"Trains, planes, and ships all utilize equipment with long lifespans – sometimes more than 30 years. Although all these legacy systems were built with physical safety in mind, cybersecurity was never factored into the equation, leaving them vulnerable to attacks."
The world has come leaps and bounds lately, with technology like the internet and mobile phone as we know them going from literally non-existent to ubiquitous in a couple of decades.
While those advances brought an insurmountable degree of comfort and convenience, they also added remote security problems that very few people foresaw -- and even fewer were ready for. To talk about this crucial topic that many are unfamiliar with, we sat down for an interview with Amir Levintal, Chief Executive Officer of Cylus in Israel.
First off, a bit of background: How did you start your current career path, what does your position as CEO of Cylus entail?
I have over twenty years of experience in cyber defense management. I previously served as the Director of the Cyber R&D Division of the Israel Defense Force’s Elite Technological Unit, which entailed managing highly skilled teams developing cybersecurity, software, and hardware projects.
Following my military service, my co-founder Miki Shifman – also from an elite tech unit in the IDF – and I set our sights on rail. We wanted to apply our cybersecurity expertise to help protect an industry that was still extremely vulnerable to cyber-attacks – and we found that in the rail industry. Train safety and security are vital to a country’s economy and the lives of its citizens. In recent years, the rail industry has undergone a transformation. New, connected technologies have been introduced to improve safety, efficiency and service availability of our trains and metros, but this growing connectivity has also increased attack vectors, exposing railways to cyber-attacks. Cylus was founded as a result of this emerging phenomenon: to protect railways from growing cyber threats by detecting and putting a stop to malicious activity in rail operational and signalling networks before any harm is done.
As CEO of Cylus, it’s my job to balance long-term business strategy with helping rail operators gain access to solutions to manage imminent risks. I aim to achieve this balance, in order to oversee the development of our solutions, which are built from the ground up to meet the unique needs of the rail industry, while building a sustainable company.
How has the rail industry changed since you started working in it? What about the transport sector in general?
A recent IBM report found that 13% of cyber-attacks target the transportation sector, making it the second-most targeted industry in 2018 — a dramatic rise from its spot at 10th place in 2017.
Although rail has long been the safest mode of transportation, as the industry continues to adopt more automated, wireless, and connected technologies – both trackside and onboard – critical assets are increasingly exposed to malicious cyber-attacks. These attacks have the potential to threaten passenger safety, disrupt service, and cause severe economic and reputational damage. Over the past several years, rail companies in the US, UK, Germany, South Korea, and Sweden have all been reportedly targeted by hackers. This dramatic rise in threat levels has called attention to the lack of adequate cyber solutions for rail.
While the industry has invested heavily in technologies for safety, train control, and passenger convenience, prior to Cylus’ inception, there was no comprehensive solution to keep passengers and trains safe from malicious cyber-attacks. Cylus recognized this crucial gap and developed the first-to-market cybersecurity solution that meets the unique needs of the rail industry, CylusOne™.
Cybersecurity is an ever-present topic in the modern world, and it becomes increasingly more crucial as tech advancements and IoT keeps everything connected with everything else. How can all those potential points of entry be covered against attempted intrusions?
There is no “one size fits all” cybersecurity solution. This is why we built a solution from the ground up, tailored to the specific needs of the rail industry. To defend the various potential attack vectors in railway systems, such systems require cybersecurity solutions with constant monitoring, real-time alerts and actionable insights. This allows for full visibility into the system and practical advice for diffusing potential threats in real time.
Can cyberattacks – especially those with inside help – be damaging in an infrastructure or hardware level, or are they mostly contained around virtual assets like networks and databases?
Absolutely. Insider threats are a major risk in the rail industry and, unfortunately, they can cause substantial harm to the infrastructure. There have been published several cases of insiders allegedly causing harm to trains and rail operations. One notable case involved a disgruntled former IT administrator at the Canadian Pacific Rail Company who was jailed for sabotaging the organization’s computer network. If his disruption of the system hadn’t been detected in time, it could potentially have caused severe damage.
Since insider threats can potentially undo all the work done to secure virtual assets and networks, how can companies safeguard against internal sabotage, espionage, or intrusion?
Raising internal awareness is key to fending off insider threats. All staff within a given organization should be required to take part in cybersecurity training, not just the IT team. Ensuring that everyone is aware of potential threats and knows what to look out for is crucial to defend against insiders with malicious intent. In rail, for example, a former employee of a U.S. locomotive manufacturer was recently charged with stealing trade secrets and sharing them with his new employer in China. Indeed, this is a pressing issue in every industry.
What is the biggest cyber threat currently facing the rail industry? Is there any specific future one you believe will rear its head in upcoming years?
New technologies such as control systems, remote monitoring, remote maintenance, passenger Wi-Fi and other digital technologies and services are making rail systems increasingly vulnerable to potential cyber threats, exposing safety-critical assets to malicious hacks. These attacks have the potential to threaten passenger safety, disrupt service, and cause severe economic and reputational damage. As a result of this increased connectivity and the fact that the rail industry is a high-quality target, it’s not surprising that there have been several reported cyber-attacks on trains and subways around the world.
In the future, the rail industry will be even more connected. In order to compete with other modes of transportation, rail will have to adopt further technologies that improve passenger experience. With this increased connectivity, however, comes increased vulnerability. Rail companies will have no choice but to enhance their network security, and we at Cylus look forward to being an integral part of this vital process.
What about airlines and ships? Are database breaches the biggest threat they face? Is there any potential threat in the future that may affect them in the operational level or lead to loss of life or assets?
For any system, increased connectivity means growing exposure to cyber threats. Trains, planes and ships all utilize equipment with long lifespans – sometimes more than 30 years. Although all these legacy systems were built with physical safety in mind, cybersecurity was never factored into the equation, leaving them vulnerable to attacks. Each of these modes of transportation require their own unique cybersecurity solutions with real-time monitoring and a clear protocol for managing risks and eliminating attacks.
To learn more about cybersecurity and meet the biggest industry experts and decision makers in the transport security field, click here and join us next June 8-9th at Transport Security Congress Miami 2020!