The European Rail Traffic Management System that is being rolled out in the UK might be an easy target for cyber criminals, an expert has warned. City University Professor, David Stupples, said the system, designed to improve railway interoperability and safety across the continent, could be breached by hackers seeking to wreak havoc on the railways. The major concern, he said, is malicious software that could be inserted into the system, possibly even by an insider, to cause trains to crash. “It’s the clever malware that actually alters the way the train will respond,” Stupples said. “So, it will perhaps tell the system the train is slowing down, when it’s speeding up.”
According to the cyber security expert, government ministers are aware of the risks and are investigating what security measures should be taken. “Safeguards are going in, in secret, but it’s always possible to get around them,” Stupples warned.
“The weakness is getting malware into the system by employees. Either because they are dissatisfied or being bribed or coerced.” The European Rail Traffic Management System (ERTMS) will replace traditional railway signals with a computer display inside every train cab. The computer will be able to take care of the speed and movement of the train while considering other trains in the vicinity.
First trials of the ERTMS in the UK commenced in 2008. Network Rail is in charge of the roll out, with the system expected to be fully operational by the 2020s.
“We know that the risk (of a cyber attack) will increase as we continue to roll out digital technology across the network,” a Network Rail spokesman said. “We work closely with government, the security services, our partners and suppliers in the rail industry and external cyber-security specialists to understand the threat to our systems and make sure we have the right controls in place.”