As smart ticketing systems and technological solutions become more prevalent in the rail industry, the issue of rail cybersecurity is a growing concern.
Earlier this month Transport for London (TfL) was forced temporarily to close down the online facility for its Oyster card system due to a data breach which saw around 1,200 customer accounts compromised. In July, New York City Metropolitan Transport Authority’s (MTA) subway system shut down six major rail lines across the city suddenly and without warning, after a widespread server failure attributed to a ‘software bug’; in the months leading up to the shutdown, at least 13 separate issues with the subway’s computer systems were flagged by staff.
Commenting on the Oyster data breach, which is believed to have occurred after users’ login details from another website were stolen and used to access Oyster accounts, a TfL spokesperson said: “We believe that a small number of customers have had their Oyster online account accessed after their login credentials were compromised when using non-TfL websites. No customer payment details have been accessed, but as a precautionary measure and to protect our customers’ data, we have temporarily suspended online contactless and Oyster accounts while we put additional security measures in place. We will contact those customers who we have identified as being affected and we encourage all customers not to use the same password for multiple sites.”
While smart ticketing systems – which commonly retain users’ data as a function of setting up accounts to purchase and use e-tickets – are at risk through the same vulnerabilities which affect any online transaction facility, the security of train systems themselves is also a pressing issue. Without significant rail cybersecurity deployment, trains equipped with Internet of Things (IoT) and Artificial Intelligence (AI) capability are also vulnerable to outside interference; and while leaving users’ data at risk of hacking poses concerns over the threat of fraud and theft, potential hacks of the operating systems of actual trains could lead to genuine risks to passengers’ safety.
