Cyber attacks on UK railways pose 'real disaster' risk

'State-sponsored hackers' infiltrate rail network on four separate occasions in the last year


The UK rail network has suffered at least four major cyber attacks over the last year, according to an investigation by Sky News.

Sergey Gordeychik, a security researcher at Kaspersky Lab in Moscow, uncovered several weaknesses in the rail infrastructure that he says could cause injury or even death to the public in the future.

"Hackers can get access not only to simple things like online information boards or in-train entertainment, but also to computer systems which manage trains by itself, which manage signals, manage points, and in this case, if they have enough knowledge, then they can create real disaster related to train safety," he told Sky News.

Subscribe to The Week

Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.


Sign up for The Week's Free Newsletters

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

Sign up

The four attacks, which were discovered by Darktrace, a private security company that guards much of the UK rail network, are thought to be the work of hackers sponsored by nation states.

Although hackers have infiltrated networks including the rail infrastructure itself, these breaches have been exploratory rather than disruptive, says Sky News.

"We see at the moment that state-sponsored attackers are already inside critical infrastructure," Gordeychik said. "So they have access, they monitor, they collect intelligence but they don't try to create a disaster."

However, the hacks could potentially be used as a "cyber weapon against civil infrastructure", he added: "This is scary."

Network Rail, which runs the UK's railway infrastructure, is in the process of rolling out the European Rail Traffic Management (ERTMS) system, which will digitise the current signalling infrastructure across the country.

But this poses a significant danger, says Professor David Stupples, an electronic warfare expert.

"With ERTMS, when it comes in, terrorist organisations will start viewing this as a possible target," he said.

Network Rail said: "Britain has the safest major railway in Europe and cyber security is a key part of our plan for introducing digital train control technology.

"Safety is our top priority, which is why we work closely with government, the security services, our partners and suppliers in the rail industry and security specialists to combat cyber threats."

Continue reading for free

We hope you're enjoying The Week's refreshingly open-minded journalism.

Subscribed to The Week? Register your account with the same email as your subscription.