Sky News has learned that the UK railway network has suffered at least four major cyber attacks over the last year alone
And experts have warned that the digital systems controlling trains are vulnerable to hackers, who could cause injury or death in the real world.
Sergey Gordeychik, a security researcher at Kaspersky Lab in Moscow, has discovered several weaknesses in rail infrastructure.
He told Sky News: “Hackers can get access not only to simple things like online information boards or in-train entertainment, but also to computer systems which manage trains by itself, which manage signals, manage points, and in this case, if they have enough knowledge, then they can create real disaster related to train safety.”
The four recent attacks on UK rail were discovered by Darktrace, a private security company which guards much of the UK rail network.
Darktrace CTO Dave Palmer said “there is no such thing as perfect security – attacks are inevitable so companies should be ready to detect them and respond.”
“So they have access, they monitor, they collect intelligence but they don’t try to create a disaster. Why? I believe that they don’t have the order at the moment. But in case of any maybe warfare, it can be an option to use cyber weapon against civil infrastructure. And this is scary.”
As more devices are connected to the internet, digital attacks are leading to real world consequences.
In December last year, power stations in Ukraine were taken offline following a hack.
And, according to a report by Verizon, hackers took control of a water treatment plant, changing the chemical make up of the water.
Professor David Stupples, an electronic warfare expert, told Sky News that a deadly attack would remain tricky and so only appeal to those with extreme motivation.
“What we have to worry about is terrorism. Because the terrorist might want to attack the railway or indeed any of our infrastructure to cause death, mayhem, but also to make a name for themselves, make certain their terrorist organisation is known.”
Network Rail is introducing the European Rail Traffic Management (ERTMS) system to the UK, as part of its ‘digital railway’ plan to modernise signalling infrastructure.
“With ERTMS, when it comes in, terrorist organisations will start viewing this as a possible target,” Prof Stupples warned.
“As it rolls out across the country, it becomes more of a target.”
Network Rail said: “Britain has the safest major railway in Europe and cyber security is a key part of our plan for introducing digital train control technology.
“Safety is our top priority, which is why we work closely with government, the security services, our partners and suppliers in the rail industry and security specialists to combat cyber threats.”
A Department for Transport spokesperson said: “We keep rail security under constant review and we are working with industry to ensure that all risks to the rail network and other infrastructure are minimised.”
To Discover more about Darktrace, visit our Darktrace page