Ken Munro will be presenting: Railways and cyber risks. Fix OT to keep hackers out
The common purpose of OT / ICS / IIoT is to enable industrial ‘things’. Gartner’s description of OT nails it “…hardware and software that detects or causes a change, through the direct monitoring and/or control of industrial equipment, assets, processes and events.”
The consequence of rolling stock getting smarter is that it introduces new risks. With new risks comes the need to understand and mitigate against them. We’re not in the dark here as we can we learn from some of the facepalm security moments in IoT to prevent similar issues in connected OT.
We’re already seeing PLC cloud management platforms with vulnerabilities, but what about rail specific technology like ETB, PIS, TCMS, and related remote access? Remote start, CCTV, remote diagnostics and much more provide avenues for hackers if they’re not rolled out securely.
In much the same way as the aviation and maritime sectors have struggled with new security risks created by using connected tech in aeroplanes and ships, rail is heading in a similar direction. The challenge we have is to get ahead of the change curve and embed security before it becomes troublesome.