In the first quarter of this year, hackers attacked ticket sales systems in Polish and Ukrainian railways. However, threats are also associated with attacks on power supply and traffic management systems. All such incidents have one goal – a smaller or larger paralysis of rail transport, which in the current geopolitical situation translates into strategic security. In many cases, the weakest link is still humans – either because they do not properly protect passwords and access to devices, or because the permissions granted to them are inadequately broad in relation to real needs.
– If we ask which systems are most at risk, this is a question that the railway must answer in silence and secure those systems that are most at risk, or those whose consequences after an attack will be the most severe. You can't show it directly, put it on the table and say: this is the greatest threat, because this is asking for this threat to grow even more dramatically. In other words, this lesson is being learned in rail transport, it is being learned very diligently – says to the Newseria agency Dr. Hab. Eng. Marek Pawlik, Deputy Director for Railway Interoperability at the Railway Institute.
Undoubtedly, cybercriminals have an advantage over people managing the security of systems in public entities, in that they are not obliged to operate within any legal framework. Offices, hospitals or railways cannot afford such freedom.
– We all have to act in accordance with public procurement law, ethically. Those who attack us don't care, they have funds made available through states or international organizations sponsoring such activities and any kind of resistance is completely left aside. On the other hand, we have either soulless software, various types of bots, or we have people who are absolutely convinced that they are at war and anything goes – admits the professor from the Railway Institute.
Earlier this year, the media reported that the Polish State Railways were facing an increase in hacker attacks on their ticket sales system. At the end of January, cybercriminals faked 100 million entries into the PKP Intercity ticket sales system in one hour, and experts believe that the purpose of such actions was not only to paralyze Polish railways, but also to attempt to obtain customer data.
– There are two common places of attack. One is power supply, because if there is no power, there will be nothing, and the second is transport, because if it is attacked, paralyzed, disabled for a longer period of time, then the economy immediately collapses, defense collapses, a whole range of elements of the functioning of the state in general collapses – the expert points out. – In the past, financial institutions were attacked the most, because adversaries wanted to obtain financial resources. Today, it is not like that, today we are dealing with attacks that are aimed at causing problems in the functioning of states.
The most telling example of this is the increase in attacks on railways in Ukraine. In late March, the Ukrainian state railways, Ukrzaliznytsia, reported that its internet systems had been hacked. For several days, it was impossible to buy tickets online for domestic and international connections.
From a practical perspective, the loophole that makes it easier for cybercriminals to carry out attacks is weak security measures or human error, which allows hackers to take over system management or install malware on devices.
– In the context of cybersecurity, the key is to give employees the permissions they need. What is often the Achilles heel is giving very broad permissions to people who do not need to use them at all, but are high in the hierarchy. The permissions must be very clearly separated and we must answer very precisely the question of who is responsible for what, what they are allowed to do, what they are allowed to do, and everything must be recorded – indicates Prof. Marek Pawlik.
High hopes for improving the effectiveness of protection against hacker attacks are associated with the possibilities offered by the use of quantum computers in the field of cybersecurity. According to experts, quantum computing will be a key factor in detecting cyberattacks at an early stage, before any serious damage is done. It will also likely be used to develop more robust cryptographic standards to provide stronger protection for digital data.
– Quantum computers will completely eliminate passwords. If today we have a password, say 12 or 14 characters, we can still sleep peacefully for a while, but in half a year we won't. Not only will banks want to have more authentication tools, but even an ordinary office employer will say: if you log in to me, you must also provide the code from the text message that I will send you, so that not only will they have to crack your password, but also steal your phone and make you not report it to me within a sufficiently short time. So multi-factor authentication will be the first thing that will happen after quantum computers – the expert predicts.
According to Cylus, an expert in cybersecurity, the number of hacker attacks on railway systems increased by 220% between 2017 and 2022. This is directly related to the increasing digitalization of rail transport.
