With potentially devastating disruption seen across both public and private networks in May, Kevin Bell from Bond Dickinson examines some of the threats to transport systems.
Transport networks are embracing digitalisation. IT systems are interconnected and can now control infrastructure, vehicle movement and signalling, as well as providing integrated rolling stock management systems.
Passenger requirements are also changing, with increased demand for on-board Wi-Fi and real-time personalised journey status updates, thereby linking corporate infrastructure to consumer devices. Massive sums of passenger data are collected and processed, including data which is very attractive to cyber criminals such as personal information (name and home addresses) and bank and payment card details. If these systems and the data residing on it are not adequately protected,they will be vulnerable and open to attack.
Research suggests that IT systems are likely to contain vulnerabilities due to a number of factors. This could be through insufficiencies in the design and development of a system, how it is configured, maintained and protected from intrusion. The increase in the number and type of vulnerabilities is inevitable as systems move away from bespoke standalone arrangements to open-platforms developed using off-the-shelf components. The connectivity of systems and devices to public and private networks leaves them exposed to the threat of cyberattack.
As digitalisation brings real benefits for both operators and passengers this inevitably opens up greater risks of cyberattack (as seen around the world in May). Threats can come from a number of sources, including direct contact with system infrastructure via a USB port, to unauthorised access to physical locations or a threat from within the organisation itself. Whilst many attacks are deliberate, non-deliberate security breaches caused by negligence or lack of knowledge should be included in cyber security measures and procedures.
Rolling stock and infrastructure owners, operators and manufacturers are required to protect the safety of their operations. Whilst the majority of cyber-crime may be to cause economic or financial damage, motives can vary from causing mild disruption, stealing data, causing reputational damage or, at its worst, causing death or injury.
Good cyber security within an organisation involves all levels of personnel within that organisation. Their full engagement is key to raising awareness of cyber risk and managing that risk by developing and supporting effective cyber security policies and procedures.
Our session at the UK Light Rail Conference in July aims to provide an overview of:
Kevin is a Partner at law firm Bond Dickinson, with experience in advising on heavy and light rail franchise and concessions bids, franchise mobilisations and related statutory transfer schemes, rolling stock leasing and a variety of commercial and regulatory matters.
He acts for a number of passenger rail operators and has also worked with for concession letting authorities and rolling stock manufacturers.
Kevin is a member of the Steering Group of the Transport Forum of the West & North Yorkshire Chamber of Commerce.
Photo by Blue Coat Photos / CC BY-SA 2.0
Share this news:
Leave a message: