TÜV NORD GROUP, 철도 운영 및 유지관리를 제공합니다.

1월 2022: TÜV NORD GROUP 은 철도 서비스 분야의 풍부한 경험과 노하우를 가진 믿을 수 있는 파트너입니다.

TÜV NORD의 철도 기술 전문가들은 철도 애플리케이션의 악성코드와 해커를 방지하기 위해 체계적으로 관리하고 있습니다.

TÜV NORD 전문가는 철도 관련 시스템에 대한 광범위한 경험을 보유하고 있으며, 이를 바탕으로 고객의 위험을 파악할 수 있습니다.

IT 보안 전문가는 포괄적인 평가부터 시작하여, 고객의 보안 목표를 확인하고 철도 관련 시스템의 위험, 취약성 및 잠재성을 알아낼 수 있습니다. 

이를 통해 식별된 위험성을 개선하기 위해, 보호 조치를 취하고 체계적인 보안 조치 목록과 신속한 실행을 제공하며 고객의 정보를 관리합니다.

Faster, more reliable and safer – such are the promises held out by the increasing digitalisation of the railways. At the same time, however, this is increasing the risk of cyber-attacks.

 

In the light of the digitalisation of rail traffic, railway technology experts at TÜV NORD are calling for intensive protective measures against malware and hackers. A crucial role in demonstrating IT security will be played by appropriately certified products. However, Gernot Krage, hardware and software expert for railway technology at TÜV NORD, notes that the development of “verifiable IT security is progressing very slowly, at least for railway vehicles”. The standards which govern this area are still vague in many aspects, and there are hardly any specific instructions. “There is still a great deal of room for interpretation. And, in cases of doubt, this can lead some manufacturers to opt for the more cost-effective and, therefore, comparatively non-secure solution,” Mr Krage warns.

Firewall? More like a sieve

According to the railway technology expert, security must not be based solely on a firewall, because, in contrast to a physical fire protection wall, the virtual counterpart is actually quite porous. “Each individual device must have its own protective measures to guard it against malware,” says Gernot Krage. What this means is that it must offer protection, on the one hand, against the deliberate installation of malware by cybercriminals and, on the other, against the infection of the system by, for example, the unintentional installation of malware by authorised personnel. Once part of the system is infected, the malware can spread virally through the network. “At the end of the day, it’s the totality of the individual measures that makes for IT security,” Mr Krage explains. “This makes the system very complex and, if you really want to get it right, costly too.”

Less specialised components with security vulnerabilities

For many years, the railway was a closed system, but digitalisation is now making that system vulnerable. In the meantime, the electronic components developed exclusively for railway applications are increasingly being joined by ever greater numbers of components that are also used in other systems. In some cases, such components are also used for data communication and software in mass-produced goods. “However, these components may contain vulnerabilities that can become a gateway for hackers or malware,” Gernot Krage explains. “The software also often has a variety of functionalities which aren’t necessary for the specific application. But if these aren’t switched off, this opens up vulnerable new flanks for the hackers to attack,” the expert continues.

The dangers lurking behind connectivity

It is in digital connectivity that the expert sees another grave security risk. For example, the Wi-Fi available to passengers during their journey should always be adequately separated from the control technology. Failure to do so will increase the risk of disruption to or manipulation of security-relevant systems. The more vehicles and train control systems are networked with each other, the greater the risk that a gateway in one component will ultimately result in a completely different one being taken down. The risks might include the manipulation of a train brake or the paralysis of an entire traffic control system in a compromised digital signal box.

Digital connectivity creating new gateways for hackers

Are the dangers exaggerated? The “WannaCry” Trojan did show that the railway system is vulnerable, albeit, in this case, at a fairly harmless point in the system. In 2017, it shut down a lot of the display boards and ticket machines operated by Deutsche Bahn. “It would be much more dangerous if hackers were to succeed in directly manipulating safety-relevant systems like the brakes,” Gernot Krage says. “This isn’t easy, because, as well as knowing how to get into the system, once you’re there you also have to know exactly what you need to do to trigger specific malfunctions. But hackers are learning all the time, and everything is becoming ever more connected. Which is why we need appropriate protective measures to ward off possible attacks, and these must not be limited to data transmission but must also include the security of the systems themselves and the applications running on them.”

The German Federal Ministry of Transport plans to push ahead with the digitalisation of the German railway system in the next few years. By 2023, the intention is for trains to be localised via radio and transponders on just under 2,100 of the 33,000 kilometres of railway line in Germany, and the signalling technology is to be converted accordingly.

TÜV NORD KoreaGeneral Contact
tnk@tuv-nord.com
+82 2 2188 0045
+82 2 556 3065