Menu

New Technology Aims To Stop Cyberattacks That Bring Trains To A Halt

Trains’ long lifetimes leave them vulnerable to sophisticated attacks.

In the past it was leaves on the track or too much rain or snow that was blamed for delayed services on the trains. In the last few years, a whole new problem has emerged — cyberattack.

When a cyberattack blamed on an Iranian opposition group in July stopped all passenger and freight trains in the country, the technological assault was far more devastating than bad weather or a late driver.

Iran isn’t the only country at risk. In the UK in July, a ransomware attack targeted the self-ticketing terminals at Northern Railway. Other malware, ransomware, DDoS attacks and data breach attacks have happened in the United States, South Korea, South Africa and across Europe over the last seven years, costing hundreds of millions of dollars and putting the lives of many at risk.

No one can afford to ignore the dangers anymore. And that’s where Israeli rail cybersecurity startup, Cylus, comes in.

“Unlike cars, which will only become autonomous in a few years, trains are already autonomous today. It’s a process that began some 15 years ago,” said Amir Levintal, the co-founder and CEO of Cylus, which is working with rail companies all over the world.

Cylus co-founder and CEO Amir Levintal. He says rail systems were designed to maximize safety, not security. (Omer Hacohen)

Levintal started Cylus after completing prolonged military service in an elite technological unit of the Intelligence Corps. Upon his discharge, he and fellow co-founder Miki Shifman looked to apply their professional know-how to industries still lacking in the cybersecurity aspect and landed upon one of the most veteran industries of the modern world: trains.

“When we looked at this industry, we understood that it underwent a real revolution in terms of digitalization, but that there’s no player in the world that’s protecting these systems,” Levintal said.

“We decided that with our background, which is very suitable for the defense of complex systems, we’d be suitable for this industry.”

Communication systems in motion

Cylus protects and continuously monitors the operational network of the rail system to detect any malicious activities that might harm or impact the safety, continuity and service availability of trains, Levintal said.

“We connect in a safe way and monitor all the traffic and operational communication between the different systems. Using machine-learning and AI, we’re able to identify anomalies within these networks that represent the attacker who’s inside the network. This way we manage to identify the attacker in real-time.”

He said Cylus developed unique technologies and developed algorithms that combine an understanding of cyber and an understanding of the rail business.

The Cylus teams works on technologies that combine cybersecurity and rail business logic. (Omer Hacohen)

“Trains are data centers that are always on the go,” Levintal said.

“They’re communication systems in motion — they move from station to station and each time need to connect anew to another station. That’s why the technology is very complex and different from any other industry. You need to understand not only the technology but also how trains work.”

Serving rail companies worldwide

Since 2017, Tel Aviv-based Cylus has grown into a 50-person company and completed two funding rounds, including one in 2020 involving Alstom, a leading French rail manufacturer.

Cylus serves clients across the United States, Europe, the Asia-Pacific region, in addition to Israel.

Levintal said that the last few years have seen a sharp rise in rail cyberattacks worldwide.

“In terms of numbers, there were dozens of attacks in 2020, and probably even more in 2021,” he said.

“There have been attacks on rail service, on ticketing networks, ransomwares — really all kinds of attacks. We see that the attacks are becoming more intrusive, that they’re harming operational areas relating to safety.”

Among other things, a hacker could even take control of a train, it’s speed and direction.

Maximizing security

A rendering of the Cylus dashboard that enables the continuous monitoring of the rail system’s operational network. (Courtesy of Cylus)

Levintal said rail systems were designed to maximize safety, not security. They weren’t pre-planned to deal with cyberattacks.

“Because the lifetime of a train is 30 years, even if the rail systems were updated to deal with cyber and were changed along the years, the attacker’s abilities also change, and then a gap grows between the attacker’s abilities and the systems themselves. The cyberattacker gets more and more resources, but the systems stay static.”

Continuous monitoring is needed to recognize a cyber intruder and sound the alarm, he said.

“There’s an awareness of this need, and that’s why we’re experiencing a very sharp rise in our business activities and our work with customers.”

Cylus, he said, plans to continue expanding its activities geographically as well as in terms of the types of rail companies that it works with, such as urban, mainline, interstate, passenger and freight.

“I’m afraid that there can be events that in one day can broadly hit whole countries, like what we saw in Iran,” he said. “If the rail companies don’t protect themselves ahead of time, it could cause a real transportation problem for people and goods.”

For more information, click here

New Technology Aims To Stop Cyberattacks That Bring Trains To A Halt appeared first on Israel21C.

Edited by Judith Isacoff and Kristen Butler

CORRECTION: August 24, 2021 10:10 a.m.

An earlier version of this article incorrectly stated that since 2018 Cylus had grown into a 40-person company. It was in fact founded in 2017, and is now a 50-person company.