The global rail sector is undergoing a major digital transformation, with changes accelerating the industry's popularity, securing it as a major player in a world of rapid commerce, growing innovation, and increasing sustainability goals while making it a major target for cyberattacks. The rail industry, specifically rail operations, increasingly relies on digital systems and interconnected networks. As we navigate through 2024, the rail industry stands at a major tipping point in its cybersecurity journey, facing an increasingly hostile threat landscape and complex digital interconnectedness.

As these trends converge, they underscore collective progress towards fortifying the rail sector's digital boundaries, safeguarding critical infrastructure, and ensuring the safety and reliability of rail operations in an increasingly interconnected world.

Here's a ranking of the top five rail cybersecurity trends we forecast for 2024: 

1. Resilience to Ransomware Attacks

It shouldn’t surprise anyone that ransomware is on this list. According to data from the NCC Group, the industrial sector has remained the top ransomware target every month for the past year. Ransomware attacks were up 81% in October 2023, compared to the same month the previous year, and attacks on the industrial sector routinely represent a third of all ransomware incidents. This ensures that ransomware resilience remains a top priority for rail operators.

Further, according to a report released by cyber-physical defense company Claroty on Dec. 6, in the past 12 months, more than half of industrial firms (54%) suffered a ransomware attack that impacted their operational technology, whether directly or because a linked IT system had been attacked. And “because so many OT systems are Windows-based, the ransomware often spills over from the IT environment into the OT environment because of poor or no segmentation," said Grant Geyer, chief product officer at Claroty.

Ransomware attacks have increased, and the rail industry is not immune. Operators will continue to invest in strategies and technologies to not only prevent such attacks but also ensure quick recovery in case of a breach, minimizing downtime and operational disruption.

2. Cybersecurity Uplifts to Legacy Operational Rail Tech Environments

Rail operators and owners are increasing efforts to identify and protect their cyber-physical legacy systems. In the U.S., the TSA Security Directives mandate identifying cyber-critical systems as a first prescriptive step for rail operators. And worldwide rail operators are ramping up risk and cybersecurity assessments in their operational rail technology environments. According to a Railway Gazette Group webinar in May 2023, it’s not uncommon for these assessments to highlight weaknesses and vulnerable practices like the following:

• Safety critical communications using zero to little encryption, and where it does exist, it’s outdated.
• Exposed critical software vulnerabilities (CVEs).
• Lack of best practice segmentation and overly permissive firewall policies.
• The use of insecure protocols over secure protocols (Telnet vs. SSH, SNMPvs vs. SNMPv3, etc.)
• Lack of cybersecurity threat monitoring to detect ongoing network exploitations.

As a result of these assessments and the increased awareness and visibility, rail operators will continue to adopt new cybersecurity technologies to directly address assessment findings.

Rail operators will focus on real-time cybersecurity monitoring to catalog critical rail assets and systems, ongoing vulnerability and risk management practices to ensure key systems are patched or protected appropriately, network segmentation to minimize the impact of any single incident, and continuous threat monitoring to watch for indications of compromise or attack. Integrating these best practices is picking up steam in these legacy and critical operational rail tech environments.

3. Incident Response and Crisis Management

CISOs at rail operators understand the importance of preventing and quickly responding to cybersecurity incidents to minimize potential impacts, making this a top priority. Developing robust incident response plans and crisis management teams capable of responding to and recovering from cyber incidents quickly will be a key focus to ensure continuity of operations and safety.

Further, regulatory requirements now require rail operators (1) to designate and use a primary and at least one alternate cybersecurity coordinator at the corporate level, (2) to report cybersecurity incidents to the proper government agencies, and (3) to implement and regularly test cybersecurity incident response plans.

Finally, recognizing that cybersecurity is a collective challenge, there will be increased collaboration and information-sharing initiatives among rail operators, government agencies, and cybersecurity firms to stay ahead of threats.

4. Increasing Focus on Supply Chain Cybersecurity

According to a recent LinkedIn article by Basit Malik, Project Cybersecurity Manager at Alstom, “Rail companies often rely on an extensive network of suppliers, and any compromise within the supply chain can introduce vulnerabilities, making it crucial for companies to assess and monitor the security practices of their partners.”

The interconnected ecosystem within the rail industry is one of its biggest strengths and, likewise, one of its biggest weaknesses. It makes the entire network only as strong as its weakest link. Ensuring the security of the supply chain is, therefore, critical.

Rail systems are supported by a complex network of suppliers and third-party vendors, many of whom have unfettered access to operational rail tech systems. Operators will focus on implementing stringent cybersecurity standards, including increased identity and access control, user activity monitoring, and regular audits for their suppliers.

5. Continued Growth in Rail-Specific Cybersecurity Tooling

The continued growth of rail-specific cybersecurity tooling is a response to the complex and unique challenges and requirements of securing operational rail technology environments. In fact, operational rail tech systems are some of the most complex environments in the world, and according to one CISO at a major U.S. transit authority, “it’s not uncommon to find more than 40+ technologies or systems required to run rail operations.”

Typical environments often include a mix of legacy systems and modern technologies. In these environments, cybersecurity tools that understand the normal operational patterns of rail systems and can detect deviations in real-time, which could indicate a cyber threat, are a real necessity. Rail cybersecurity tooling will also leverage artificial intelligence and machine learning to develop rail-specific models that can predict, detect, and respond to threats unique to rail tech environments.

Rail operators will continue to favor verticalized rail cybersecurity tooling specifically designed based on a deep understanding of rail operational and safety practices. They will focus on solutions that address current threats and are adaptable to future technologies and threats, ensuring rail operations' safety, reliability, and resilience.

The Future is Resilient

In the dynamic world of rail cybersecurity, adapting to an evolving threat landscape is a necessity and a critical, and often a national mandate. The industry's push towards operational cyber resilience reflects a deep understanding of the potential havoc that targeted attacks like ransomware can wreak on interconnected, often aging, operational systems. There is a move towards defending the present and securing the legacy operational infrastructure that forms much of the rail industry's backbone.

At the heart of this cybersecurity paradigm is the ability to detect and respond with agility and precision, ensuring that any disruption becomes a minor setback instead of a full-blown crisis. The approach extends beyond individual rail operators, recognizing the interconnectedness of the supply chain and the joint responsibility to protect it from cyber threats.

Leading these efforts is deploying innovative, rail-specific cybersecurity solutions—tools that are not just reactive but predictive, embodying the foresight and customization needed to navigate the unique challenges of the rail sector. Together, these strategies form a multi-layered defense, safeguarding the industry's future.

People illustrations by Storyset