In a recent survey, US and European travelers claimed to have cut back on flights in the past year due to environmental concerns.  J.Starcic/METRO Magazine

With airline travel in the crosshairs of environmental proponents, the "flight shaming" movement is just taking off, but it’s already making an impact. In a recent survey of over 6,000 US and European travelers, 21% claimed to have cut back on flights in the past year due to environmental concerns.

Though the initiative has airlines rightly concerned, the movement’s accelerating success does have the potential to be a major boon for other modes of transportation — in particular, the railways.

'Flight Shaming' Takes Off — Rail Reaps Rewards
Trains have always been the greener option, but in recent years, the industry has doubled down on its embrace of climate-conscious tech including solar, electric and hydrogen high-speed technologies, making trains an even greener alternative.
Governments are getting on board as well. Germany recently announced plans to nearly double taxes on short-haul flights, while at the same time cutting the tariffs on train tickets by more than half. At the same time, Austria’s state railway placed an order for 13 new sleeper cars to meet the growing demand for overnight rail as a replacement to air travel. In Hong Kong, Cathay Pacific may face stiff competition from a newly completed high-speed rail link to the mainland.

Railway Cyber Threats Still Loom Large
This growing focus on train travel comes exactly as railways become increasingly modernized by adopting an array of connected technologies, enhancing aging legacy signaling systems and improving efficiency and customer service. However, while these digital advancements keep the trains running on time and make train travel more streamlined, comfortable and enjoyable for an ever-growing number of passengers, they also have a potential downside: a plethora of new cyber risks.

Indeed, the rail industry has already weathered its share of cyber scares. Though none resulted in major or lasting damage, these close calls have hinted at the possible risks. In January 2018, the Ontario railway Metrolinx was forced to act quickly in order to thwart a reported cyber-attack originating in North Korea. Between 2015 and 2016, it was reported that the UK’s national rail system fended off numerous intrusions by hackers exploring its vulnerabilities. In 2017, during the devastating WannaCry ransomware attacks, Deutsche Bahn’s scheduling and information systems were “thrown into chaos” according to reports. Several other high-profile attacks on railways and metros have also made the headlines, from San Francisco and beyond, rightfully causing rail executives concern.Railways’ rapid adoption of more automated, connected and wireless technologies increasingly exposes critical assets to the threat of cyber-attacks. Control systems, remote monitoring and maintenance and even passenger WiFi can all offer would-be hackers a potential foothold to breach the network. Such attacks carry the potential to threaten passenger safety, disrupt service, and cause severe economic and reputational damage.

Just a Few Transit Hacks Could Derail Progress
While rail has yet to experience a full-scale cyber-attack, the threat of such attacks is only rising. Worrying? One only has to look at analyses in the wake of high-profile transportation disasters to fully grasp even less obvious ramifications of the threat. For example, a study of the aftermath of New York’s tragic 9/11 airline hijackings identified a sudden and pronounced ridership dip in US air travel. The study also observed a corresponding rise in deaths for months following the tragic incident from automobile accidents. In the wake of a major railway cyber-attack, would-be rail passengers might opt for transportation options that feel safer, but actually pose much greater risks.

Railway Cybersecurity is Imperative
To protect both the environment and passengers, maintaining the present stellar reputation of rail as safe and eco-friendly is imperative.

That means, among other steps, fortifying and improving railway cybersecurity. Because until railway cybersecurity can be guaranteed, the current trend of digitalization in rail, as well as its popular and public support, could be stopped in its tracks by just a few cyber incidents. Indeed, cybersecurity actually enables digitalization in rail to meet its full potential, allowing passengers to enjoy all the upgraded, digitized, connected services that come with modern train travel such as WiFi, public transportation apps and more. Luckily, both private and public sector stakeholders are beginning to grasp the scope of the issue.

The United Kingdom announced soon after the EU directive that organizations providing critical services like transport that fail to enforce strong cyber safeguards of their own could face fines in the tens of millions of pounds. Across the pond in the United States, the Transportation Security Administration (TSA) has spearheaded initiatives to share information on cybersecurity with smaller rail operators on the frontlines.At the vanguard of these efforts are lawmakers in the European Union. Recent regulations like the EU’s Network & Information Security (NIS) Directive mandate comprehensive cyber protections, stipulating steep fines for rail operators lacking compliance. EU member states were given until May of last year to use the directive to pen nationwide regulations and protocols for achieving “a high common level of security of network and information systems.”

With the world clamoring for both safe and sustainable options for travel, rail is perfectly poised to deliver. Yet, doing so also means addressing critical issues such as cybersecurity. Securing railways against the mounting threat of cyber-attacks not only promises to save passengers’ lives — but to bolster the efforts to save our environment as well.

Amir Levintal is the CEO of Cylus, a global leader in rail and metro cybersecurity.