Cybersecurity challenges and digitalisation of the railway

Published: Posted on


Cybersecurity Awareness Month in the US, also known in the EU as European Cyber Security Month is all about highlighting the importance of cybersecurity in everyday life, and little changes we can each undertake to protect ourselves.

We should also take the opportunity to think about how we can improve the cybersecurity of society. At the University of Birmingham, we are researching and engaging with leading industrial partners to improve the cybersecurity of the rail network. Today, the UK rail network operates with line-side signals, similar to traffic lights, which inform the driver of the train whether they can proceed. This has largely remained unchanged for a number of decades, limiting capacity on train lines and the speed that trains can go.

The rail sector is undergoing a major digital transformation from this old, Victorian-era system to digital, advanced, in-cab solutions, which allows trains to run at higher speeds, closer together using a technology known as moving block signalling, and relieves congestion through traffic optimisation.

A key cybersecurity challenge that is presented to industrial sectors, including rail, is the operational lifespan of these new systems. Commodity hardware, for example our smartphones, are designed with lifespans measured in the orders of years, whereas these industrial systems may be in-situ for a number of decades. The cybersecurity landscape is constantly evolving, where systems designed and deployed today in industrial settings must be resilient to new attacks and adversarial capabilities. As time progresses, what may have been difficult to compromise might become easier and cheaper. When designing and maintaining these systems, we have to consider not only what an adversary is capable of today, but also anticipate what might be possible, and dedicate efforts to make the system as resilient as possible.

Why is this important? The European Rail Traffic Management System (ERTMS) is being deployed as part of the UK Digital Railway programme, which will provide significant benefits. Given that ERTMS will be deployed for at least 20-30 years, we need to consider the threats that could arise in its lifespan, which could have an impact on the safe operation of the railway. Working with the Birmingham Centre for Cybersecurity and Privacy, we have reviewed the cybersecurity of the ERTMS standards to raise awareness of future threats.

This is an exciting time for the digitalisation of our railways, but something that we have to keep in mind, both today and for the future is the impact that cybersecurity can have on safety. Safety and Security should be part of the design and maintenance lifecycle, reviewed regularly and considered.

Dr. Richard Thomas
UKRRIN Industrial Fellow in Data Integration and Cybersecurity

Find out more:

You can read more about our research in data integration and cybersecurity on our website. 

Read about the UKRRIN Centre of Excellence in Digital Systems.


Leave a Reply

Your email address will not be published. Required fields are marked *