Securing the Future of Rail: Cybersecurity Challenges and Mitigation Strategies

How can digital innovation transform the passenger experience, from booking to boarding and beyond? What are some specific technologies or strategies that could significantly enhance the journey?

Digital technology has the potential to bring together many unconnected entities to create a more “joined up” experience for the passenger’s entire journey – not just the part when they are seated on a train. To achieve this requires open data standards to allow many service providers to cooperate, it requires passengers to have a “destination” web or mobile app experience that brings together multiple services and it requires secure identity management to ensure that we can direct services to a specific passenger in a way that ensures that passenger’s data is secure. Services such as WiFi OpenRoaming can help to deliver that.

What are the primary cybersecurity challenges facing the rail industry today? How can rail operators and technology providers work together to mitigate these risks and protect sensitive passenger data?

The rail industry is constantly challenged by cyber attacks as are virtually all other businesses. As providers of critical infrastructure which employ many safety critical systems, rail operators need to constantly assess their cybersecurity posture as their systems, and external threats evolve. Implications of cybersecurity attacks can range from a disruption of online service (e.g. websites, apps or passenger services being unavailable or corrupted), disruption to rail services (e.g. due to a cyber attack on systems which are essential to the operation of the network), data loss or in the worst case, disruption of a safety critical onboard or trackside system. We see a large number of probing activities looking for weaknesses in any public facing system however, it is important to understand that public facing services such as websites, apps and public WiFi are only a few of the possible ways that infrastructure can be attacked. With a strong focus on continually updated protection on all systems in a rail environment also including legacy systems cyber-security can remain at the forefront and services hardened against attack. It is vitally important that rail operators work with their technology partners to fully understand all of their assets and the interconnectedness of their systems to avoid potential attack vectors being exposed.

How can rail companies strike a balance between embracing cutting-edge technologies and ensuring robust security measures? What are the key considerations for risk management and compliance?

It is important that rail operators take a holistic view of their entire onboard infrastructure. It is easy to focus on implementing a single solution to meet a single need without considering the impact on the entire system. We find that our customers get the best value out of their infrastructure when they work with us to develop a long term vision for what their onboard infrastructure will need to support, not only now but in the future, then ensure that the fundamental building blocks – onboard networks, onboard compute capability, train to ground communications and secure data management are implemented at the right scale and also with a view to future technology evolution.

What does the future of rail travel look like in a digitally connected world? How will emerging technologies like AI, IoT, and 5G shape the passenger experience and operational efficiency?

We have heard a lot about AI over the last year as services like ChatGPT have shown the incredible power that AI can now bring to assist or replace activities that would otherwise require a human. But however impressive these services are, AI promises to deliver far more transformative services –many will probably go unnoticed due to convenience. We now hardly notice that our camera phones take near perfect pictures without us trying or that our cars quietly correct our steering and braking. AI is already everywhere. AI is especially useful for making sense of huge amounts of data – and IoT devices are great at capturing information about every detail of an environment – such as a train or rail network. We can expect (and in fact already see) a proliferation of sensors and devices which can provide useful information in a rail environment. The challenge is currently a lack of standardisation around how those devices communicate and connect, securely, with wider networks. To fully leverage the capability of IoT will require trains to support secure, scalable onboard computer environments for “processing at the edge” and will require more robust and high capacity train to ground connectivity to push all that data back into the cloud. Achieving increased levels of connectivity will no doubt require a combination of cellular technologies such as 5G and beyond, and other mediums such as satellite and dedicated trackside radio networks.

How can partnerships between rail operators, technology providers, and government agencies accelerate digital transformation and drive innovation in the rail industry? What are the benefits of collaborative approaches to addressing common challenges?

As solution integrators, Nomad Digital often brings together both hardware and software from multiple vendors to meet the needs of our customers, giving them a complete solution.

There are no shortages of creative opportunities that can deliver innovation. The most critical way that government can help is to create an environment that offers operators and partners the stability to be confident to invest in innovation and invest in the underlying technology infrastructure needed to support it. Open data standards can be helpful, although it is often difficult for proposed standards to gain enough traction to make them truly resourceful. Nomad has always endeavoured to create digital platforms which allow third parties to deliver services as part of our solutions, without having to deal with the complexities of deploying on train hardware. Open computing, communications and data environments enable more innovative solutions to be deployed securely within an onboard environment.