• Skip to primary navigation
  • Skip to main content
S2 Grupo

Spanish Company Specialized in Cybersecurity

  • Company
    • About Us
    • Governing Bodies
    • CSR
    • Awards and Acknowledgments
  • Specialization
    • OT Industry
    • IT
    • OT Health
  • Solutions
  • R&D+I
  • Talent
  • News & Publications
  • Contact
  • facebook
  • twitter
  • instagram
  • linkedin
|
en arrow down
  • es
© 2023 S2 Grupo
Corporate

What would be the consequences of a cyberattack on the railway sector?

The impact of a cyberattack on this sector could be, among others, an impact on its infrastructures that could cause physical damage, economic loss, reputational damage, damage to the environment, the Administration, people and society due to the termination of transport services, for example.
28 Oct 2021
  • Terrorist groups, state-sponsored groups, criminals interested in economic fraud, criminal organizations and citizens aware of the damage they can cause to an organization or to society as a whole by affecting essential services may be interested in attacking this type of infrastructure.
  • This information is taken from a study on cybersecurity in the railway sector carried out by S2 Grupo.

October 28, 2021.- S2 Grupo, a company specialized in cybersecurity and critical systems management, carried out a study on the cybersecurity of the railway sector, from which it is clear that one of the consequences of a cyber-attack on the sector could affect its OT (operations technology) systems.

Along with the new capabilities and benefits granted by the introduction of information and communication technologies in the railway sector, new security threats have appeared to the industrial control systems (ICS) essential for their operation.

“In all the processes that make up the railway transport system, from the operation of the railway infrastructure, the operation of vehicles for the transport of people or goods, or the construction of railway material itself, new technologies have been introduced to work more efficiently. And along with this, inevitably, the risks of becoming victims of cybercrime have increased”, explained José Rosell, managing partner of S2 Grupo.

“OT systems in the railway sector have become a very desirable target for cyber attackers as they are critical elements. This means that if they are affected, operations can be interrupted, damaging the continuity of an essential service such as transportation”, stated Miguel Ángel Juan, managing partner of S2 Grupo.

“Among those who may be interested in attacking this type of infrastructure are not only terrorist groups or state-sponsored groups, but also criminals interested in economic fraud. Criminal organizations, criminals from all over the world and even many citizens are aware of the weaknesses in ICS and the damage they can cause to an organization or to society as a whole by affecting essential services”, added Miguel A. Juan.

Technology and cyber risks in the railway sector

In the railway sector, new elements have been introduced for remote connection with vehicles for telemetry, maintenance and fleet management tasks, or the introduction of in-vehicle passenger entertainment systems, among others.

All this means that a vehicle is continuously communicating with the outside world, exchanging information with other components of the transportation system; which together with the complexity associated with the coordination of multiple participants (component manufacturers, constructors, operators, infrastructure managers ...), introduces new risks.

Some of these cybersecurity problems in the railway sector are:

  1. Lack of security in systems design - S2 Grupo has insisted that the cybersecurity of systems should be considered with an integrated IT/OT vision from the design phase. This allows for better results in protecting them and significantly reducing costs. When security measures are implemented a posteriori, their effectiveness is limited.
  2. The publication in Social Networks and other online environments of the description of certain infrastructure or railway vehicles that may contain sensitive information and, therefore, expose them to cybercriminals.
  3. The elimination of the equipment to be replaced must be done in a secure manner, because it could also contain sensitive information as in the case of the memories.
  4. The continuous connection of vehicles with the outside world.
  5. The use of operating systems such as Windows in their ICS and the poor segmentation of their IT and OY networks.

S2 Grupo has pointed out that some of the consequences of a cyberattack on the infrastructures that make up the railway sector could lead to physical damage, be it a direct impact on the users of the railway systems or damage to the infrastructures with an indirect impact on the population (loss of essential services). For this reason, the transport sector is considered a strategic sector by the Critical Infrastructure Protection Act (LPIC).

Other consequences could cause damage to companies in the form of economic losses, reputational damage, damage to the environment, to the Administration, to people, affect the route of a vehicle leading to a railway accident, and damage to society due to lack of essential services.

More information:

prensa@s2grupo.es

  • fb
  • tw
  • in
Related Articles
Show all →
Corporate
FastFix Project celebrates its first year of work
Read more →
Corporate
S2 Grupo awarded for its contribution to the cybersecurity in the industrial sector
Read more →
Corporate
S2 Grupo reinforces its cyberintelligence team with the creation of LAB52
Read more →

Follow us in our newsletter

Subscribe through your email to stay up to date

S2 Grupo
© 2023 S2 Grupo
  • Press Center
  • Legal Disclaimer
  • Privacy Policy
  • Cookie policy
S2 Grupo utiliza cookies propias y de terceros para permitir tu navegación, fines analíticos y para mostrarte publicidad personalizada en base a un perfil elaborado a partir de tus hábitos de navegación (por ejemplo, páginas visitadas). Clica aquí para acceder a nuestra Política de Cookies. Puedes aceptar todas las cookies pulsando el botón “ACEPTAR” o configurar o rechazar su uso pulsando el Botón “CONFIGURAR”
ConfigurarAceptar cookies
Manage consent

Resumen de Privacidad

Este sitio web utiliza cookies para mejorar su experiencia mientras navega por el sitio web. De estas, las cookies que se clasifican como necesarias se almacenan en su navegador, ya que son esenciales para el funcionamiento de las funcionalidades básicas del sitio web. También utilizamos cookies de terceros que nos ayudan a analizar y comprender cómo utiliza este sitio web. Estas cookies se almacenarán en su navegador solo con su consentimiento. También tiene la opción de optar por no recibir estas cookies. Pero la exclusión voluntaria de algunas de estas cookies puede afectar su experiencia de navegación.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
CookieDurationDescription
pll_language1 yearThe pll _language cookie is used by Polylang to remember the language selected by the user when returning to the website, and also to get the language information when not available in another way.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Necessary
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
_GRECAPTCHA6 monthsThis cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
cookielawinfo-checkbox-analytics1 yearSet by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Analytics" category .
cookielawinfo-checkbox-functional1 yearThe cookie is set by the GDPR Cookie Consent plugin to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necesaria1 yearSet by the GDPR Cookie Consent plugin to store the user consent for cookies in the category "Necessary".
CookieLawInfoConsent1 yearRecords the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
SAVE & ACCEPT
Powered by CookieYes Logo