The global rail sector is undergoing a major digital transformation with changes that are, both, accelerating the popularity of the industry, securing it as a major player in a world of rapid commerce, growing innovation, and increasing sustainability goals, and making it a major target for cyberattacks. Cyber awareness in this category is very recent but is forcibly growing at a rapid pace. Transportation systems, especially railways, are considered critical infrastructure, and a threat to a rail system is a threat to national security. In 2023, we saw various instances of how quickly a cybe ..read more

We are at the beginning of the busiest shopping period of the year. According to the National Retail Federation (NRF), 130.7 million people are planning to shop on Black Friday this year. As consumers eagerly approach this week ready to purchase items and holiday gifts they have been waiting nearly a year for, freight operators and railroad logistic managers have been preparing for months. At the core of the intense planning lies the coordination and safe transfer of billion-dollars worth of shipments.  Rail freight organizations have jumped on the digitalization ‘train’ to improve effici ..read more

The past couple of years has seen significant development in the area of rail cybersecurity.  In an age where technology intertwines with every aspect of our lives, the railway industry has become more vulnerable to cyber threats than ever before. Railways, vital to a nation’s economy and to the functioning of societies globally, face unprecedented challenges in ensuring the safety and security of their systems.  We are excited to introduce Cervello Compliance, the world’s first rail cybersecurity compliance dashboard. Cervello Compliance examines your rail environment, policies, pro ..read more

Cybersecurity compliance comes from the need to adhere to a set of cybersecurity standards, regulations, and best practices to protect critical infrastructure, networks, data, and operations from cyber threats and attacks. As the rail industry becomes increasingly digitalized and interconnected through the use of modern technologies and communication systems, it becomes more vulnerable to cybersecurity attacks.  Passing railway cybersecurity regulations is still “work in progress”. Considering how complex it can be to maintain the highest level of safety requirements while operating a rai ..read more

The attack against Alaska’s Railroad Corporation in December, American company Wabtec’s data breach last summer, and, of course, the third-party cyber attack that forced the complete suspension of Denmark’s DSB train service last October are prime examples of the complex vulnerability of rail systems. As railways become more digitally connected, cyber incidents like these are likely to become common. As the former CISO of a national railway, I ask myself how would I act if I were put in the position many CISOs are faced with today. Well, recently, I presented at the UITP Global Public Transp ..read more

In our increasingly digitized world, cybersecurity has become a crucial concern for all those involved in railway systems, from railway operators to passengers, from infrastructure manufacturers to businesses sending cargo freights, and of course, to governments. With its heavy reliance on computerized systems for everything from train dispatching to passenger information, it is obvious why many of these interest groups support taking steps to ensure that railway systems are secure and protected against cyber threats. The Establishment of European Railway Cybersecurity Regulations Precisely f ..read more

On October 24, 2022, the updated TSA (Transportation Security Administration) Rail Security Directive 1580/82-2022-01 for passenger and freight railroad carriers came into effect. Due to a surge of cyber threats against critical infrastructures over the past couple of years, the US has become more involved in protecting its railroads from an attack. “The nation’s railroads have a long track record of forward-looking efforts to secure their network against cyber threats and have worked hard over the past year to build additional resilience, and this directive, which is focused on performance-b ..read more

Geopolitical conflict and soaring inflation have driven up gas prices all over the world. As a result, travelers are increasingly relying on trains as a more cost-effective alternative to road or air travel. In this blog post, we will be discussing the new necessity of the transportation industry – train cybersecurity. For the first time since the onset of Covid-19, ridership on commuter trains has neared or even exceeded pre-pandemic numbers. In June, New York’s Metro-North carried 126% of its pre-pandemic baseline. At the same time, California’s Sonoma-Marin Area Rail Transit experienced it ..read more

Left: Israel Baron | Right: Antonio Lopez It wasn’t long ago that cybersecurity was merely an afterthought for railway organizations. Today, leaders in the European railway industry have launched a variety of innovative initiatives to improve their security posture. However, as the threat of cyber attacks continues to rise, there is still much to be done to fortify railway safety. Our first guest on our “Conversations With Industry Experts” series is Antonio Lopez, a railway veteran with 40 years of experience in the European railway system including in Spain, and former CSIRT Workstream lead ..read more

On March 21, 2022, US President Joe Biden issued a serious warning to businesses urging them to “harden their cyber defenses immediately” amid rising cyber threats on critical infrastructure. The President’s first push to enhance the nation’s cybersecurity defenses, however, was in May 2021 – an executive order requiring organizations to review and comply with new cybersecurity policies and standards. Indeed, amid escalating global tensions and industry-wide modernization, we must prepare for a new level of threat. Today, mission-critical railway infrastructure is more complex, digital, and ..read more