The networks on board rolling stock, and across rail infrastructure have witnessed an evolution throughout the years. For many rail operators, current cyber security efforts are now heavily influenced by the convergence of OT and IT systems. Digitalisation increases efficiency, and the new connectivity of OT and IT is providing obvious benefits to operational processes, reliability, safety and profitability.
However, there are many cyber security risks resulting from OT and IT convergence that are threatening the newly connected operations. New IP-enabled devices are being added to a network that already contains a diverse group of technologies of different ages, and previously air gapped systems that now communicate directly with each other.
We know that this has increased the threat landscape with new attack vectors on rolling stock; but this increased cyber risk is not simply because of the exploitability of new IP-enabled devices. It is also due to a basic lack of visibility of every connected device to begin with. Rail operators are now struggling to keep an accurate inventory of the assets. How can they hope to secure a network without having a detailed inventory of devices?
The process of protecting rail therefore starts with asset discovery, creating full visibility and a baseline understanding of all systems and devices present on the network. Once we uncover these devices, we can record more granular information such as firmware version, status, IP address or bandwidth usage.
However, there are many challenges in conducting asset discovery in a rail environment. Rolling stock networks can consist of a diverse group of technologies of different ages, which could have an operating life of 10 to 30 years. It is therefore essential that cyber security tools must be able to maintain visibility, and protection, for the entire life of the asset.
Existing enterprise solutions cannot be applied to a rail environment successfully; which needs more flexibility to be deployed in a variety of areas. In contrast to a static enterprise environment, there is unlikely to be a single location within rolling-stock to capture the required data about the network. To ensure you gain coverage of the entire network, rail operators need a solution that provides flexibility in how and where the software is deployed.
Asset management, including discovery and inventory, is the first step for ensuring operational continuity, reliability, and safety. For many rail operators, especially in the US and EU, the motivation to build a cyber security programme starts from a growing range of regulatory and compliance requirements. In most key cyber security standards and frameworks, requirements exist for operators of critical infrastructure to be able to define cyber security risks and show that they can monitor them. The NIST regulation, in particular, lists five core functions for cyber security risk management, with the first being ‘Identify’. The ‘Identify’ core requirement states organisations must develop an understanding of their environment to manage cybersecurity risk to systems, assets, data and capabilities. A rail cyber security strategy therefore must be based on a complete asset inventory in order to effectively protect the operational infrastructure from ongoing cyber security threats.
Having visibility and a complete overview of your environment enables you to maintain a good cyber security posture. An accurate asset inventory helps reduce the amount of time required to effectively manage cyber risks and incident responses. If rail operators know the assets they have in their environment, it enables them to conduct more effective vulnerability and risk analyses to prepare that will provide critical information for a better cyber security strategy. With the new vulnerabilities developing every day, it is becoming more and more important to know the assets better than the threat actor does. If you are not able to identify weak spots, it is impossible to protect yourself from every threat. You cannot secure what you can’t see.
The importance of maintaining an asset inventory becomes greater, the larger and more complex the network gets. Assets and their communications should be monitored and visualized in a network map or hierarchy structure. This provides a holistic understanding of which devices sit in which part of the network, and how they are connected to each other.
However, asset discovery shouldn’t be just a cyber security use case. Operators can benefit from the great operational efficiency it can add. With a ‘single point of truth’ view of the network, operators can make better data-driven proactive, and reactive, decisions based on accurate feedback in real-time. This could ensure potential failures are detected early and can be dealt with before they result in significant operational disruption.
When approaching rail cyber security, it begins with a fundamental challenge, if you don’t know what is connected to your network then you can’t secure it; a network is only as strong as its weakest link.
Operators need to be able to leverage network information to make decisions and take actions that are critical to the management of their fleet. RazorSecure’s railway asset discovery capabilities are built into our software that provides continuous visibility and mapping of your entire network, giving you the necessary information needed to stay in control and make informed decisions based on accurate real-time network data.
With different deployment modes giving flexibility in how, and where the software is deployed, RazorSecure excels in safety critical environments within rail; that contains assets that need to be covered for as long as they are functionable.