Many cybersecurity breaches are traced back to human error, from lack of compliance with security policies to configuration errors. Even the best-trained staff can be overwhelmed by the sheer volume of daily alerts that need to be tackled.
Karsten Oberle・Global Practice Lead Railway Nokia, Transportation, Energy, and Public Sector
This short news item about cybersecurity will surprise you. It’s easy to shrug it off, but it does make the point that cracking an organization’s cyber defenses doesn’t always take a sophisticated hack by a foreign government or crime syndicate. Many security breaches are traced back to human error, from lack of compliance with security policies to configuration errors. Even the best-trained staff can be overwhelmed by the sheer volume of daily alerts that need to be tackled. However, automation makes execution of repeatable actions without human intervention and orchestration chains possible, speeding up the investigation and mitigation of incidents.
Cracking an organization’s cyber defenses doesn’t always take a sophisticated hack by a foreign government or crime syndicate.
Cybersecurity is a growing issue for many railway operators as they adopt IP-based network technologies to deliver broadband coverage onboard and for mission-critical train control systems. That’s because these networks tend to be more open and more interconnected. The more parts of a railway communication infrastructure exposed to the internet, the more vulnerabilities might arise. Besides, there is a massive cybersecurity skillset shortage globally, rendering human-centric and manually intensive incident response strategies insufficient.
Consequently, railway communications security must be stepped up. Key capabilities to efficiently protect networks include:
Security automation that encompasses business processes.
Incident response plans.
Regulations and policies.
End-to-end security that encompasses network operations and processes.
Security analytics to correlate security-related information from across the network.
Devices and cloud layers to spot suspicious anomalies and provide insight into threats.
Multiple layers of encryption to protect network traffic.
Adding machine learning to the mix enables organizations to identify potential compromises by using threat intelligence information across the network, device, and cloud layers. Such a multi-layered and active defense-in-depth approach provides the right balance of costs with the protection needed to defend against today’s security threats.
The risks are hard to understate. In the U.S., cybersecurity is a serious economic and national threat with the U.S. Computer Emergency Readiness Team (US-CERT) creating a framework to support the protection of critical infrastructure. In Europe, the EU has proposed a cybersecurity strategy outlining its vision, clarifying roles and responsibilities, and defining actions required to protect citizens. In Asia, some governments have established national cybersecurity policies.
So, it’s only natural that railway operators need to deploy equally serious protection measures. Organizations must focus on
Ad Loading...
Detecting and mitigating new threats,
Reducing the vulnerable surface area,
Improving analytics to correlate data from multiple domains and to help identify suspicious, malicious, or inadvertent anomalies.
Combining threat intelligence data and security analytics makes it possible to detect threats and prescribe the appropriate response more effectively, providing strategic mitigation to strategic threats.
This way operators not only protect themselves against potential loss of revenue and the high costs of service restoration and passenger compensation, but they can build their brand as an operator that helps their passengers to spend worry-free, secure time onboard.
Karsten Oberle is Global Practice Lead within Transportation Sales in the Nokia TEPS (Transportation, Energy, and Public Sector) Division. To view a video about Nokia's cybersecurity for rail, click here.
Polis comprises cities and regions, as well as corporate partners, from across Europe, promoting the development and implementation of sustainable mobility. This year’s event had over a thousand attendees across various policy forums and an exhibition.
Across North America and beyond, transit agency officials are contending with a perfect storm of operational headaches and strategic challenges that hamper daily service and long-term progress.
Simply incentivizing electrification is not enough to make a meaningful impact; we must shift our focus toward prioritizing public transportation and infrastructure.
For many years, the narrative surrounding public transit improvements has been heavily weighted toward environmental gains and carbon reduction. While these are undeniably crucial long-term benefits, the immediate focus of this new funding environment is firmly on demonstrable system efficiencies and a clear return on investment.
The notion of agencies being over- or underfunded, I argued, doesn’t hold up. If an agency wants to turn up the heat — to grow beyond the status quo — it must demonstrate measurable value.
Some agencies might suggest they are funded in the public transportation space. Some complain that they are funded too little. I have never heard a public transportation executive proclaim that they are funded too much. And if no public agencies are funded too much, then, by definition, none are funded too little. To steal from Goldilocks’ thinking, they are all funded just right.
From East Asia to Europe, more than 400 exhibitors and 70 sessions tackled global mobility challenges — highlighting AI, automation, and urban transit equity in the race toward a carbon-free future.
A closer look at ridership trends, demographic shifts, and the broader impacts of service reductions reveals why maintaining, and even improving, bus service levels should be a top priority in 2025.
