying that “the weakness is getting malware into the system by employees… either because they are dissatisfied or being bribed or coerced.”

Essentially the ‘rogue element’ scenario, in which a company or organisation is attacked from within, often from an ex-employee who retained his/her system access.

Mark explains why the ‘rogue element’ is a serious issue and how companies can try and defend against it.

“To be honest these days it’s our biggest threat but that could be said for any industry that uses staff and IT systems.

“Making sure systems are properly segregated, correct education and training along with backup and up to date security systems, operating system and application patches.

Ensuring any vulnerabilities are closed in good time and correctly addressed will go a long way to protecting the integrity of the systems.

“Let’s not concentrate too much on the negative though: our staff are also our biggest asset and defence, problem staff members are certainly the minority.”

Join the ESET UK LinkedIn Group and stay up to date with the blog.

Does this put you off using the train?