Rail cyber security specialist, RazorSecure, launches the RazorSecure Security Gateway: a cyber-security barrier that can be deployed across complex rail networks to mitigate the risk of cyber-attacks.
Rail companies across Europe have been working to adequately address the risks of cyber-attacks on infrastructure or rolling stock following the implementation of the NIS Directive across the European Union and the subsequent deployment of EN62433 standards for security capabilities for control systems and components. cyber security standards have historically focused on protecting data rather than security control systems, meaning parts of the rail industry were vulnerable to attacks.
The RazorSecure solution – built for the rail industry
RazorSecure’s Security Gateway platform was designed specifically for the unique challenges faced by the rail industry and helps train manufacturers and operators implement new measures to assure digital safety across their fleets, including the ability to:
- Separate critical networks and analyze traffic in real-time
- Prevent unauthorized network access
- Ensure all network communication is controlled and permitted
- Aggregate cyber security data for fleet monitoring in real-time
- Maintain a consistent and powerful security profile for the entire life of assets
Security Gateway from RazorSecure is designed to be flexible for future deployment of new technologies and protocols and is fully configurable with a range of different virtual machines to identify, protect, detect, and respond to new threats across an entire rail fleet.
Alex Cowan, CEO of RazorSecure comments: “The rail industry is taking the issue of detecting cyber intrusion extremely seriously since the consequences of a hacking incident could be catastrophic. Historically the demarcation between a critical network and (for instance) passenger Wi-Fi networks have been blurred. Security Gateway has been built to address this issue, delivering management control to rail operators and manufacturers that are simple to deploy and operate.” Security Gateway was developed to separate critical control networks and prevent attackers from gaining uncontrolled access
Most information flow in rail networks involves communications from operational technology (OT) control systems to operate and comfort systems onboard the train. Enforcing separation between networks is a key requirement of an effective security strategy in the industry. The Security Gateway was developed to separate critical control networks and prevent attackers from gaining uncontrolled access across the entire rail network, thus ensuring compliance with EN62443 and TS50701.
Security Gateway as a barrier between networks
Acting as a barrier between key areas of a rolling-stock network; the Security Gateway is used to maintain the integrity of rail operations, by detecting threats to safety-critical systems. If a hacker were to gain control of a compromised device, such as a video surveillance camera, the Security Gateway would make it impossible for them to use that to access the wider network. This removes the ability to take control of a safety-critical network.
“Although cyber security is a clear safety risk, there is a lack of suitable solutions to protect safety-critical systems from cyber-threats. This led us to develop the RazorSecure Security Gateway as a direct response to the feedback we had from train manufacturers, owners, operators, and the standards bodies,” continues Cowan.
Covering on-board and trackside applications
Since its launch in 2015, RazorSecure has provided cyber security solutions for the rail industry, covering both onboard and trackside applications. While working with foremost rail companies, including Northern Trains, RazorSecure has filled a critical role within rail cyber security by providing a flexible approach that connects directly to the unique requirements of the rail industry and covers the distinct cyber risks present throughout a large attack surface across the modern digital train fleet’s network infrastructure.
The RazorSecure Security Gateway is part of a range of cyber security solutions for rail. When deployed alongside the RazorSecure Delta software, the Security Gateway is augmented with anomaly detection that continuously monitors the train’s network and can signal when a cyber-security threat is taking place.