Critical infrastructure protection is a highly complex, multi-faceted cyber security problem. As various industries mature, and adopt increased use of IT for automation and more intelligent services, the potential for cyber attack increases. In this case, as UK upgrades its transportation infrastructure, its increased use of software is raising cyber security concerns because it is relatively trivial for malware to cause trains to crash:
From the Department of Transport in the UK, there has been the following comment on the recent concerns:
“We know that the risk [of a cyber-attack] will increase as we continue to roll out the digital technology across the network. We work closely with government, the security services, our partners and suppliers in the rail industry and external cyber security specialists to understand the threat to our systems and make sure we have the right controls in place. It is the smart malware [malicious software] that alters the way the train will respond. So, it will perhaps tell the system the train is slowing down when it is speeding up. Governments are not complacent, individual ministers know this is possible, and they are worried about it. Safeguards are going in, in secret, but it is always possible to get around them. We keep security arrangements under constant review to take account of the threat and any new challenges we face.”
It is worth stating that the same system planned to be installed in the United Kingdom will be expanded and it will stretch all over the European Union. The estimated year in which all the systems will be replaced with this upgrade is 2020; by this time, adequate improvements need to have taken place for the safety of all passengers.
Stuxnet already proved that a disconnected network is not safe. Proper cyber security controls need to be built into the network so its adequately protected from multiple forms of attack.