Following the cyberattack on Denmark’s trains, Cervello’s CEO discusses the need to secure critical systems as threats are rising globally

Illustration of train station cybersecurity. Photo: BIGSTOCK/Copyright: TierneyMJ

Earlier this month, trains stopped in Denmark as a result of a cyberattack. Local media reported that all trains operated by DSB, the largest train operating company in the country, came to a standstill on Saturday morning, October 29th, and could not resume their journey for several hours.

And while this may sound like the work of a sophisticated threat actor, Security Week reported that it was actually the result of a security incident at Supeo, a Danish company that provides enterprise asset management solutions to railway companies, transportation infrastructure operators and public passenger authorities.

Supeo may have been targeted in a ransomware attack. The company has not shared any information, but a DSB representative told the media that it was an “economic crime”. The disruption to trains came after Supeo decided to shut down its servers because of the hacker attack. This led to a piece of software used by train drivers no longer working.

Threat actors attacking railways is not uncommon, with recent targets including Belarus, Italy, the UK, Israel and Iran. While researchers have shown that modern train systems are vulnerable to hackers, these recent attacks targeted websites, ticketing and other IT systems, rather than control systems.

In the United States, the Transportation Security Administration (TSA) recently issued a new directive whose goal is to improve the cybersecurity of railroad operations.

According to Roie Onn, Co-Founder and CEO of Cervello, Israeli rail cybersecurity Solution Company, "A rail company may not be able to prevent some attacks, such as the one against the DSB subcontractor, but it may be able to prevent the disruption it will cause to actual train operations.

“It is possible to ensure rail operations remain protected from supply chain attacks by implementing multiple measures, including comprehensive monitoring, contextual understanding of risks, and appropriate access control measures."

Onn adds that "Due to the significant financial impact that hours of public transportation delays can have on a nation’s economy, and the evolving ransomware threat to critical infrastructure worldwide, we at Cervello are witnessing a growing interest from governmental authorities and rail companies to secure their critical systems, for example, the recent release of the new TSA Security Directive for railroad carriers in the US.

“As a leading rail cybersecurity company, we deal with and see the rise of cyber threats against rail from the frontline, and it is clear that time is now of the essence."