UK rail network hit by multiple cyber attacks last year

Railway train
Hackers could have disrupted train lines and even caused trains to derail, researchers said. Credit: PA

The UK railway network was the victim of at least four major cyber attacks in the last 12 months, according to a private security company that works with the network. 

The attacks were discovered by Darktrace, a British cybersecurity startup that is responsible for defending most of the UK's railway network. 

Dave Palmer, the chief technology officer of Darktrace, said: "In an era of imperfect defences and increasingly complex networks, determined threats can always get in. Today, all businesses can be affected, regardless of size or sector." 

The attackers appeared to be exploring the computer systems and didn't actively attempt to disrupt anything. 

It's not clear who was behind the attacks, but it could have been nation state attackers conducting surveillance exercises as part of "cyber espionage", which involves entering computer systems that deal with government data and critical infrastructure to gather information. 

Sergey Gordeychik, a security researcher at Kaspersky Lab in Moscow, told The Telegraph that hackers could cause "mayhem" if they managed to gain access to the railway network.

He said research had demonstrated how network access could be used to change the behaviour of the trains across the globe, including traffic lights and points.

"They could change the points when a train passes over it," he explained. "Trains could go off the rails and this could cause a crash.

"At the moment, drivers know not to go on busy lines because traffic lights direct them, but if somebody can change this behaviour and make the lights green, trains can collide. That would cause mayhem."

Gordeychik said the problem was particularly acute on high-speed lines, where hackers could change the speed limit, also resulting in trains being run off the tracks.

When asked who might target trains, he said: "At the moment we see a lot of activities from state-sponsored attackers. They believe this is a type of cyber war, which is already going on. They just look to find information but don’t try to do something actively at the moment."

But he admitted that train systems in general are designed in a safe way, adding: "Railway operators are investing in tighter security."

Network Rail, which is not a Darktrace customer, said cybersecurity was a "key part" in their plan to introduce digital train control technology.

A spokesman added: "Britain has the safest major railway in Europe... safety is our top priority, which is why we work closely with government, the security services, our partners and suppliers in the rail industry and security specialists to combat cyber threats.

"Digital in-cab signalling is used safely and effectively by dozens of countries in Europe and around the world and is similar to technology already in use on the Tube and other metro systems in this country."

Backed by Mike Lynch, Darktrace last week announced an extra $65 million in funding from New York private equity firm KKR. Run by ex-intelligence experts from GCHQ and MI5, its customers include BT and Drax Power Station. 

 

License this content