The agreement comes against a backdrop of heightened concerns about the cybersecurity of rail transport networks in general, part of the country's critical national infrastructure and the target of not-infrequent attacks.
Rail networks rely on a combination of IT and operational technology components that rely on multiple suppliers and diverse technologies.
Sirar by stc did not immediately respond to Dark Reading's request for comment on priorities for its work with SAR, or whether or not it will use internationally-recognized cybersecurity assurance standards as a guide.
SAR is responsible for managing 4,500 kilometers of railway networks in Saudi Arabia.
Departure Board Railways face the challenge of aligning legacy tech with the latest innovations: introducing IoT signaling and communications technology increases operational efficiency.
Operational benefits from modern technologies comes with the downside of increasing the attack surface of networks.
Many systems, such as those for switching tracks and tracking train locations - often broadcast wirelessly without encryption.
Travel Chaos Recorded breaches have targeted digital signage, ticketing systems, monitoring systems, and other components in stations, leading to widespread service interruptions and data leaks.
Notable incidents include the attack on San Francisco-area transport provider BART by hacktivist group Anonymous in 2011, while in May 2017, Deutsche Bahn in Germany was hit by the WannaCry malware.
Also in March 2022, Italy's rail network was hit by a ransomware attack that impacted ticket sales, leaked passenger information, and disrupted rail communications.
In August 2023, hackers disrupted the rail network traffic around Szczecin in Poland after breaking into the railway frequencies used between drivers and signalers.
The hackers caused some trains to apply emergency brakes, and they also played recordings of Russia's national anthem and a speech by Russian President Vladimir Putin.
Rolling Stock Steps to secure rail infrastructure start with the same fundamentals as bolstering the cybersecurity of enterprise networks - such as conducting a comprehensive risk assessment, building in resilience, and developing disaster recovery plans.
Shaked Kafzan, co-founder and CTO of security vendor Cervello, says a successful cybersecurity approach for railroads should focus on threat and risk prevention rather than detection, starting with having complete and in-depth visibility into every system and asset across all environments, including real-time risks - all within the rail context.
This Cyber News was published on www.darkreading.com. Publication date: Fri, 26 Jan 2024 15:20:03 +0000