Lately, I’ve been engrossed in studying the supply chain, especially with the increasing complexity and risks in our interconnected world. One particular area of interest is the rail industry and its associated cybersecurity challenges. For more on this subject, see “Supply Chain Attacks: Strategies for Effective Defense”.
During this study, I stumbled upon Project Honeytrain. In 2015, this ambitious cybersecurity experiment, conducted by Britain’s Sophos and Germany’s Koramis, constructed a simulated rail system to understand the potential threats to industrial transportation infrastructure. The results were enlightening and continue to inform cybersecurity practices today:
- The most frequent form of attack was automated dictionary attacks attempting to crack passwords.
- Despite the large number of attacks, only four resulted in successful logins, two of which originated from dictionary attacks.
- Attackers that successfully logged in once were able to do so multiple times.
- In one notable instance, an attacker managed to commandeer the front lights of a simulated train engine and attempted to access the track signaling interface.
- Another attack targeted the media server, aiming to alter a public-facing website.
These findings revealed that many hackers targeting railways have a deep understanding of the industry’s complexities and intricacies. This emphasizes the importance of sophisticated cybersecurity strategies in the protection of our vital rail infrastructure.
The rail industry plays an essential role in the American economy, moving about 1.7 billion tons of freight annually over nearly 140,000 miles of track. In recent years, we’ve seen innovations like the Des Moines Transload Facility, which enables seamless, open, and competitive exchanges between multiple Class 1 and Class 2 trains, and trucking companies. These developments, while beneficial for efficiency and cost-reduction, also bring new cybersecurity risks requiring innovative approaches to risk management.
Since the Honeytrain experiment, the cybersecurity threat landscape for rail companies has expanded. One recent example is the ransomware attack on Denmark’s rail system. With the increasing sophistication and scale of cyber threats, it’s clear that cybersecurity is a critical component of a safe and reliable supply chain.
In response to these escalating threats, the U.S. Transportation Security Administration (TSA) released the Rail Cybersecurity Mitigation Actions and Testing Directive in October, providing U.S. rail owners and operators with the following guidelines:
- Identify and monitor critical cyber systems to understand potential vulnerabilities.
- Develop strategies for network segmentation to ensure operational technology systems can run safely even if IT systems are compromised.
- Establish robust control measures to secure and prevent unauthorized access to the critical cyber systems.
- Implement continuous monitoring and detection policies to promptly identify cybersecurity threats and rectify anomalies affecting critical cyber system operations.
- Proactively and promptly apply security patches and updates for operating systems, applications, drivers, and firmware on critical cyber systems, using a risk-based methodology to reduce the risk of system vulnerabilities.
The increasing sophistication and interconnection of cyber-physical systems demand advanced security technologies like Extended Detection and Response (XDR). XDR, a unified cybersecurity approach, allows quicker detection, investigation, and response to security incidents. By integrating multiple security technologies into one system, XDR could significantly change the outcome of simulated experiments like Project Honeytrain. It would improve detection of hacking attempts, allow faster response, provide comprehensive visibility across all endpoints, facilitate proactive threat hunting, and adaptively learn from past incidents to bolster defenses.
Project Honeytrain was a milestone in understanding the vulnerabilities of railway systems to cyber attacks. However, since then, the nature of supply chain and rail attacks have changed significantly, with threats becoming more sophisticated and damaging. The application of advanced cybersecurity solutions like XDR is becoming increasingly important in safeguarding our vital rail infrastructure. As we journey into the future, the lessons learned from Project Honeytrain and the application of cutting-edge technologies will continue to guide our efforts in maintaining secure and efficient supply chains.